Security Directory

S

Saarländische Nahverkehrs-Service GmbH

saarvv-profil.de

0

The website represents Saarländische Nahverkehrs-Service GmbH, a regional public transportation service provider in Saarland, Germany. It offers information about the saarVV public transport network, focusing on sustainability, digitalization, and service improvements. The site targets local public transport users and stakeholders. Technically, the website is built on WordPress using Elementor, with common web technologies like jQuery and Swiper.js. The site is mobile-optimized but suffers from slow load times and lacks some advanced performance optimizations. Security-wise, the site uses HTTPS with a valid certificate but lacks important security headers, HSTS, and OCSP stapling. No cookie consent mechanism or comprehensive privacy compliance features are present. Contact information is clearly provided, including email, phone, and physical address. Social media presence is active on major platforms. Overall, the site is functional and professional but could improve in security and privacy compliance to enhance trust and user safety.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 high-priority issues should be addressed promptly. Total of 13 security findings identified across all modules.

The Worldshop is a comprehensive e-commerce platform operated by Miles & More GmbH, serving as the sales channel for Europe's leading loyalty program. It offers a wide range of premium products from over 400 brands, including exclusive SWISS branded items, targeting loyalty program members and general consumers. The platform integrates miles earning and redemption with flexible payment options, including Cash & Miles, and maintains a presence both online and at airport stores. Technically, the website employs a modern JavaScript stack with Apache Wicket as the framework, leveraging various libraries for UI components, lazy loading, and analytics. However, performance is moderate to slow due to large page size and resource count. Mobile optimization and accessibility are well addressed, ensuring a good user experience across devices. From a security perspective, the site lacks a valid SSL certificate and does not implement modern TLS protocols or security headers like HSTS, which poses significant risks. Privacy compliance is strong with clear policies and consent mechanisms. The site integrates multiple trusted payment and shipping partners, enhancing business credibility. Overall, while the business and content aspects are strong and professional, critical security issues related to SSL must be addressed to improve trust and protect user data. Strategic improvements in security posture and performance optimization are recommended.

Worldshop.eu is a well-established e-commerce platform operated by Miles & More GmbH, serving as the sales channel for Europe's leading loyalty program. The website offers a broad range of lifestyle and aviation-branded products, targeting Miles & More members and aviation enthusiasts. The platform integrates loyalty features such as mileage redemption and earning, alongside traditional e-commerce functionalities. Technically, the site employs a modern tech stack including Apache Wicket, jQuery, and Material Design components, hosted by Noris Network AG. Despite a rich user experience and comprehensive content, the absence of a valid SSL certificate and lack of HTTPS implementation represent critical security vulnerabilities. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the site demonstrates strong business credibility and user engagement but requires urgent security improvements to protect user data and maintain trust.

BMW M GmbH operates the official BMW M website, showcasing its high-performance vehicles, motorsport heritage, and driving experiences. The company holds a strong market position in the premium automotive segment, targeting enthusiasts and customers seeking performance and motorsport engagement. The website reflects a mature digital presence with rich multimedia content, clear navigation, and comprehensive legal and privacy documentation. Technically, the site uses modern web technologies, including Adobe Experience Manager CMS, Akamai CDN, and performance monitoring tools, delivering a good user experience across devices. Security posture is solid with HTTPS, SPF, DMARC, and no critical vulnerabilities detected, though improvements like HSTS and additional security headers are recommended. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site demonstrates high professionalism and trustworthiness.

A

Arvato Systems

arvato-systems.com

0

Arvato Systems is a large, internationally active IT specialist and multi-cloud service provider headquartered in Germany, focused on enabling digital transformation for enterprises across various industries including healthcare, energy, retail, manufacturing, and government. The company offers a broad portfolio of services such as cloud transformation, application modernization, managed services, security services, and SAP solutions. Their market position is reinforced by multiple industry awards and certifications, including ISO 27001. Technically, the website is built on CoreMedia CMS with modern web technologies and provides a good user experience with mobile optimization and clear navigation. However, the security posture is weakened by an invalid or missing SSL certificate and lack of modern TLS protocol support, which are critical issues that should be addressed promptly. Privacy compliance is strong with a comprehensive privacy policy, cookie consent mechanism, and GDPR adherence. Overall, the website demonstrates professionalism and trustworthiness but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

A

Arvato Systems Schweiz AG

arvato-systems.ch

0

Arvato Systems Schweiz AG is a subsidiary of the international Arvato Systems group, specializing in IT services and digital transformation solutions. The company offers a broad portfolio including digital commerce, cloud services, application modernization, and industry-specific IT solutions targeting enterprises primarily in Switzerland and globally. The website reflects a mature digital presence with comprehensive content, local contact points, and professional branding. Technically, the site uses CoreMedia CMS and modern web technologies but suffers from slow load times and lacks some advanced security configurations such as HSTS and OCSP stapling. Security posture is solid with valid SSL, SPF, and DMARC records, but no explicit security or incident response policies are published. Privacy compliance is well addressed with a cookie consent mechanism and a detailed privacy policy. Overall, the site is professional and trustworthy but could improve performance and security hardening.

