Security Directory

Ö

ÖAMTC - Österreichischer Automobil-, Motorrad- und Touring Club

oeamtc.at

0

ÖAMTC is a large, well-established Austrian automobile and touring club serving over 2 million members. The organization provides a wide range of services including roadside assistance, insurance, travel planning, and member benefits. The website reflects a strong brand presence with comprehensive content and multimedia offerings targeting motorists and travelers in Austria. Technically, the site uses modern technologies such as nginx, RequireJS, JW Player, and integrates with multiple third-party services for analytics and advertising. However, a critical security issue is the lack of a valid SSL certificate and absence of HTTPS support, which significantly impacts the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with a consent management platform in place. Overall, the site is professional and trustworthy but requires urgent remediation of its SSL configuration to ensure secure user interactions.

BMW.at is the official website for BMW Austria, providing comprehensive information on premium vehicles, including electric and hybrid models, leasing and financing options, and after-sales services. The site targets automotive customers in Austria, emphasizing BMW's premium brand positioning and extensive product offerings. The website is built on a robust technical infrastructure leveraging Adobe Experience Manager and Akamai CDN, ensuring a modern and responsive user experience. Despite the advanced infrastructure, the site currently suffers from an invalid SSL certificate, which undermines its security posture. Security headers are partially implemented, but improvements are needed to fully secure user interactions and data. Privacy and cookie policies are well-presented and GDPR compliant, reflecting BMW's commitment to data protection. Overall, the site demonstrates high professionalism and trustworthiness, with strong brand consistency and extensive content relevant to its audience.

I

IL – Ingenieurbüro Laabmayr & Partner ZT GesmbH.

laabmayr.at

0

Ingenieurbüro Laabmayr & Partner ZT GesmbH. is a specialized engineering consultancy based in Salzburg, Austria, with a focus on tunnel construction and civil engineering projects. Founded in 1975, the company has established a solid reputation for reliable and punctual project delivery, serving both alpine and urban tunnel projects internationally. Their key services include tunnel construction, comprehensive project services under 'Tunnel Plus', engineering construction, and rock/ground construction. The website reflects a professional business presence with clear service offerings and contact information.

G

Getzner Werkstoffe GmbH

getzner.com

0

Getzner Werkstoffe GmbH is a well-established company specializing in vibration isolation solutions for the railway, construction, and industrial sectors. With over 50 years of expertise, the company manufactures innovative polyurethane elastomers and elastic modules that reduce noise and vibrations, enhancing product longevity and application suitability. The website reflects a strong market position with comprehensive product and service information targeting construction professionals, urban developers, and industrial clients. Technically, the website employs modern tools such as Google Tag Manager and Matomo Analytics, indicating a mature digital infrastructure. However, the absence of a valid SSL/TLS certificate and minimal security headers represent significant security vulnerabilities. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Security posture is currently weak due to lack of HTTPS and related best practices, exposing users to potential risks. WHOIS data confirms the domain's legitimacy and long-term registration, supporting business credibility. Overall, the website is professional and content-rich but requires urgent security improvements to protect users and enhance trust.

S

STRABAG SE

strabag.com

0

STRABAG SE is a leading European construction and technology company specializing in infrastructure, building construction, and specialized construction sectors. The company emphasizes innovation, sustainability, and quality, positioning itself as a market leader with a comprehensive portfolio of services including road construction, civil engineering, and tunneling. The website content reflects a mature enterprise with a strong focus on ESG principles and investor relations, targeting investors, clients, and partners in the construction and infrastructure sectors. Technically, the website employs standard web technologies such as jQuery and custom JavaScript, hosted on Microsoft Azure with DNS managed via AWS. While the site is content-rich and well-structured with good SEO and mobile optimization, it suffers from critical security shortcomings, notably the absence of a valid SSL/TLS certificate and HTTPS support, which severely impacts its security posture. Security analysis reveals a lack of essential security headers, no DNSSEC or CAA records, and no advanced SSL features like OCSP stapling or session resumption. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism, but incident response and vulnerability disclosure policies are not evident. Overall, STRABAG SE's website demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling security headers, and adopting DNS security measures to align with best practices.

A

Alturos

alturos.com

0

Alturos is a digital platform provider specializing in integrated solutions for the tourism and transportation sectors, including mountain railways, shipping companies, and airlines. Their flagship product, Destination OS, offers a comprehensive 360° solution for digital marketing, sales, communication, and guest entertainment. The company has a strong market presence with over 150 customers and numerous integrations with sales and marketing systems. Technically, the website is built on WordPress with modern frameworks like UIkit and uses performance optimizations such as WP Rocket. However, the absence of a valid SSL certificate and lack of HTTPS significantly weaken the security posture. While privacy and cookie policies are present and GDPR compliant, no explicit security or incident response policies are found. Overall, the site is professional and trustworthy but requires urgent security improvements.

