Security Directory

G

Georgetown University

georgetown.edu

0

Georgetown University is a prestigious higher education institution located in Washington, DC, offering a wide range of academic programs, research initiatives, and campus life services. The website reflects a strong brand presence with comprehensive content targeting prospective students, faculty, alumni, and the public. Technically, the site is built on WordPress with modern libraries such as jQuery and Swiper.js, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS and security headers, although no major vulnerabilities like Heartbleed or POODLE were detected. Privacy compliance is moderate with a clear privacy policy but no visible cookie consent mechanism. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

P

Project Liberty

projectliberty.io

0

Project Liberty is a technology-focused organization dedicated to empowering individuals to reclaim control over their digital lives through innovative solutions, policy advocacy, and alliance building. The website presents a well-structured and content-rich platform highlighting their Labs, Institute, Alliance, and campaigns such as The People's Bid for TikTok. Their market position is that of a leader in the digital rights and decentralized internet space, targeting users and stakeholders interested in data privacy and internet governance. Technically, the site is built on WordPress with modern tools like HubSpot forms and Matomo analytics, but suffers from slow performance and lacks a valid SSL certificate, which impacts security and user trust. The security posture is weak due to missing HTTPS, lack of security headers, and disabled TLS protocols, posing significant risks. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect users and enhance credibility.

M

McCourt Partners

mccourtpartners.com

0

McCourt Partners is a family-owned real estate development, investment, and management company with a strong focus on community impact and innovative projects. The company positions itself as a visionary leader blending financial results with social responsibility, operating primarily in the United States with projects also internationally. Their website reflects a professional and consistent brand image with clear business messaging and multiple contact channels including forms and social media. Technically, the website is built on WordPress with modern frontend libraries such as Swiper.js and uses LiteSpeed Cache for performance optimization. However, the site suffers from a lack of a valid SSL certificate and does not serve content over HTTPS, which is a critical security and trust issue. Performance is moderate to slow, with a load time of over 7 seconds, and accessibility is basic but mobile optimization is good. From a security perspective, the site has SPF and DMARC records configured properly for email protection but lacks HTTPS, HSTS, OCSP stapling, and other important security headers. No advanced security policies or incident response information is publicly available. Privacy compliance is minimal with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, adding security headers, and improving privacy compliance mechanisms.

A

A1 Telekom Austria Group

a1blog.net

0

A1 Telekom Austria Group operates the website a1blog.net as a content platform focused on internet, smartphones, digital life, and related telecommunications services primarily targeting Austrian consumers. The site serves as a marketing and informational blog, showcasing product news, tips, and corporate social responsibility initiatives. Technically, the site is built on the Liferay CMS platform, leveraging modern JavaScript frameworks including React and Alloy UI, and integrates Google Tag Manager and OneTrust for analytics and cookie consent management. Despite rich content and professional design, the site suffers from a critical security shortfall due to an invalid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies in German, aligned with GDPR requirements. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

A

A1 Telekom Austria AG

a1click.at

0

A1click.at is an online marketplace operated under the A1 Telekom Austria AG brand, offering a curated selection of digital, entertainment, energy, finance, and insurance products. The platform leverages trusted partnerships and the A1 Trusted Brands certification to provide exclusive deals and services to Austrian consumers. The website features a modern frontend technology stack including Alpine.js and Tailwind CSS, integrated with multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Hotjar. Despite a professional design and good content quality, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and missing security headers, which significantly impact its security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism powered by OneTrust and a clear privacy policy in German. Contact information is limited to an email address and a newsletter subscription form, with no phone numbers or physical addresses disclosed. Overall, the website presents a solid business presence with room for improvement in technical security and performance optimization.