L

LA Forward Institute

laforward.institute

0

LA Forward Institute is a small nonprofit organization focused on advancing racial and economic justice in Los Angeles County through civic education, leadership development, and coalition building. The website is built on Squarespace, featuring rich educational content, videos, and guides aimed at empowering local residents and activists. Technically, the site uses modern TLS protocols and strong cipher suites but lacks advanced security headers and email authentication policies such as DMARC and DNSSEC. Privacy compliance is weak, with no visible privacy or cookie policies, and no explicit contact emails or phone numbers are provided, only a contact form. Overall, the site is functional and professional but could improve in security and privacy transparency to enhance trust and compliance.

N

Next Big Idea Club

nbic.club

0

Next Big Idea Club operates a subscription-based nonfiction book club curated by renowned authors, targeting readers and professionals seeking curated knowledge. The platform offers physical book deliveries, digital audio and video courses, exclusive events, and a mobile app, positioning itself as a niche leader in curated nonfiction media. Technically, the website is built on WordPress with a modern tech stack including Bootstrap, jQuery, and various marketing and analytics tools. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security flaw that undermines user trust and data protection. While the site integrates multiple tracking and marketing services, privacy compliance is basic with no visible cookie consent mechanism. Business credibility is strong due to professional content, testimonials, and social media presence. Overall, the site delivers excellent content quality but requires urgent security improvements to meet modern standards.

D

DSV-Gruppe

dsv-gruppe.de

0

DSV-Gruppe is a specialized solutions provider primarily serving the Sparkassen financial group and its associated companies and associations in Germany. Established in 1923, it holds a leading market position in financial services, focusing on communication, organization, payment, and digital transformation solutions. The website reflects a professional and consistent brand presence targeting Sparkassen and related stakeholders. Technically, the site is built on Adobe Experience Manager with modern JavaScript modules and integrates multiple marketing and analytics tools. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site demonstrates good content quality and business credibility but requires urgent security improvements.

Really Simple Plugins is a technology company specializing in WordPress plugin development, focusing on security and privacy compliance solutions. Their key offerings include the Really Simple Security plugin, ranked as the 12th most-used WordPress plugin, and the Complianz Privacy Suite, which supports compliance with international privacy legislation and boasts over 1 million users worldwide. The company targets WordPress users and website owners seeking easy-to-use security and privacy tools. Their business model revolves around plugin development and distribution, positioning them as an important player in the WordPress ecosystem since 2016. Technically, the website is built on WordPress using Elementor and Yoast SEO, with additional plugins for cookie consent management (Complianz) and analytics (Matomo). Hosting and DNS are managed via Cloudflare, providing robust DNS infrastructure. Performance is moderate with a page load time of approximately 3.8 seconds. The site is mobile optimized and has good SEO practices, though accessibility features are basic. From a security perspective, the site lacks a valid SSL certificate and does not enable modern TLS protocols, which is a significant risk. No HTTP security headers are detected, and advanced SSL features like OCSP stapling and HSTS are not enabled. DNS records show proper SPF and DMARC configurations, reducing email spoofing risks. Cookie consent is managed properly with opt-in mechanisms, supporting GDPR compliance. However, the absence of a valid SSL certificate and security headers lowers the overall security posture. Overall, the website is functional and professional but requires urgent improvements in SSL/TLS configuration and security headers to enhance trust and protect user data. Privacy compliance is well addressed through the Complianz plugin and clear privacy and cookie policies. Business credibility is moderate due to limited direct contact information and absence of terms of service. Strategic security enhancements and better transparency would improve the site's risk profile and user confidence.

M

MaRS IAF

marsiaf.com

0

MaRS IAF is a Canadian early-stage investment fund focused on backing ambitious technology startups. Positioned as one of Canada's most active early-stage investors, it offers capital deployment and strategic support to founders building breakthrough technology companies. The website reflects a professional and consistent brand aligned with its parent organization, MaRS Discovery District. The technical infrastructure is based on WordPress CMS with common web technologies and integrations such as Google Tag Manager and Yoast SEO, hosted behind Cloudflare DNS services. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Security policies such as DMARC and SPF are configured but with a relaxed DMARC policy. Privacy compliance is partial, with a privacy policy located on the parent domain but no cookie consent mechanism detected. Overall, the site provides good business credibility and user experience but requires urgent improvements in security and privacy compliance to meet modern standards.