N

Newrest

newrest.eu

0

Newrest is a global leader in multi-sector catering and out-of-home food service solutions, operating in 53 countries with a workforce exceeding 60,000 employees. The company offers a broad range of services including inflight catering, rail catering, remote site management, concessions, and retail services, targeting corporate clients in transportation, energy, and retail sectors. The website is professionally designed, multilingual, and provides comprehensive business and CSR information, reflecting a mature global enterprise. Technically, the site is built on WordPress with modern plugins for SEO, multilingual support, and privacy compliance, but suffers from a critical lack of HTTPS and valid SSL certificates, severely impacting security posture. Privacy compliance is well addressed with clear policies and a consent manager. The security headers are partially implemented, but the absence of TLS protocols and HSTS reduces the site's security effectiveness. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and maintain business credibility.

R

redmail Logistik & Zustellservice GmbH

redmail.at

0

redmail Logistik & Zustellservice GmbH is an established Austrian media distribution and logistics service provider specializing in the delivery of print advertising such as flyers and brochures. The company operates multiple offices across Austria and offers an online booking platform for print and delivery services. Their market position is supported by recognized certifications and a professional web presence. Technically, the website is built on WordPress with common plugins and modern design elements, but suffers from a critical lack of HTTPS and proper SSL/TLS configuration, exposing users to security risks. Privacy policies and cookie consent mechanisms are in place, reflecting GDPR compliance. Overall, while the business is credible and well-presented, the security posture requires urgent improvement to protect customer data and maintain trust.

F

Frequentis

frequentis.com

0

Frequentis is a well-established company specializing in safety-critical communication and information solutions with over 75 years of market presence. The company serves key sectors including civil aviation, defence, public safety, maritime, and public transportation, positioning itself as a leader with a strong focus on innovation and user-centric design. The website reflects a mature digital presence with comprehensive content, professional design, and clear navigation tailored to government agencies and large organizations. Technically, the site is built on Drupal 10 with modern libraries and integrates multiple marketing and analytics tools. However, the absence of a valid SSL/TLS certificate and HTTPS support is a significant security gap, impacting the overall security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Overall, the site demonstrates high business credibility but requires urgent security improvements to align with best practices.

F

FACC AG

facc.com

0

FACC AG is a mature and leading aerospace company specializing in the design, production, and maintenance of advanced lightweight components and systems for the global aviation industry. The company maintains strong partnerships with major aerospace manufacturers such as Airbus, Boeing, and Embraer, and offers a broad portfolio including aerostructures, engines, nacelles, cabin interiors, and MRO services. The website reflects a professional and well-branded digital presence targeting industry partners, investors, suppliers, and job seekers. Technically, the site is built on WordPress with modern JavaScript frameworks like Vue.js and uses Amazon CloudFront CDN for hosting. However, performance metrics are missing, and the site appears to load slowly. Security posture is a significant concern due to the absence of a valid SSL certificate and lack of TLS protocol support, which critically undermines secure communications. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site is credible and professional but requires urgent security improvements to protect user data and maintain trust.

cargo-partner is a midsized logistics and transportation company specializing in integrated supply chain solutions including air, sea, rail, and road freight, as well as warehousing and SCM services. The company targets businesses requiring comprehensive logistics support and operates with a pan-European and global presence. The website reflects a professional business with consistent branding and a clear service offering. Technically, the site is built on TYPO3 CMS with PHP backend and uses modern web technologies including Friendly Captcha and Cookiebot for privacy compliance. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness, exposing users to potential risks. Security headers are partially implemented but lack a proper Content-Security-Policy. Privacy compliance is supported by a clear privacy policy and cookie consent mechanism. Overall, the website is functional but requires urgent security improvements to protect user data and enhance trust.

Austro Control GmbH is the Austrian national air navigation service provider responsible for ensuring aviation safety, air traffic control, and aeronautical information management. The company serves a broad audience including pilots, airlines, airports, and government agencies, positioning itself as a key player in the transportation and government sectors. Their services include air traffic control, pilot licensing, flight weather services, and drone regulation. The website reflects a professional and comprehensive digital presence with strong branding and trust signals such as industry awards and certifications. Technically, the site uses modern web technologies like Bootstrap and jQuery but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of TLS protocol support, which undermines secure communications. Privacy compliance is well addressed with clear cookie consent and a comprehensive privacy policy. Overall, the site is trustworthy and authoritative but requires urgent improvements in SSL/TLS security to protect users and maintain credibility.

M

Mubea Carbo Tech GmbH

carbon.at

0

Mubea Carbo Tech GmbH is a medium-sized Austrian company specializing in the design, development, and manufacturing of fiber composite components primarily for the automotive, motorsport, aeronautics, and industrial sectors. As part of the global Mubea Group, it holds a leading market position as a pioneer in lightweight construction technology since its founding in 1993. The company offers full-service solutions from design to series production, targeting automotive manufacturers and other high-tech industries. The website reflects a professional and comprehensive digital presence with multilingual support and detailed business information. Technically, the site is built on WordPress with Elementor and includes modern web technologies, though performance is hampered by the lack of a valid SSL certificate and HTTPS support, which is a critical security concern. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. However, explicit security policies and incident response information are absent. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

A

Aeroficial Intelligence GmbH

aeroficial.com

0

Aeroficial Intelligence GmbH is a specialized provider of smart air traffic and airport operational insights, leveraging AI-driven analytics to enhance efficiency, safety, and performance for airports, airlines, and air navigation service providers. The company positions itself as a trusted partner for Tier 1 airports and leading airlines worldwide, offering a suite of solutions under the Cockpit Suite brand. The website reflects a professional and consistent brand image with clear messaging targeted at aviation industry stakeholders. Technically, the website is built on WordPress using the Divi theme and several plugins including Google Analytics and GDPR compliance tools. While the site is mobile-optimized and well-structured, performance metrics are not fully available, and some SEO and accessibility features are basic. The hosting provider is linked to the DNS servers world4you.at. Security posture is a significant concern as the website lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. No advanced security headers or incident response policies are evident. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms in place. Overall, the website is credible and professional but requires urgent security improvements, especially enabling HTTPS and enhancing security headers, to protect user data and improve trustworthiness. Strategic recommendations include implementing SSL, enhancing security policies, and expanding transparency on incident response and certifications.