N

NoStress Commerce s.r.o.

nostresscommerce.com

0

Koongo, operated by NoStress Commerce s.r.o., is a specialized SaaS platform designed to help online sellers succeed on multiple marketplaces by automating product feed management and order synchronization. The company targets e-commerce businesses seeking to expand their sales channels efficiently, offering integrations with over 500 sales platforms including Amazon, eBay, and Google Shopping. The website presents a professional and consistent brand image with comprehensive content and clear calls to action such as free trials and customer testimonials. Technically, the site is built on WordPress with a modern JavaScript stack and integrates various analytics and marketing tools. While the SSL configuration is functional with TLS 1.2 and strong cipher suites, it lacks TLS 1.3 support and advanced security headers, which could be improved. Privacy compliance is strong, featuring detailed cookie consent mechanisms and a comprehensive privacy policy. Overall, the website demonstrates a mature digital presence with good security posture and privacy practices, though performance optimization is needed due to slow load times and large page size.

R

Railteam

railteam.eu

0

Railteam is a European rail alliance providing high-speed train services across more than 100 destinations in Europe. The alliance emphasizes sustainable travel, passenger comfort, and additional services such as lounges and flexible travel options like HOTNAT. The website is professionally designed with good content quality and clear navigation, targeting European rail travelers seeking efficient and environmentally friendly transport. Technically, the site uses Sweet CMS and common frontend libraries but suffers from critical security issues due to lack of a valid SSL certificate and absence of HTTPS, which severely impacts its security posture. Privacy policies and cookie consent mechanisms are present, but no direct contact information or security policies are found. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

V

Vienna Airport Lines

viennaairportlines.at

0

Vienna Airport Lines is a transportation service operating express bus lines between Vienna city and Vienna International Airport. It is a business unit of the Österreichische Postbus Aktiengesellschaft, a subsidiary of ÖBB-Personenverkehr AG, positioning itself as a reliable and convenient airport shuttle provider. The website presents clear business information, service offerings, and partner links, targeting travelers and commuters in Vienna. The digital infrastructure includes a responsive design and uses Matomo analytics for user tracking. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. No cookie consent mechanism or comprehensive privacy compliance features are evident. The site is moderately performant and accessible but requires urgent security improvements to meet modern standards.

Ö

ÖBB Nightjet

nightjet.com

0

ÖBB Nightjet operates a comprehensive overnight train service connecting over 25 European metropolitan cities, focusing on comfortable, climate-friendly travel options including vehicle transport. The website is well-branded, content-rich, and targets travelers seeking overnight rail journeys across Europe. Technically, the site uses modern web technologies such as ES modules and web components, but performance data is lacking. Security posture is weakened by the absence of a valid SSL certificate and HTTPS support, which is a critical issue. Privacy and terms policies are linked to official ÖBB domains, indicating good compliance practices. Contact information is provided primarily via phone and external contact forms. Overall, the site is professional and trustworthy but requires urgent security improvements.

S

Spotler

flowmailer.net

0

Spotler is a technology company specializing in data driven marketing software with a strong emphasis on transactional email delivery through its SendPro platform. The company holds a reputable market position in the Netherlands, supported by ISO 27001 certification and trusted by a range of clients from small to large enterprises. The website content is professionally presented, targeting businesses requiring reliable and fast transactional email services integrated with marketing automation capabilities. Technically, the site is built on WordPress with multilingual support and uses modern tools like Google Tag Manager and Cloudflare for performance and security. However, the absence of a valid SSL certificate significantly weakens the security posture, exposing the site to risks and reducing trust in secure communications. Privacy compliance is well addressed with clear privacy and cookie policies, though no explicit consent mechanism was detected. Overall, the site demonstrates good business credibility and technical maturity but requires urgent remediation of SSL/TLS issues to enhance security and user trust.

J

J2 Global Canada, Inc.

smtp.com

0

SMTP.com is an enterprise-level email delivery and relay service operated by J2 Global Canada, Inc., a subsidiary of Ziff Davis. The company offers a comprehensive suite of email services including SMTP relay, transactional email, and email API solutions, targeting businesses and developers with high volume and transactional email needs. The website demonstrates a strong market position with over 20 years of industry experience and a focus on deliverability and reputation management. Technically, the site is built on WordPress with Elementor and uses a variety of marketing and analytics tools such as Visual Website Optimizer and Google Tag Manager. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security vulnerability. Additionally, a subdomain takeover vulnerability exists on staging.smtp.com, posing a risk to brand reputation and security. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms in place. Overall, the site presents a professional business front but requires urgent security improvements to protect user data and maintain trust.