dbc - digital business creators gmbh is a full-service digital agency based in Germany, specializing in application development, content management, cloud services, and AI applications. The company serves a diverse range of industries including technology, financial services, insurance, pharma, and marketing. Their market position is supported by a portfolio of notable clients and a commitment to delivering tailored digital solutions from concept to long-term maintenance. Technically, the website is built on modern frameworks such as React and Next.js, with a CMS likely based on Strapi. The site employs TLS 1.3 for secure communications and integrates Lottie animations for enhanced user experience. However, performance is currently slow, and some advanced security features like HSTS and OCSP stapling are not enabled. From a security perspective, the site has a valid SSL certificate and no critical vulnerabilities were detected. However, improvements are recommended in email security (DMARC), certificate transparency, and enabling additional security headers. Privacy compliance is well addressed with a comprehensive privacy policy and cookie policy, though no explicit consent mechanism was found. Overall, the website demonstrates a strong business credibility and professional presentation, but could benefit from technical and security enhancements to improve performance and harden defenses. Strategic recommendations include implementing advanced security headers, optimizing site performance, and enhancing privacy controls to maintain trust and compliance.

The website bertelsmann-hr.de is currently inaccessible, returning a 403 Forbidden error page with minimal HTML content. This prevents any meaningful extraction of business, privacy, or security-related information from the site itself. DNS data shows the domain is registered and hosted by Arvato Systems in Germany, but no SSL certificate is installed, resulting in no HTTPS support. The lack of accessible content and security features indicates a poor security posture and limited digital maturity. Without access to the actual website content, no privacy policies, contact information, or business details can be confirmed. The overall risk is elevated due to the absence of HTTPS and the blocked access, which also limits the ability to assess compliance or trustworthiness.

Streets For All operates as a focused non-profit advocacy organization dedicated to advancing sustainable and equitable transportation policies in California. Their website serves as a comprehensive platform to assess and report on the performance of state legislators regarding transportation legislation, providing transparency and accountability to the public and stakeholders. The organization positions itself as a key influencer in California's transportation policy landscape, emphasizing legislative sponsorship, support, and public engagement. Technically, the website employs modern web technologies including React and Material-UI, hosted on DigitalOcean infrastructure. While the site offers rich content and a professional design, performance issues such as slow load times and lack of some security headers are noted. The site uses Umami for privacy-focused analytics, indicating a moderate approach to user tracking. From a security perspective, the site benefits from a valid SSL certificate but lacks advanced security headers and DNS protections like DNSSEC and DMARC. Privacy compliance is weak due to the absence of privacy and cookie policies and no visible consent mechanisms. Contact information is limited to an email address, with no phone or physical address provided. Overall, the website is a credible and professional resource for transportation policy advocacy but would benefit from enhanced security practices and privacy compliance to strengthen trust and protect users. Performance optimizations and clearer privacy disclosures are recommended to improve user experience and regulatory adherence.

The Hill to Sea Corridor website provides informational content about a proposed 28-mile transportation route connecting multiple transit lines and regional amenities. The site targets local residents and commuters interested in regional transit development. The business model appears to be informational or advocacy-focused without commercial transactions or services. Technically, the site uses a modern JavaScript module approach, likely React or a similar framework, hosted on DigitalOcean with DNS managed by DigitalOcean nameservers. However, the site suffers from slow load times and minimal content depth. Security posture is weak, with no valid SSL certificate, no HTTPS enabled, and absence of security headers or best practices. Privacy and compliance policies are missing, and no contact or business information is provided, limiting trust and credibility. Overall, the site is accessible but lacks fundamental security and compliance features, resulting in a low security and trust score.

S

Streets For All San Francisco

streetsforallsf.org

0

Streets For All San Francisco is a small non-profit advocacy organization dedicated to improving transportation safety and public space in San Francisco. Their website serves as a platform for community engagement, initiatives, events, and fundraising. The organization positions itself as a local leader in advocating for safer, greener streets and better transit options. Technically, the website is built on Squarespace, leveraging standard web technologies and third-party services such as Mailchimp for email marketing and ActBlue for donations. While the site is visually consistent and user-friendly, performance is somewhat slow and SEO/accessibility features are basic. Security posture is adequate with modern TLS protocols and no known SSL vulnerabilities, but lacks advanced security headers, DNS protections, and privacy compliance mechanisms. Contact information is limited to an email address and social media links, with no phone or physical address provided. Overall, the site is functional and professional but would benefit from enhanced privacy policies, security hardening, and performance optimization.