F

FLIGHTKEYS GmbH

flightkeys.com

0

FLIGHTKEYS GmbH is an Austrian-based company specializing in advanced flight planning and trajectory optimization solutions for the aviation industry. Founded in 2015, the company offers a sophisticated 5D flight management system designed to optimize airline operations cost-effectively while integrating environmental sustainability and real-time flight dynamics. Their market position is that of a niche technology innovator serving airlines and aviation stakeholders globally. The website presents detailed product information and company background, targeting aviation professionals and potential customers. Technically, the website uses a traditional web stack including nginx, jQuery, and slick carousel, with a responsive design suitable for mobile devices. However, the site lacks HTTPS support and a valid SSL certificate, which is a critical security deficiency. Security headers are partially implemented but insufficient without encryption. No analytics or tracking services are detected, indicating minimal user tracking. From a security perspective, the absence of HTTPS and privacy policies significantly lowers the site's security posture and privacy compliance. The site does not provide terms of service, security policies, or incident response contacts, which are important for trust and compliance. The WHOIS data is consistent and indicates a mature, legitimate domain registration aligned with the company's Austrian base. Overall, while the business and content quality are good, the lack of HTTPS and privacy compliance are critical issues that must be addressed to improve trustworthiness and security. Strategic improvements in security infrastructure and privacy transparency are recommended to align with industry best practices.

C

Canada Post

canadapost.ca

0

Canada Post is the national postal service provider in Canada, offering a wide range of mailing, shipping, money transfer, marketing, and e-commerce support services to individuals and businesses. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site uses modern frameworks such as Foundation and jQuery, along with advanced marketing and analytics tools including Adobe DTM, Google Analytics, and Qualtrics. However, a critical security issue is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Overall, the site is professional and trustworthy but requires urgent remediation of SSL and TLS configurations to ensure secure user interactions.

C

Continental AG

continental-corporation.com

0

Continental AG is a well-established multinational technology and manufacturing company specializing in sustainable and connected mobility solutions. Founded in 1871 and headquartered in Germany, the company offers a broad portfolio including automotive technologies, tires, and ContiTech products. The website reflects a mature digital presence with comprehensive corporate, investor, and sustainability information targeting investors, job seekers, and business partners. Technically, the site is built on TYPO3 CMS and hosted likely on AWS infrastructure, with modern JavaScript and CSS usage. However, a critical security weakness is the lack of a valid SSL certificate and disabled TLS protocols, which severely impacts the security posture. Security headers are mostly present but some, like X-XSS-Protection, are disabled. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but urgently needs to address HTTPS and SSL issues to ensure secure user interactions.

S

SIA IMPROVEMENT

improvement.lv

0

SIA IMPROVEMENT is a Latvian small business specializing in landscaping, paving, road construction, and bulk material delivery services. Founded in 2018, the company positions itself as a reliable local specialist offering quality full-cycle paving stone installation, greening, and construction services. The website is professionally designed using WordPress and Elementor, providing clear navigation and multilingual support. Contact information is prominently displayed, including multiple phone numbers, emails, and physical addresses in Riga, Latvia. Social media presence on Facebook and Instagram supports brand visibility. Technically, the website uses a modern WordPress stack with WooCommerce and Elementor plugins, but performance is hindered by a large page size and slow load times. Security posture is basic with a valid SSL certificate but lacks advanced security headers and HSTS enforcement. No explicit privacy, cookie, or terms of service policies are found, indicating gaps in compliance. Tracking is moderate via Google Tag Manager and reCAPTCHA. Overall, the site is functional and credible for its business scope but requires improvements in security best practices, privacy compliance, and performance optimization to enhance trust and user experience.

C

CMA CGM

cma-cgm.com

0

CMA CGM is a global leader in sea, land, air, and logistics solutions, offering a comprehensive range of services including maritime shipping, intermodal transport, air freight, and logistics. The company targets businesses requiring integrated supply chain and transportation services worldwide. The website reflects a mature digital presence with extensive content, customer portals, and service offerings, supported by a modern technology stack including Cloudflare CDN, Google Tag Manager, and bot protection services. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which poses significant risks to data confidentiality and user trust. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent remediation of SSL and encryption issues to enhance security and trust.