I

ION Analytics

inframationnews.com

0

ION Analytics operates a business-focused analytics platform specializing in energy infrastructure data. The website serves primarily as a sign-in portal for business users, indicating a subscription or access-controlled model. The platform is part of the larger ION Group, a known entity in the energy sector. Technically, the website employs modern JavaScript libraries and tracking tools such as Google reCAPTCHA, Hotjar, and Piwik PRO for analytics and user behavior monitoring. However, the site suffers from a critical lack of a valid SSL certificate, exposing users to potential security risks and undermining trust. The absence of privacy and cookie consent mechanisms further weakens its compliance posture. Overall, the website's content is minimal and functional but lacks comprehensive business and security disclosures.

H

Hotels At Home Worldwide, Inc.

hotelsathome.com

0

Hotels At Home Worldwide, Inc. is a global leader in hospitality retail services, specializing in developing and managing branded e-commerce solutions for hotel guests. Their business model focuses on providing turnkey retail programs that include e-commerce technology, concierge-level service, sourcing, creative design, marketing, and logistics. The company serves major hospitality brands worldwide, positioning itself as a key partner in enhancing guest loyalty and brand presence through retail extensions. Technically, the website is built on ASP.NET with jQuery and integrates Google Analytics and Typekit fonts. Hosting is via AWS CloudFront. However, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security and trust issue. Performance metrics are unavailable, but indications suggest slow loading. Mobile optimization and accessibility are basic but present. From a security perspective, while several security headers are implemented, the absence of HTTPS and modern TLS protocols severely undermines the site's security posture. No incident response or security policy information is available, and cookie consent mechanisms are missing, indicating partial privacy compliance. Overall, the site presents a professional business front with good content and clear contact information but suffers from critical security shortcomings that impact trust and compliance. Strategic improvements in SSL deployment, privacy compliance, and security policies are recommended to enhance the site's security and user trust.

F

Förderverein der Meister- und Techniker aus- und -fortbildung im saarländischen Handwerk e.V.

foerderverein-mts.de

0

The Förderverein der Meister- und Techniker aus- und -fortbildung im saarländischen Handwerk e.V. is a small non-profit association dedicated to supporting master craftsman and technician education in the Saarland region of Germany. Their activities include financial support for educational trips, fostering cross-border economic relationships, awarding excellence in master and technician works, marketing support, and lobbying efforts. The website is professionally designed using modern technologies such as Gatsby and React, hosted on Netlify, and provides clear organizational and contact information. However, the site lacks HTTPS security, which is a critical vulnerability. No privacy or cookie consent mechanisms are present, and no advanced security policies or incident response information is disclosed. Overall, the site serves its informational purpose well but requires significant improvements in security and privacy compliance to meet modern standards.

H

Handwerkskammer des Saarlandes

handwerkerforum-saar.de

0

Handwerkerforum Saar is a regional non-profit association affiliated with the Handwerkskammer des Saarlandes, focused on supporting and developing the local crafts and trades community. The website offers information about events, workshops, and networking opportunities aimed at handwerk businesses and apprentices in the Saarland region. The technical infrastructure is based on a custom or proprietary CMS platform with common web technologies such as Bootstrap and jQuery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The cookie consent mechanism indicates some level of GDPR compliance, but no explicit security or incident response policies are present. Overall, the website provides relevant business content but suffers from technical and security shortcomings that should be addressed to improve trust and compliance.