B

bevestor GmbH

bevestor.de

0

bevestor GmbH is a German digital wealth management company offering modern, fully online investment solutions primarily focused on ETF portfolios and sustainable investment options. Positioned as a multiple award-winning Robo-Advisor, bevestor targets retail investors starting from 500 euros, providing automated portfolio management and risk mitigation strategies such as Anlageschutz. The company operates under the Deka-Gruppe umbrella, leveraging the trust and infrastructure of the DekaBank for secure custody of client assets. The website is content-rich, professionally designed, and well-structured, targeting German-speaking customers with clear calls to action and educational resources.

A

A1 Telekom Austria Group

telekom.at

0

A1 Telekom Austria Group is a leading telecommunications provider in Austria, offering a comprehensive range of services including mobile telephony, fixed internet, TV streaming, and digital security products. The website reflects a mature digital presence with a strong focus on residential customers, youth, and families, supported by loyalty programs and customer apps. Technically, the site is built on the Liferay CMS platform, utilizing modern JavaScript libraries and frameworks, and integrates cookie consent management via OneTrust and analytics through Google Tag Manager. Security posture is robust with HTTPS enforced, strong TLS configurations, and appropriate security headers, although improvements such as enabling HSTS and OCSP stapling could enhance security further. Privacy compliance is well addressed with clear privacy and cookie policies, and GDPR adherence is evident. Overall, the website demonstrates high professionalism, excellent user experience, and trustworthy business practices.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 10 security findings identified across all modules.

A

Amtsverwaltung Büchen

amt-buechen.eu

0

Amt Büchen is a regional government administration serving 15 municipalities in the Herzogtum Lauenburg district of Schleswig-Holstein, Germany. The website provides citizens with access to public services, administrative information, announcements, and digital portals such as appointment booking and citizen services. The site targets local residents and stakeholders, offering a comprehensive overview of the Amt's functions and community resources. Technically, the website is built on TYPO3 CMS with Bootstrap and jQuery, hosted by Hetzner. While the site is well-structured and mobile-optimized, it suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. Other security best practices such as security headers, DMARC, and HSTS are also missing. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy page, but no terms of service or security policy pages are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

T

TÜV NORD GROUP

hydrohub.de

0

HydroHub is a specialized consulting and engineering center focused on hydrogen technology and infrastructure, operating as an initiative within the TÜV NORD GROUP. The website presents a professional and comprehensive overview of their services, targeting manufacturers, grid and storage operators, industrial users, public sector entities, and investors. The technical infrastructure is based on TYPO3 CMS with modern JavaScript libraries and includes cookie consent and tracking mechanisms. However, the site lacks HTTPS encryption, which is a critical security deficiency. The security posture is weak due to missing SSL, security headers, and DNSSEC, exposing the site to potential risks. Privacy compliance is well addressed with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the site is professionally designed and trustworthy but requires urgent security improvements to protect user data and enhance trust.

Brussels Airlines is an enterprise-level transportation company operating primarily in Belgium and is part of the Lufthansa Group. The website is currently inaccessible due to a Web Application Firewall or security mechanism, resulting in an Access Denied page served by AkamaiGHost. This prevents access to any meaningful content, metadata, or business information on the site. The technical infrastructure includes Akamai CDN and Barracuda Networks for email security, with SPF and DMARC records properly configured. However, the SSL/TLS configuration is severely lacking, with no valid certificate or modern TLS protocols enabled, exposing the site to significant security risks. Security headers are minimal, and no privacy or cookie policies are detectable on the landing page. Overall, the site’s security posture is weak, and the lack of accessible content limits the ability to assess business credibility or compliance. The site is heavily tracked by multiple advertising and analytics services as indicated by the content security policy, but these cannot be verified due to the blocked content.

Bonterra is a leading provider of nonprofit software solutions focused on social impact, offering products for fundraising, case management, corporate social responsibility, and grant management. The company is positioned as the second-largest social good software provider globally, targeting nonprofits, foundations, corporations, and government agencies. Their SaaS business model integrates multiple acquired products to serve a broad social good ecosystem. Technically, the website is built on WordPress hosted on WP Engine with Cloudflare CDN, leveraging modern JavaScript frameworks like React and animation libraries such as GSAP. SEO and accessibility are well implemented, with comprehensive metadata and structured data. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are present and indicate GDPR compliance. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

Bonterra is a purpose-built software company specializing in corporate social responsibility (CSR) solutions that empower organizations to enhance their philanthropic programs. Founded in 2021, Bonterra has quickly established itself as the second-largest social good software company globally, serving nonprofits, foundations, corporations, and government entities. Their key offerings include grant management, employee engagement, volunteer management, and fundraising software, all designed to maximize social impact and streamline administrative workflows. Technically, the website is built on a WordPress CMS platform with a modern tech stack including React, Bootstrap, and GSAP for animations. The site integrates multiple marketing and analytics tools such as Marketo, Microsoft Clarity, Facebook Pixel, and Google Tag Manager, reflecting a mature digital marketing strategy. However, performance is currently slow, and while mobile optimization and accessibility are good, there is room for improvement in loading speed. From a security perspective, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical vulnerability. Other security best practices like HSTS, OCSP stapling, and modern TLS protocols are missing, significantly lowering the security posture. Privacy and cookie policies are present and include consent mechanisms, indicating good privacy compliance. Contact information is limited to a physical address without explicit phone or email contacts publicly visible. Overall, Bonterra's website demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling HTTPS and modern TLS protocols, and implementing additional security headers and mechanisms to improve the security score and user confidence.