C

CMA CGM Group

cmacgm-group.com

0

CMA CGM Group operates as a global leader in transportation and logistics, providing integrated sea, land, air, and logistics solutions. The company targets a global customer base requiring comprehensive supply chain services. The website reflects a mature enterprise with consistent branding and a professional online presence. Technically, the site uses modern frameworks such as React and Next.js, hosted on AWS CloudFront with caching via Varnish, and a Drupal CMS backend. However, the absence of a valid SSL/TLS certificate critically undermines the security posture, exposing users to risks and reducing trust. Security headers are partially implemented but lack completeness, and no advanced security policies or data protection officer contacts are visible. The site includes cookie consent mechanisms and a responsible disclosure program, indicating some compliance awareness. Overall, the site is functional and professional but requires urgent security improvements to meet modern standards.

R

Ryanair

laudamotion.com

0

Laudamotion.com is the official website for Laudamotion, a subsidiary of Ryanair Holdings, operating as a low-cost airline primarily serving European markets. The website serves as a booking platform integrated closely with Ryanair's infrastructure. However, the current HTML content is minimal, showing only a loading spinner, indicating that the full site content is either blocked or not loaded, limiting content and user experience. The technical infrastructure is modern, leveraging AWS hosting, CloudFront CDN, and multiple third-party analytics and marketing tools. Security posture is strong with a valid EV SSL certificate and comprehensive security headers, although HSTS is not fully enabled. Privacy and cookie policies are not visible in the provided content, which is a compliance gap. No contact information or forms are present in the analyzed content, reducing transparency and user trust. Overall, the site demonstrates strong technical and security foundations but lacks accessible content and visible compliance documentation, which impacts user experience and privacy assurance.

R

Rolls-Royce plc

rolls-royce.com

0

Rolls-Royce plc operates a globally recognized website delivering comprehensive information about its complex power and propulsion solutions across aerospace, defense, and energy sectors. The website reflects a mature digital presence with extensive content, clear navigation, and strong branding consistency. Technically, the site leverages a modern tech stack including Sitecore CMS, Cloudflare CDN, and multiple analytics and marketing tools, although performance is moderate and accessibility is basic. Security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, despite the presence of strong security headers and a robust content security policy. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is high, supported by detailed corporate governance, investor relations, and trust indicators. Overall, the site is professional and trustworthy but requires urgent SSL/TLS remediation to improve security and user trust.

Swiss Post Ltd is a mature, enterprise-level national postal and logistics service provider in Switzerland, offering a broad range of physical and digital services including mail, parcels, financial services, and business solutions. The website reflects a professional and consistent brand presence with clear navigation and comprehensive service information targeting both private and business customers. Technically, the site uses modern JavaScript libraries, Sitecore CMS, and integrates advanced search and monitoring tools, but suffers from a critical SSL certificate issue that undermines its security posture. Security headers are well implemented, but the lack of a valid SSL certificate and absence of cookie consent mechanisms are notable gaps. The domain registration data is consistent and trustworthy, supporting the legitimacy of the business. Overall, the website is functional and credible but requires urgent security improvements to ensure user trust and compliance.

CEVA Logistics is a mature, enterprise-level global supply chain management and freight company with a strong market position and a comprehensive portfolio of logistics services. The website is professionally designed, content-rich, and supports multiple languages, targeting business customers worldwide. Technically, the site uses modern frameworks like Nuxt.js and is hosted behind Cloudflare, but it currently lacks a valid SSL/TLS certificate, which significantly impacts its security posture. Security headers are mostly implemented, but critical HTTPS and TLS configurations are missing, exposing the site to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and maintain trust.

D

DFS Deutsche Flugsicherung GmbH

dfs.de

0

DFS Deutsche Flugsicherung GmbH is the official German air navigation service provider responsible for managing and controlling air traffic within German airspace. The company ensures safe, efficient, and environmentally conscious flight operations, serving millions of passengers annually. Their services include air traffic control, drone flight management, environmental initiatives, training, and research and development. The website targets aviation professionals, drone operators, and the general public interested in air traffic and environmental topics. Technically, the website employs modern JavaScript frameworks, SystemJS module loading, and the Ionas CMS platform, hosted on Azure DNS infrastructure. The site is well-structured, mobile-optimized, and provides multilingual support. However, the security posture is weakened by an invalid SSL certificate and lack of proper HTTPS enforcement, which is a critical issue. Privacy compliance is strong, with comprehensive cookie consent mechanisms and GDPR-aligned privacy policies. The site lacks explicit incident response or vulnerability disclosure information. Overall, the website is professional and trustworthy but requires urgent SSL remediation to improve security.

S

Statens vegvesen

vegvesen.no

0

Statens vegvesen is the Norwegian government agency responsible for road infrastructure, traffic information, vehicle registration, and driver licensing services across Norway. The website serves as a comprehensive portal for citizens to access traffic updates, vehicle information, and licensing services, targeting Norwegian residents and road users. The business model is that of a public service provider with a national mandate, positioning itself as the authoritative source for transportation-related information and services in Norway. Technically, the website employs modern web technologies including Microsoft Application Insights for telemetry and Boost.ai for chat services, indicating a moderate level of digital maturity. The site is hosted likely on Microsoft Azure infrastructure and features responsive design and accessibility considerations. However, performance metrics were not available, and no CMS was explicitly detected. From a security perspective, the site suffers from critical SSL/TLS misconfigurations, lacking a valid certificate and proper HTTPS support, which significantly undermines user trust and security. While some security headers like Strict-Transport-Security are present, they are not fully enabled. No major vulnerabilities like Heartbleed or POODLE were detected, but the absence of proper encryption is a critical issue. Privacy compliance is strong with clear privacy and cookie policies, though no explicit security or incident response policies were found. Overall, the website is professionally designed and content-rich, serving its public service role well, but the lack of valid SSL/TLS is a major risk. Strategic improvements in security infrastructure and transparency around security policies are recommended to enhance trust and compliance.