S

Saar-Lor-Lux Umweltzentrum GmbH

saar-lor-lux-umweltzentrum.de

0

The Saar-Lor-Lux Umweltzentrum GmbH is a regional environmental consultancy affiliated with the Handwerkskammer des Saarlandes, focused on providing free and paid environmental and energy consulting services to craft businesses in the Saar-Lor-Lux region. Their key offerings include environmental consulting, energy advice, regional development, and training programs aimed at supporting sustainable business practices and energy efficiency. The website is built on TYPO3 CMS and uses modern JavaScript libraries, with a clear structure and good content quality targeting German-speaking users. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which critically impacts the site's security posture. Privacy compliance is addressed through a visible privacy policy and a consent management platform (Usercentrics), and analytics are handled via a self-hosted Matomo instance with user consent. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration and security best practices to enhance trust and protect user data.

I

Initiative #WirtschaftHilft (BDA, BDI, DIHK, ZDH)

wirtschafthilft.info

0

The website 'WirtschaftHilft' is a collaborative initiative by major German economic associations (BDA, BDI, DIHK, ZDH) aimed at supporting companies and society in managing the impacts of the Russia-Ukraine conflict. It serves as a comprehensive information hub providing resources on humanitarian aid, economic sanctions, reconstruction efforts, and labor market integration for Ukrainian refugees. The platform targets German businesses and stakeholders involved in Ukraine-related economic activities, positioning itself as a central coordination and information point backed by reputable organizations. Technically, the site is built on WordPress 6.8.1 with PHP 8.0.30 and uses plugins such as LayerSlider and Borlabs Cookie for enhanced user experience and privacy compliance. The hosting is managed by United Domains AG. While the site offers rich content, multimedia, and good mobile optimization, its performance is slow and accessibility is basic. SEO practices are adequately implemented. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No modern TLS protocols or security headers are configured, exposing the site to potential risks. However, cookie consent management is robust, and no exposed sensitive data or vulnerable libraries were detected. Overall, the site is professional and trustworthy in content and business credibility but requires urgent security improvements, especially regarding HTTPS implementation, to ensure user safety and compliance with best practices.

V

Verband Deutscher Hidden Champions

verband-deutscher-hidden-champions.de

0

The Verband Deutscher Hidden Champions e.V. (VDHC) is a German-based association representing medium-sized enterprises known as Hidden Champions. The organization focuses on fostering international networking, knowledge exchange, and visibility for its members, who are specialized SMEs with global market presence. The website is professionally designed, content-rich, and targets business leaders and decision-makers within this niche. Technically, the site is built on WordPress with modern plugins for SEO, forms, and cookie management, but lacks a valid SSL certificate, which impacts its security posture negatively. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. However, the absence of HTTPS and modern TLS protocols poses significant security risks. Overall, the site is credible and functional but requires urgent security improvements to protect user data and enhance trust.

B

Bundesverband betriebliche Weiterbildung - Wuppertaler Kreis e.V.

wkr-ev.de

0

The Wuppertaler Kreis e.V. is a German non-profit association representing 52 leading institutes in the business education and continuing professional development sector. Founded in 1955, it serves as a national umbrella organization advocating for workplace learning, qualification, and workforce development. The website reflects a well-structured and content-rich platform targeting business leaders and education providers, offering news, events, and member information. Technically, the site is built on TYPO3 CMS and hosted on a German provider, but suffers from critical security shortcomings due to the absence of HTTPS and a valid SSL certificate. This significantly undermines the security posture despite good content and business credibility. No cookie consent mechanism or advanced privacy compliance features are present, though a privacy policy and terms of service are available. Overall, the site is professional but requires urgent security upgrades to protect user data and improve trust.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 10 security findings identified across all modules.

D

DIHK-Gesellschaft für berufliche Bildung - Organisation zur Förderung der IHK-Weiterbildung gGmbH

dihk-bildungs-gmbh.de

0

DIHK-Bildungs-gGmbH is a German vocational education and training organization affiliated with the IHK and AHK networks, providing a wide range of standardized and innovative training, certification, and examination services. The website reflects a well-structured and content-rich platform targeting IHK and AHK employees as well as individuals seeking professional development. Technically, the site employs modern JavaScript modules, lazy loading, and integrates Matomo analytics and Usercentrics for consent management, hosted on SchlundTech infrastructure. However, the security posture is weakened by an invalid or missing SSL certificate and disabled TLS protocols, which significantly impacts secure communications. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information and partner links are clearly presented, enhancing business credibility.