B

Bonterra

givegab.com

0

Bonterra is a leading provider of nonprofit software solutions focused on social impact, offering products for fundraising, case management, corporate giving, and grant management. Founded in 2021, it has quickly established itself as the second-largest social good software company globally, serving nonprofits, foundations, corporations, and government agencies. The company emphasizes a 'better together' approach, integrating multiple social good platforms under its brand. Technically, the website is built on WordPress with modern JavaScript frameworks like React and GSAP, and integrates numerous marketing and analytics tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS enforcement, which significantly impacts the site's security posture. Privacy and cookie policies are comprehensive and GDPR compliant, and the site demonstrates strong SEO and accessibility practices. Overall, Bonterra's digital presence is professional and content-rich but requires urgent security improvements to protect user data and maintain trust.

Bonterra LLC operates Network for Good, a leading fundraising software platform tailored for small to medium-sized nonprofits. The company has a strong market position as the second-largest social good software provider globally, offering a comprehensive suite of tools including donor and volunteer management, peer-to-peer fundraising, and coaching services. Bonterra's business model focuses on SaaS solutions for nonprofit organizations, foundations, corporations, and government entities, supported by a robust ecosystem of subsidiaries and partner products. The website content is professionally crafted, targeting nonprofit organizations seeking efficient fundraising and engagement solutions. Technically, the website is built on WordPress hosted on WP Engine with Cloudflare CDN, utilizing modern JavaScript frameworks like React and libraries such as GSAP and Splide.js for UI enhancements. SEO and accessibility are well implemented, with extensive use of structured data and meta tags. However, performance metrics are not explicitly provided, though mobile optimization and user experience appear strong. From a security perspective, while the site employs several security headers and policies, it suffers from a critical issue: the SSL certificate is invalid or missing, and no modern TLS protocols are enabled. This severely impacts the security posture and user trust. Other security best practices like CSP and permissions policies are in place, but the lack of proper SSL/TLS undermines these efforts. Overall, the site is content-rich, professionally designed, and business credible but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and compliance with modern security standards.

The website sparkphotonics.org is currently inaccessible due to an HTTP 429 error indicating rate limiting or blocking, resulting in an error page with minimal content. No business-related content, metadata, or contact information is available for analysis. The site is hosted on Wix infrastructure with a valid SSL certificate supporting modern TLS protocols but lacks advanced security features such as HSTS, OCSP stapling, and DMARC records. No privacy, cookie, or terms of service policies are present, and no analytics or advertising technologies are detected. Overall, the site exhibits poor content quality, limited technical implementation, and weak security posture due to missing security headers and policies. The lack of accessible content and contact details severely limits the ability to assess business credibility or compliance.

H

Heinrich Heine Fachmedien GmbH & Co. KG - Bücher vom Buchhändler

heinebuch.de

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 27 security findings identified across all modules.

V

Verein für Konsumenteninformation (VKI)

europakonsument.at

0

Europakonsument.at is the official website of the European Consumer Centre Austria, operated by the Verein für Konsumenteninformation (VKI). It provides free advice and assistance to consumers facing cross-border issues within the EU, UK, Norway, and Iceland. The site offers complaint forms, consumer rights information, and updates on relevant topics such as travel, online shopping, and warnings. The organization is government-backed and co-funded by the EU, positioning it as a trusted non-profit consumer advocacy entity in Austria. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and uses Matomo for analytics. While the site is content-rich and well-structured with good mobile optimization and accessibility, it suffers from a lack of a valid SSL certificate, resulting in a basic security posture. Privacy compliance is strong with a clear cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is professional and trustworthy but requires urgent improvements in SSL and security headers to enhance user trust and security.

V

Verein für Konsumenteninformation (VKI)

verbraucherrecht.at

0

The website Verbraucherrecht.at is operated by the Verein für Konsumenteninformation (VKI), a prominent Austrian non-profit organization focused on consumer rights and legal information. It provides comprehensive resources including news, legal judgments, collective actions, and educational offerings targeted at Austrian consumers. The site is well-branded, consistent, and supported by the Austrian Ministry of Social Affairs, reinforcing its authoritative position in the consumer protection sector. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and uses modern web technologies including Matomo for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly undermines user trust and security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site offers valuable content and services but requires urgent security improvements to meet modern standards.