G

Generalitat de Catalunya

atm.cat

0

Autoritat del Transport Metropolità (ATM) is a public consortium under the Generalitat de Catalunya, managing integrated transport tariffs and mobility projects in the Barcelona metropolitan area. The website serves as an official portal providing comprehensive information about transport tariffs, mobility plans, transparency, and customer support. It targets residents and public transport users in Catalonia, offering multilingual content and links to related government services. The business model is public sector focused, emphasizing transparency and service delivery rather than commercial revenue. Technically, the website is built on the Liferay CMS platform with modern web technologies including React and Bootstrap. While the site is content-rich and accessible, performance is hindered by a high load time and large page size. The site is mobile optimized and includes accessibility features. SEO and metadata are well implemented, including Open Graph tags. Security posture is adequate with HTTPS enforced, valid SSL certificates, and email authentication via DMARC and SPF. However, advanced security headers like HSTS and DNSSEC are missing, and domain protection locks are not enabled, which could be improved. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is trustworthy and professionally maintained, reflecting its governmental nature. Recommendations include enhancing security headers, enabling DNSSEC, improving performance, and adding explicit security and incident response policies to further strengthen trust and compliance.

M

Moventia

moventia.net

0

Moventia is a well-established multinational family business specializing in sustainable mobility solutions since 1923. The company offers integrated services in collective and private mobility, emphasizing quality, innovation, and sustainability. Their digital presence is built on a modern WordPress platform with multilingual support and SEO optimization, reflecting a mature and professional online identity. However, the website suffers from a critical security flaw due to an invalid SSL certificate, resulting in the absence of HTTPS protection, which poses risks to user data and trust. While privacy and cookie policies are present and GDPR compliant, no explicit security or incident response policies are found. The domain registration is consistent and mature, supporting the company's legitimacy. Strategic improvements in SSL deployment and security headers are recommended to enhance the security posture and user trust.

M

Marfina, SL

moventisexperience.es

0

MoventisExperience is an online platform operated by Marfina, SL, offering road transport services and excursions primarily in Catalonia, Spain. The company provides shuttle transfers, private transfers, and guided tours, targeting tourists and travelers seeking convenient booking options. The website reflects a medium-sized business with consistent branding and a focus on customer service, including 24/7 telephone support and cancellation policies. Technically, the site uses a modern tech stack including jQuery, Bootstrap, and Google Tag Manager, but suffers from slow load times and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear cookie and privacy policies and a consent mechanism via Cookiebot. However, no explicit security or incident response policies are found on the site. Overall, the site is professional and trustworthy but requires improvements in security and performance to enhance user trust and compliance.

M

Moventia

moventia.es

0

Moventia is a well-established Spanish multinational company specializing in collective and private mobility solutions since 1923. The company positions itself as a leader in the transportation sector with a strong emphasis on innovation, sustainability, and quality service. Their website reflects a mature digital presence with multilingual support, rich multimedia content, and comprehensive corporate information. Technically, the site is built on WordPress with modern plugins and frameworks, though performance is somewhat slow likely due to heavy resource usage. Security posture is a concern due to an invalid SSL certificate and lack of modern TLS protocols, which exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding and trust signals, but security improvements are critical to maintain reputation and compliance.

M

Moventis S.A.

moventis.es

0

Moventis S.A. is a well-established transportation company specializing in collective passenger transport by road, operating primarily in Spain with regional and European services. The company offers a broad range of services including urban and interurban transport, coach rental, and ITS solutions. The website reflects a mature digital presence with comprehensive content, consistent branding, and clear business information targeting travelers and clients seeking transport services. Technically, the site is built on Drupal 7 with a variety of modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking. However, the site suffers from slow load times and lacks some advanced security headers and mechanisms such as HSTS, DNSSEC, and OCSP stapling. Privacy policies are present and GDPR compliance is indicated, though no active cookie consent mechanism is implemented. The WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the website is professional and trustworthy but could benefit from performance and security enhancements.

JauniAuto.lv is a Latvian automotive news website providing up-to-date articles, reviews, and industry news targeted at Latvian-speaking automotive enthusiasts. The site operates primarily as an advertising-supported media platform, featuring a range of automotive content with a consistent brand presentation. Technically, the website is built on WordPress and uses common web technologies such as jQuery and Google Analytics, but suffers from slow performance and lacks modern security configurations. The absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Additionally, the site lacks privacy and cookie policies, which raises compliance concerns under GDPR regulations. Business credibility is moderate due to the lack of explicit contact information and security policies, although the domain registration data aligns well with the website's purpose and location.