D

DIHK Service GmbH

dihk-service-gmbh.de

0

DIHK Service GmbH is a project company affiliated with the German Chambers of Industry and Commerce (DIHK), serving as a key partner for IHKs, AHKs, and member companies. The organization focuses on developing and implementing projects that strengthen businesses and provide societal benefits, including workforce development, education, environmental protection, and sustainable business locations. The website reflects a medium-sized government/non-profit entity with a clear business model centered on state-funded projects and partnerships. Technically, the site uses standard web technologies and etracker analytics but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. However, the absence of HTTPS and security headers significantly weakens the security posture. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

P

PIER PLUS

pier-plus.de

0

PIER PLUS is a collaborative platform fostering cooperation among universities and research institutes in the Hamburg metropolitan region. It supports six research profiles and provides news, events, and a members area to facilitate networking and joint research efforts. The website is professionally designed with clear navigation and targets academic and research stakeholders in Hamburg. Technically, the site uses JavaScript libraries such as jQuery and sliders like Swiper and Slick, hosted by the University of Hamburg's computing center. However, the site suffers from a critical security deficiency: it lacks a valid SSL/TLS certificate, resulting in unencrypted HTTP access and no HTTPS enforcement. Additionally, no security headers or cookie consent mechanisms are present, which weakens its security and privacy posture. Analytics are implemented via Piwik (Matomo) and Etracker, indicating moderate user tracking. Overall, while the content and business presentation are excellent, the technical and security implementations require urgent improvements to protect user data and enhance trust.

H

Hamburg Innovation

hamburginnovation.de

0

Hamburg Innovation GmbH is a medium-sized innovation and technology transfer company based in Hamburg, Germany, founded in 2004. It serves as a bridge between academic research and practical application by connecting universities with businesses, policymakers, and society to foster innovation. The company offers consulting, mediation, and coordination services to support knowledge transfer, spin-offs, and new technologies. Technically, the website is built on WordPress with Elementor and Slider Revolution, providing a professional and content-rich user experience. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is clearly provided. The site uses Matomo for analytics, indicating a privacy-conscious approach. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

H

Hamburg Open Online University

hoou.de

0

Hamburg Open Online University (HOOU) is a well-established non-profit educational initiative supported by Hamburg's universities and governmental bodies. It offers a wide range of open educational resources, including podcasts, videos, events, and online learning modules, targeting a broad audience from students to lifelong learners. The platform is built on WordPress with modern technologies and demonstrates good content quality, accessibility, and SEO practices. However, the absence of a valid SSL/TLS certificate is a critical security gap, exposing users to potential risks. The site integrates privacy-conscious analytics (Matomo) and marketing tools (Sendinblue, Brevo) with appropriate consent mechanisms. Overall, HOOU presents a professional and trustworthy educational platform with strong academic partnerships but requires urgent security improvements to protect user data and enhance trust.

H

Hamburg Institute for Innovation, Climate Protection and Circular Economy GmbH

hiicce.de

0

Hamburg Institute for Innovation, Climate Protection and Circular Economy GmbH (HiiCCE) is a specialized institute focused on advancing the circular economy and climate protection through integrated environmental consulting, project development, and research. The organization serves a diverse clientele including corporations, NGOs, government entities, and international organizations, positioning itself as a national and international pioneer in sustainable resource management. The website reflects a professional digital presence built on WordPress with multilingual support and SEO optimization, although performance data is limited. Security posture is weak due to the absence of HTTPS and modern TLS protocols, exposing the site to potential risks. Privacy compliance is strong with comprehensive cookie and privacy policies and consent mechanisms in place. Contact information is clearly presented, enhancing business credibility.