V

Verein für Konsumenteninformation (VKI)

vki.at

0

The Verein für Konsumenteninformation (VKI) is a well-established Austrian non-profit organization dedicated to consumer protection through product testing, advice, and information dissemination. The website serves as a comprehensive portal for consumers, offering access to product recalls, educational seminars, and greenwashing checks, targeting Austrian consumers primarily. Technically, the site is built on Drupal CMS and hosted on Amazon AWS infrastructure, utilizing Matomo analytics with a clear cookie consent mechanism, reflecting a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. While privacy policies and GDPR compliance are well addressed, the lack of security headers and modern TLS protocols indicates room for significant security improvements. Overall, the site provides excellent content quality and user experience but requires urgent security enhancements to align with best practices and regulatory requirements.

R

RollWorks

rollworks.com

0

RollWorks is a B2B marketing technology company specializing in account-based marketing (ABM) and account-based advertising solutions. Positioned as a leading ABM platform, RollWorks offers AI-driven targeting and engagement tools designed to help marketers grow revenue by focusing on high-value accounts. The company operates as a division of NextRoll, Inc., serving primarily enterprise clients in the technology and business services sectors. Their platform integrates multiple marketing and analytics technologies, including Marketo, Google Tag Manager, and AdRoll, to provide comprehensive marketing automation and measurement capabilities. Technically, the website is built on WordPress with Elementor and Yoast SEO plugins, hosted behind Cloudflare CDN. The site demonstrates good SEO optimization, mobile responsiveness, and professional design quality. However, the SSL/TLS configuration is currently invalid or missing, which is a critical security vulnerability that undermines user trust and data protection. The site uses multiple third-party marketing and tracking tools, indicating extensive user tracking and data collection practices. From a security perspective, while some best practices like SPF and DMARC email policies are in place, the lack of a valid SSL certificate and disabled TLS protocols represent significant risks. The site also lacks advanced security headers and mechanisms such as OCSP stapling and session resumption. Privacy policies and terms of service are hosted on the parent company domain, and while privacy compliance is generally good, no explicit cookie consent mechanism was detected on the homepage. Overall, RollWorks presents a professional and trustworthy business front with strong market positioning and comprehensive marketing solutions. However, the critical SSL/TLS issues must be addressed immediately to ensure secure communications and maintain compliance with industry standards. Strategic improvements in security posture and privacy transparency will enhance trust and reduce risk exposure.

The website studieren-in-bayern.de currently serves a 404 Page Not Found error, indicating that the requested content is unavailable or inaccessible. There is no substantive business content, metadata, or contact information present on the page. The site is powered by TYPO3 CMS as evidenced by the error page branding, but no further technical or business details are available. The DNS configuration lacks DNSSEC and CAA records, and the SSL certificate is invalid or missing, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. Overall, the website is non-functional from a user and business perspective, with no privacy or compliance policies detected.

The website research-in-bavaria.de currently serves only a 404 Page Not Found error, indicating that the requested content is unavailable or the page does not exist. There is no accessible business information, contact details, or privacy and security policies on the site. The site is built on TYPO3 CMS as evidenced by the error page branding, but no active content or services are presented. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing visitors to insecure connections. Performance is poor with a very slow load time despite minimal content. Security posture is weak due to missing HTTPS, lack of security headers, and absence of DNSSEC or CAA records. Overall, the site is not operational for end users and presents significant security and compliance gaps.

D

DMT GROUP

dmt-group.com

0

DMT GROUP is a well-established global engineering services and consulting company with a history dating back to 1737. It operates primarily in the energy, infrastructure, mining, and engineering sectors, offering a broad range of services including engineering, consulting, geotechnics, exploration, and critical infrastructure protection. The company is part of the TÜV NORD GROUP, which enhances its market credibility and access to resources. The website reflects a professional and comprehensive digital presence with clear business information, structured data, and rich content targeting industrial clients worldwide. Technically, the website is built on TYPO3 CMS and uses common web technologies such as Apache server, Google Analytics, and LinkedIn Insight Tag for analytics and marketing. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security shortfall. The absence of modern TLS protocols and security headers further weakens its security posture. Performance is rated slow due to missing SSL and possibly other optimizations. Privacy compliance is partial, with a privacy policy present but no visible cookie consent mechanism. Security-wise, the site has configured SPF and DMARC records for email security and shows no signs of common vulnerabilities like Heartbleed or POODLE. However, the lack of HTTPS and security headers significantly reduces the overall security score. There is no explicit incident response or vulnerability disclosure information available on the site. Overall, the website is professional and content-rich but requires urgent improvements in security infrastructure, especially SSL/TLS implementation, to protect user data and enhance trust. Privacy compliance could also be improved by adding cookie consent mechanisms. Strategic recommendations include implementing HTTPS, enhancing security headers, and improving privacy transparency.