A

Attollo Brokers

octa24.lv

0

OCTA24.lv is an online insurance brokerage platform focused on providing vehicle owners in Latvia with an easy-to-use OCTA insurance calculator and policy purchase service. The website offers comprehensive information about mandatory vehicle liability insurance, including FAQs, news, and related insurance products like KASKO. The business operates under Attollo Brokers, a recognized insurance intermediary in Latvia, positioning itself as a convenient digital channel for insurance comparison and purchase. Technically, the site uses an older technology stack with Apache and PHP 5.5.9, integrating jQuery and FancyBox for UI components. Despite functional content and structured data, the absence of a valid SSL certificate and outdated server software significantly weaken the security posture. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is functional and informative but requires urgent security upgrades to protect user data and improve trust.

Bonelli Bus s.a.s. is a well-established transportation company based in Italy, offering a variety of bus services including interregional lines, shuttle services, school transport, excursions, and bus rentals. The company targets tourists, commuters, and groups requiring transportation primarily in the Italian regions of Rimini, San Marino, Urbino, and Torino. The website is built on WordPress using Elementor and integrates common marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Despite a professional design and comprehensive content, the website lacks a valid SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are present and appear GDPR compliant, with a functional consent mechanism. The domain is mature and consistent with the business profile, enhancing trustworthiness. However, the absence of HTTPS and security headers, along with the presence of a suspicious external script domain, pose security risks that should be addressed promptly.

ViaggiaTreno is a web service associated with Trenitalia, Italy's main train operator, providing train travel information primarily for Italian train travelers. The website content is minimal, consisting of a redirect to another page, with no visible user-facing content or interactive elements. The domain is mature and consistent with the business's history, but the digital presence is underdeveloped. Technically, the site lacks a valid SSL certificate and does not support any TLS protocols, resulting in no HTTPS security. While some security headers are present, the overall security posture is weak due to the absence of proper SSL/TLS configuration and modern security practices. Performance data is missing, indicating no real content delivery or slow response. From a security and compliance perspective, the site does not provide privacy or cookie policies, nor any contact or incident response information. This lack of transparency and minimal content reduces trustworthiness and compliance with GDPR and other regulations. The domain registration is consistent and legitimate, but the imminent expiry date poses a risk if not renewed. Overall, the website requires significant improvements in content delivery, security configuration, and compliance documentation to enhance user trust and meet modern web standards.

L

LeFrecce

lefrecce.it

0

The domain lefrecce.it serves as a minimal redirect page to the main Trenitalia website, indicating it is likely a secondary or legacy domain related to Italian train transportation services. The site itself contains no meaningful content, metadata, or user interaction elements, and lacks any privacy, cookie, or terms of service policies. Technically, the site is hosted via Akamai CDN but does not have a valid SSL certificate, resulting in no HTTPS support and a poor security posture. Security headers are partially present but ineffective without HTTPS. There are no analytics or tracking mechanisms detected, and no contact or business information is provided on the site. Overall, the site functions solely as a redirect and does not provide direct business or user engagement features.

D

Detas SpA

attraversamentipedonali.it

0

Detas SpA operates Attraversamenti Pedonali Luminosi, specializing in LED-based pedestrian crossing safety systems tailored for various road types and power sources. The company targets public entities and road safety professionals, offering configurable products and technical support. The website reflects a medium-sized Italian business with a professional online presence and ISO certifications, reinforcing its market credibility. Technically, the site leverages modern web technologies including Webflow CMS, Google Fonts, Weglot for multilingual support, and Plausible Analytics for privacy-conscious tracking. However, the absence of a valid SSL certificate and incomplete HTTPS implementation significantly undermines the security posture. While privacy and cookie policies are well addressed via Iubenda, the lack of explicit incident response or security policies is noted. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

D

Detas SpA - D-Power Division

d-power.com

0

D-Power, a division of Detas SpA, specializes in advanced LED lighting solutions for road safety, including fixed installations and roadwork signaling. The company holds ISO9001 and ISO14001 certifications and is recognized by the Italian Ministry of Transport for compliance with high standards. Their market position is that of a specialized manufacturer serving transportation and construction sectors primarily in Italy. Technically, the website is built on Webflow and uses modern web technologies such as Google Fonts, Weglot for multilingual support, and Plausible Analytics for privacy-focused tracking. However, the absence of a valid SSL certificate and HTTPS support significantly weakens the security posture. The site lacks cookie consent mechanisms and incident response disclosures, which are important for compliance and trust. Business contact information is clearly presented, supporting credibility. Overall, the website is professional and functional but requires urgent security improvements to protect user data and enhance trust.

I

Impresa Pizzarotti & C. S.p.A.

pizzarotti.it

0

Impresa Pizzarotti & C. S.p.A. is a well-established Italian enterprise specializing in the design, construction, and management of large-scale infrastructure and building projects. With over a century of experience and operations in more than 20 countries, the company holds a strong market position as one of Italy's leading general contractors. Their key services span infrastructure, prefabricated structures, building construction, facility management, real estate, and smart green solutions. The website reflects a professional and comprehensive digital presence, targeting clients and partners in the construction and infrastructure sectors. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Slider Revolution, hosted likely on SiteGround. While the site is content-rich and well-structured with good mobile optimization and accessibility, performance is somewhat slow, likely due to heavy media content. Privacy compliance is robust, with clear privacy and cookie policies and GDPR adherence. Analytics are handled via Matomo, indicating a privacy-conscious approach. Security posture is a concern due to the absence of a valid SSL certificate and HTTPS, lack of security headers, and no modern TLS protocols enabled. This exposes the site to significant risks and reduces trustworthiness from a security perspective. No incident response or security policy pages were found. Overall, the site is trustworthy from a business and content perspective but requires urgent security improvements. Recommendations include immediate installation of a valid SSL certificate, enabling HTTPS, implementing security headers, improving site performance, and enhancing security policies and incident response documentation to strengthen the security posture and user trust.