E

ECIU University

eciu.org

0

ECIU University is an international alliance of 13-14 universities focused on innovative education, research, and collaboration to address real-life challenges. The website serves as a platform to engage learners, researchers, and collaborators with news, events, and program information. Technically, the site is built on Webflow with integrations including Google Fonts, Vimeo, Microsoft Forms, and analytics tools like Plausible and Microsoft Clarity. Hosting and CDN services are provided via Cloudflare. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the site's security posture. While security headers and HSTS are configured, the lack of proper TLS protocols and certificate transparency compliance are significant vulnerabilities. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or terms of service detected. Contact information is primarily via web forms and social media, with no direct emails or phone numbers published. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect users and enhance trust.

N

NIT Northern Institute of Technology Management gGmbH

nithh.de

0

NIT Northern Institute of Technology Management gGmbH is a private business school affiliated with the Hamburg University of Technology (TUHH), specializing in MBA and Master's programs focused on Technology Management and Business Analytics & AI. Established in 1998, it serves an international student body with a practice-oriented curriculum and a faculty drawn from global institutions. The website is professionally designed and content-rich, targeting engineers and technology enthusiasts seeking management education. Technically, the site is built on HubSpot CMS and hosted behind Cloudflare, but it suffers from a critical security flaw due to the absence of a valid SSL certificate, resulting in no HTTPS support. Security headers are partially implemented, but modern TLS protocols and session security features are missing. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR indicators. Contact information is clearly provided, enhancing business credibility. Overall, the site offers a strong educational brand presence but requires urgent security improvements to protect user data and trust.

T

Tutech Innovation GmbH

tutech.de

0

Tutech Innovation GmbH is a medium-sized company operating as a technology and knowledge transfer entity, bridging academia and industry primarily in Hamburg, Germany. It is a subsidiary of the Technische Universität Hamburg and the Free and Hanseatic City of Hamburg, with over 30 years of experience. The company offers services including research management, intellectual property management, startup support, consulting, and educational seminars through its Tutech Academy. The website is professionally designed using WordPress and Elementor, featuring comprehensive content targeted at scientific, economic, and societal stakeholders. Technically, the site uses modern web technologies but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. Security headers are minimal, and no advanced security policies or incident response information is publicly available. Privacy compliance is well addressed with a comprehensive privacy policy and cookie policy, and Matomo analytics is used with privacy considerations. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and enhance trust.

F

Forschungsfabrik Mikroelektronik Deutschland

fmd-insight.de

0

FMD.insight is a specialized news platform operated by the Forschungsfabrik Mikroelektronik Deutschland, focusing on microelectronics research and innovation in Germany. It provides news, interviews, tutorials, and a virtual showroom to engage its target audience of researchers and industry professionals. The website is built on WordPress and uses various plugins including Matomo for analytics. While the content quality and user experience are good, the site lacks HTTPS support, which is a critical security deficiency. No cookie consent mechanism is present despite the use of tracking analytics, indicating partial privacy compliance. Contact information is available but email is obfuscated to prevent scraping. Overall, the site is professional but requires urgent security improvements.

I

Insany Design

insanydesign.com

0

Insany Design is a Brazilian design, technology, and innovation studio established in 2016, specializing in enhancing digital presence for brands through web development, e-commerce, and digital product solutions. The company positions itself as a creative and technical partner for businesses seeking to transform their digital experiences. The website reflects a professional and consistent brand image with extensive case studies and client logos, targeting businesses looking for innovative digital solutions. Technically, the site is built on modern frameworks such as Next.js and hosted on Vercel, utilizing React and other contemporary technologies. However, the site suffers from a critical security issue due to an invalid SSL certificate and lack of modern TLS protocol support, which undermines user trust and security. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. Overall, the site is content-rich and professionally designed but requires urgent security and privacy improvements to meet industry standards.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 12 security findings identified across all modules.