The website medigate.de is currently a parked domain landing page primarily serving advertisements and indicating the domain is for sale. There is no substantive business content, contact information, or service offerings present. The technical infrastructure relies on parking nameservers and third-party ad networks, with no valid SSL certificate, resulting in an insecure HTTP-only site. Performance is poor with a very slow load time. Security posture is weak due to lack of HTTPS, security headers, and privacy compliance mechanisms. Overall, the site does not present a credible or professional business presence and lacks essential security and privacy features.

U

UKE-Stiftung

uke-stiftung.de

0

The UKE-Stiftung website represents a medium-sized non-profit foundation focused on advancing healthcare through funding medical research, education, and patient care. The organization holds a strong market position within the German healthcare and research sector, emphasizing innovation and excellence. Technically, the website is built on a modern WordPress CMS with Elementor and several supporting plugins, delivering a professional and responsive user experience. Security posture is adequate with HTTPS and valid SSL certificates but lacks advanced features such as HSTS, DNSSEC, and OCSP stapling, which could enhance protection. Privacy compliance is addressed with a privacy policy and cookie information, though no explicit consent mechanism is observed. Overall, the site is trustworthy and professionally maintained, but improvements in security hardening and incident response transparency are recommended.

freenet AG is a leading independent telecommunications provider in Germany, specializing in mobile voice and data services. The company maintains a strong market position with a large subscriber base and transparent investor relations. The website provides comprehensive corporate and investor information, career opportunities, and press releases, targeting investors, customers, and job seekers primarily in the German market. Technically, the website is hosted behind Cloudflare and uses modern web technologies including Vimeo for video content and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. While security headers and content security policies are implemented, the lack of encryption exposes users to risks. Privacy compliance is partially addressed with a privacy policy but lacks cookie consent mechanisms. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

V

Vienna Tourist Board

wien.info

0

The website wien.info serves as the official online travel guide for the City of Vienna, operated by the Vienna Tourist Board. It provides comprehensive information on attractions, events, accommodations, and visitor services, targeting tourists and visitors globally with multilingual support. The site positions itself as the authoritative source for Vienna tourism, offering key services such as event search, city card sales, and a dedicated travel guide app. Technically, the site employs modern JavaScript libraries, integrates with multiple marketing and analytics platforms, and uses a custom or proprietary CMS hosted on xaas.systems DNS infrastructure. However, the site lacks a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. Despite this, it implements several security headers and a strict content security policy. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Business contact information is clearly presented, enhancing credibility.

The website medcel.com.br is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, presenting a security challenge page instead of actual content. This prevents any meaningful extraction of business, privacy, or security policies and limits the ability to assess the website's digital maturity or business model. The DNS configuration shows use of Cloudflare for DNS and protection, and Microsoft Outlook for email services, with proper SPF and DMARC records indicating good email security practices. However, the SSL/TLS configuration is critically lacking, with no valid certificate and no TLS protocols enabled, resulting in a poor security posture. Performance metrics indicate very slow load times and minimal resource delivery, likely due to the block page. Overall, the website's security posture is weak due to missing HTTPS and the presence of a blocking WAF, and the content quality and business credibility cannot be assessed due to lack of access.

M

Medical Harbour

medicalharbour.com

0

Medical Harbour is a Brazilian technology company specializing in medical imaging solutions, including software for radiology, teleradiology, and medical education. Their product portfolio includes advanced DICOM viewers, cloud PACS solutions, and educational tools such as virtual cadaver and anatomical atlases. The company targets hospitals, clinics, radiologists, and medical educators, positioning itself as a niche specialist in healthcare technology. The website is professionally designed, multilingual, and integrates modern marketing and analytics tools, although it suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Despite strong email security policies like SPF and DMARC, the absence of HTTPS and modern TLS protocols significantly weakens the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, Medical Harbour demonstrates a solid business presence with room for improvement in technical and security infrastructure.

U

Unikontor

unikontor.de

0

Unikontor is the official online shop of Universität Hamburg, providing a diverse range of high-quality, sustainable merchandising products such as hoodies, T-shirts, bags, and conference materials. The website targets students, staff, tourists, and supporters of the university, positioning itself as a trusted provider of university-branded merchandise with a strong emphasis on sustainability and fair production practices. Technically, the site is built on the Shopware CMS platform, running on modern PHP and Apache servers, with good performance and mobile optimization. Security measures include HTTPS with strong TLS protocols, essential security headers, and OCSP stapling, though improvements like DNSSEC and CAA records could enhance security further. Privacy compliance is addressed with a visible cookie consent mechanism and a privacy policy, although some areas could be more comprehensive. Overall, the site demonstrates a good balance of business credibility, technical implementation, and security posture, making it a reliable and professional e-commerce platform for university merchandise.