Qatar Airways is a globally recognized airline with a mature digital presence, offering comprehensive travel services including flight bookings, loyalty programs, and ancillary services. The website is well-designed, mobile-optimized, and provides extensive content and user engagement features. Technically, the site employs modern frameworks and analytics tools but lacks a valid SSL certificate, which is a critical security concern. The security posture is moderate due to missing HTTPS and TLS configurations, though other security headers are present. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site reflects a reputable enterprise with room for critical security improvements.

L

Logixboard, Inc.

logixboard.com

0

Logixboard, Inc. operates a B2B SaaS platform focused on providing a unified customer experience portal for logistics providers, freight forwarders, and customs brokers. The platform integrates multiple logistics services including ocean, air, trucking, customs, and warehousing data to offer comprehensive supply chain visibility. The company positions itself as a differentiated player in the logistics technology market by emphasizing customer experience and seamless integration. Technically, the website is built on WordPress with Elementor and hosted on WP Engine, leveraging modern web technologies and marketing tools such as HubSpot Analytics and Google Tag Manager. However, the site lacks a valid SSL certificate, which critically undermines its security posture. While security headers are properly configured, the absence of HTTPS and modern TLS protocols is a significant vulnerability. Privacy compliance is weak, with no visible privacy or cookie policies and no GDPR compliance indicators. Contact information is limited but includes a phone number and subscription form. Overall, the site is professional and content-rich but requires urgent security and privacy improvements to meet industry standards.

Amazon Leasing is a small business specializing in leasing exotic and luxury vehicles with a focus on closed end leases without prepayment penalties. The company targets individuals and businesses interested in high-end vehicle leasing. The website provides basic business information primarily through JSON-LD structured data, including a contact phone number, but lacks comprehensive contact details such as email addresses or physical addresses. The market position appears niche within the transportation sector, focusing on luxury vehicle leasing services. Technically, the website uses modern JavaScript frameworks likely including Vue.js and PrimeVue components, integrates Google Analytics for tracking, and embeds Vimeo player scripts. Hosting appears to be provided by A2 Hosting based on DNS records. However, the website suffers from slow performance with a high page load time and large page size. Mobile optimization and accessibility are basic, and SEO practices are minimal. From a security perspective, the website has critical deficiencies. It lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. No security headers are present, and advanced security features such as HSTS and OCSP stapling are missing. Privacy and cookie policies are absent, indicating poor privacy compliance. These issues significantly reduce the trustworthiness and security posture of the site. Overall, the website presents a basic online presence with significant room for improvement in security, privacy compliance, and technical performance. Strategic enhancements in SSL implementation, security headers, and privacy policies are essential to improve user trust and regulatory compliance.

F

Flexport Inc

flexport.org

0

Flexport.org is a non-profit initiative under Flexport Inc that leverages logistics to facilitate global aid delivery and promote sustainability. The organization supports humanitarian relief efforts, discounted shipping for NGOs, and climate programs to reduce transport emissions. Their market position is strong within the humanitarian logistics sector, supported by partnerships with reputable NGOs and a clear mission to improve aid delivery efficiency. Technically, the website is built on modern frameworks like React and Gatsby, hosted on Amazon AWS, and employs advanced technologies such as Google reCAPTCHA and Mapbox GL JS. The site demonstrates good performance, mobile optimization, and accessibility, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced using TLS 1.3 and strong cipher suites, absence of known vulnerabilities, and security headers that protect domain registration. However, improvements such as enabling HSTS, OCSP stapling, and DMARC records could enhance security further. Overall, the website is trustworthy, professional, and compliant with privacy regulations including GDPR. No blocking or WAF interference was detected, allowing full content access and analysis. Strategic recommendations include enhancing security headers and transparency measures to maintain and improve trust.

F

Flexport

deliverr.com

0

Flexport is a leading global supply chain logistics platform that integrates and coordinates logistics from factory to customer door. The company offers a comprehensive suite of services including ocean freight, air freight, trucking, customs brokerage, eCommerce fulfillment, and more. With a strong market presence and over 10,000 clients, Flexport leverages technology to provide real-time visibility and control over shipments, enabling businesses to optimize their supply chains and grow efficiently. The website demonstrates a high level of digital maturity, utilizing modern frameworks like React and Gatsby, and integrating advanced mapping and tracking technologies such as Mapbox. However, the security posture is currently weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, which are critical for protecting data in transit. Privacy compliance is partially addressed with comprehensive privacy and terms of service pages, but lacks explicit cookie consent mechanisms. Overall, the site is professional and trustworthy, but should prioritize improving its SSL/TLS configuration to enhance security and user trust.

M

Mapon

mapon.com

0

Mapon is a Finnish-based company specializing in fleet management and video telematics solutions, serving a broad range of industries including transportation, logistics, construction, and service companies. Established in 2006 and part of the Draugiem Group, Mapon offers a comprehensive platform integrating GPS tracking, driver behavior analysis, fuel monitoring, and video evidence to optimize fleet operations and enhance safety. The website reflects a mature digital presence with professional design, multilingual support, and extensive product information targeting B2B customers. Technically, the site leverages modern web technologies such as Bootstrap, jQuery, Google Tag Manager, and Cookiebot for consent management, hosted behind Cloudflare. However, the SSL/TLS configuration is currently deficient, lacking a valid certificate and TLS protocol support, which poses a significant security risk and undermines user trust. Security headers are well implemented, and privacy compliance is strong with GDPR-aligned policies and consent mechanisms. The security posture is weakened by the absence of proper HTTPS, which is critical for protecting data in transit and ensuring secure user interactions. Despite this, the site demonstrates good business credibility with clear contact information, certifications, and client references. Overall, Mapon presents as a reputable and professional company with a robust service offering but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

Hyundai Motor Group operates as a major global automotive manufacturer primarily serving the transportation sector. The website analyzed is minimal, consisting solely of a redirect script with no substantive content, metadata, or user-facing information. This limits the ability to assess the company's digital maturity or customer engagement through this domain. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to significant security risks and undermining user trust. No privacy, cookie, or terms of service policies are present, indicating poor compliance posture. Overall, the website appears to be a placeholder or gateway rather than a full corporate site, which restricts comprehensive analysis and suggests the need for significant improvements in web presence and security.

K

K-Auto Oy

k-auto.fi

0

K-Auto Oy is a prominent automotive company in Finland offering a comprehensive range of services including new and used car sales, leasing, financing, maintenance, and repair services. The company operates multiple dealerships across Finland and represents several major automotive brands such as Volkswagen, Audi, Porsche, SEAT, CUPRA, and Bentley. Their business model focuses on providing a seamless customer experience from vehicle acquisition to after-sales services, supported by digital tools and loyalty programs like Plussa. K-Auto is part of the larger Kesko Group, enhancing its market position and operational capabilities. Technically, the website is built on modern frameworks including Next.js and React, hosted via Cloudflare, and managed through the Contentful CMS. The site demonstrates good mobile optimization, accessibility, and SEO practices, although performance metrics are moderate. The presence of comprehensive legal and privacy documentation indicates a mature approach to compliance and customer trust. From a security perspective, while the site employs some security headers and uses HTTPS, the SSL certificate is currently invalid or missing, which is a critical vulnerability. The absence of DNSSEC and CAA records further indicates potential areas for security enhancement. No explicit incident response or vulnerability disclosure policies were found. Overall, K-Auto presents a professional and trustworthy digital presence with strong business credibility and customer focus. However, addressing the SSL certificate issues and enhancing security configurations are essential to maintain user trust and comply with best practices.

P

Progressive Casualty Insurance Company

progressivecommercial.com

0

Progressive Commercial is a leading provider of commercial insurance products in the United States, specializing in commercial auto, business insurance, workers' compensation, general liability, cyber insurance, and professional liability. The website serves as a comprehensive portal for small to medium business owners to obtain quotes, access resources, and manage claims. The company holds a strong market position as the #1 commercial auto insurer and truck insurer based on industry data. Technically, the site uses modern JavaScript libraries, tracking tools, and is built on an ASP.NET MVC framework, providing a good user experience with mobile optimization and accessibility features. However, the security posture is weakened by the lack of a valid SSL certificate and HTTPS enforcement, which is critical for protecting user data and trust. Privacy compliance is partial, with privacy and terms pages present but no visible cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

A

AFTES - Association Française des Tunnels et de l'Espace Souterrain

aftes.fr

0

AFTES is a French non-profit association specializing in the field of tunnels and underground spaces, representing all trades involved in the design and construction of such infrastructures. The organization provides a range of services including training, publications, events, and working groups to advance knowledge and techniques in underground construction. The website is professionally designed, targeting industry professionals and organizations in transportation and energy sectors. Technically, the site is built on WordPress with Elementor and WooCommerce, hosted on OVH, and uses various modern web technologies and analytics tools. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. Cookie consent and privacy policies are well implemented, reflecting good GDPR compliance. Overall, the site is content-rich and trustworthy but requires urgent improvements in its security posture.

M

Maiaspace

maia-space.com

0

Maiaspace is a small European space transportation company focused on designing, manufacturing, and operating eco-responsible reusable mini launchers for space mobility services. Their business model targets satellite operators and space industry customers requiring flexible launch solutions to Low Earth Orbit and other orbits. The website is built on WordPress with good SEO practices and mobile optimization but lacks a valid SSL certificate, resulting in no HTTPS support. Security posture is weak due to missing TLS protocols and security headers beyond HSTS. Privacy compliance is minimal with no visible privacy or cookie policies. Contact information is limited to a contact page without direct emails or phone numbers. Overall, the site presents a professional image with consistent branding and relevant content but requires urgent security and privacy improvements.