D

Digital Assets AG

mydigibiz24.com

0

Digibiz24 is a German-based SaaS platform offering an all-in-one solution for building websites, sales funnels, and membership areas, primarily targeting online entrepreneurs and coaches. The platform integrates with Digistore24 for sales automation and affiliate marketing, providing a seamless experience for users to create and monetize their online businesses. The website demonstrates a high level of digital maturity with modern technologies, responsive design, and strong SEO practices. Security is well addressed with HTTPS, GDPR compliance, and secure hosting on reliable infrastructure. While some improvements in SSL configuration and security headers are recommended, the overall security posture is solid. The platform's business credibility is reinforced by testimonials, clear contact information, and transparent policies.

Universität Hamburg is a large, well-established public university in Germany, recognized as the largest research and education institution in Northern Germany with a strong excellence status. The website serves as a comprehensive portal for students, researchers, staff, and the public, offering extensive information on academic programs, research projects, career services, and international cooperation. Technically, the site uses modern JavaScript libraries and analytics tools but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy policies and cookie consent mechanisms are well implemented, reflecting good GDPR compliance. However, the absence of HTTPS and security headers significantly weakens the security posture, exposing the site to potential risks. Strategic recommendations include immediate SSL deployment, enabling modern TLS protocols, and enhancing security headers to protect user data and improve trust.

C

cituro

cituro.com

0

cituro is a German-based technology company specializing in providing a comprehensive online appointment booking system tailored for businesses across various sectors. The company offers a SaaS platform that enables seamless online scheduling, customer management, and payment processing, positioning itself as a flexible and GDPR-compliant solution with a strong market presence in multiple countries. The website reflects a professional and consistent brand image with extensive content detailing features, customer testimonials, and integration capabilities.

G

Gemeinde Börnsen

boernsen-erleben.de

0

The website 'boernsen-erleben.de' serves as an official community information portal for the municipality of Börnsen, Germany. It provides residents and visitors with local news, event announcements, business listings, and social information. The site promotes a mobile app and offers structured navigation across various community topics. Technically, the site is built on the ProcessWire CMS, hosted by Strato, and uses common web libraries such as jQuery and Owl Carousel. Performance is moderate with a page load time of approximately 3.8 seconds. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. The site uses Matomo analytics, indicating moderate user tracking with some privacy considerations. Overall, the website is functional and informative but requires significant security improvements to protect user data and comply with modern web standards.

G

Gemeinde Büchen

buechen.de

0

Gemeinde Büchen operates as a local government entity serving approximately 6,700 residents in the Herzogtum Lauenburg district of Germany. The website provides comprehensive information about municipal services, including family and social services, education, culture, economy, and local infrastructure. It targets residents, families, businesses, and visitors, positioning itself as a community hub with a focus on quality of life and connectivity. Technically, the site is built on TYPO3 CMS with Bootstrap and jQuery, but suffers from slow load times and lacks modern security configurations such as HTTPS. The security posture is weak due to the absence of SSL/TLS encryption, security headers, and DNS security features. Privacy compliance is partially addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response policies are evident. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

S

Spark Photonics

sparkphotonics.com

0

Spark Photonics is a US-based photonic integrated circuit design and software distribution company serving defense, commercial, government, and academic sectors. The company offers end-to-end PIC design services, distributes Luceda IPKISS design software in North America, and provides educational PIC kits. The website is built on the Wix platform, leveraging modern JavaScript frameworks and various Wix apps to deliver content and services. However, the site lacks a valid SSL certificate, which is a critical security vulnerability that undermines user trust and data protection. Additionally, no privacy or cookie policies are present, indicating poor privacy compliance. The site provides clear contact information including a phone number, physical address, and a contact form, but lacks explicit security policies or incident response information.

Community Partners is a nonprofit organization focused on accelerating social change through fiscal sponsorship and intermediary services. Their website presents a professional and content-rich platform targeting nonprofit leaders, funders, and changemakers. The organization emphasizes equity, justice, and vibrant communities as core themes. Technically, the site is built on WordPress and hosted on Pantheon, utilizing modern JavaScript libraries for UI elements and Google Analytics for tracking. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are partially implemented but incomplete, and no cookie consent mechanism is present despite the use of tracking scripts. Privacy and legal policies are available and comprehensive, enhancing compliance posture. Overall, the site demonstrates good business credibility and user experience but requires urgent security improvements.