K

Kommo

amocrm.com

0

Kommo (amocrm.com) is a technology company providing a cloud-based CRM platform focused on sales automation through messaging apps such as WhatsApp, Instagram, and SMS. The platform targets small businesses and entrepreneurs globally, offering a comprehensive suite of tools including customizable sales pipelines, unified chat inbox, AI-powered chat management, and sales automation bots. The website demonstrates a strong market position with extensive customer testimonials, case studies, and partner badges, indicating a mature and trusted brand in the CRM space. Technically, the site leverages modern JavaScript frameworks, Cloudflare CDN, and integrates multiple third-party marketing and analytics tools. However, a critical security weakness is the invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies, consent mechanisms, and GDPR alignment. Overall, the site is professional and user-friendly but requires urgent remediation of SSL/TLS issues to ensure secure user interactions and maintain trust.

S

Start EAD

startmoodle.com

0

Start EAD is a Brazilian SaaS platform offering a fully customizable virtual store integrated with the Moodle LMS for online course sales and management. The platform targets content creators, educators, and entrepreneurs seeking control over their EAD projects without high platform commissions. Technically, the site is built on WordPress with Elementor and uses various plugins for SEO and marketing. However, the site lacks HTTPS, which severely impacts its security posture. Marketing tools like Facebook Pixel and Google Tag Manager are used, but privacy and cookie policies are absent, indicating compliance gaps. Overall, the business presents a professional front with good content and user experience but requires urgent security and privacy improvements.

S

Start EAD

startead.com.br

0

Start EAD is a Brazilian SaaS platform focused on providing a comprehensive and customizable online course store integrated with the Moodle LMS. It targets content creators, educators, and entrepreneurs in the distance learning market, offering automated enrollment, payment integration, and technical support. The website is built on WordPress using Elementor and Astra theme, with modern UI elements and social media integration. However, the site lacks a valid SSL certificate, serving content over HTTP, which significantly impacts its security posture. No privacy or cookie policies were found, indicating potential compliance gaps. The business presents clear subscription plans and customer testimonials, reflecting moderate trustworthiness and professionalism.

Security assessment completed with an overall score of 50/100 (unknown risk). Total of 12 security findings identified across all modules.

J

Just a moment...

toubiz.de

0

The website toubiz.de is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page that blocks access to actual content. As a result, no business information, contact details, or policy documents are available for analysis. The site lacks a valid SSL/TLS certificate, which severely impacts its security posture and trustworthiness. The technical infrastructure relies on Cloudflare for hosting and security, but the absence of HTTPS and modern TLS protocols is a critical vulnerability. Analytics are limited to Cloudflare Insights with minimal tracking. Overall, the site is not usable for end users in its current state, and the lack of content prevents meaningful SEO, accessibility, or privacy compliance evaluation.

I

IXOPAY GmbH

ixopay.com

0

IXOPAY GmbH is a medium-sized enterprise based in Austria specializing in enterprise payment orchestration and tokenization solutions. The company offers a comprehensive platform designed to improve authorization rates, streamline PCI compliance, and unify payment data for merchants and enterprises globally. Their business model focuses on providing modular payment services and connectivity to multiple payment processors, targeting B2B clients in finance and technology sectors. The website demonstrates strong branding consistency, professional content, and trust indicators such as client testimonials and social media presence. Technically, the website leverages modern JavaScript technologies, integrates third-party services like Sentry for error tracking, ChiliPiper for lead routing, and TokenEx for tokenization. It is hosted behind Cloudflare, which provides DNS and CDN services. However, performance is currently slow, and accessibility is basic. SEO optimization is good with proper meta tags and structured data. From a security perspective, while the website implements several important HTTP security headers and secure cookie attributes, it suffers from a critical SSL/TLS misconfiguration with no valid certificate and no enabled TLS protocols. This severely impacts the security posture and trustworthiness of the site. Privacy compliance is generally good with a comprehensive privacy policy and GDPR indicators, but no explicit cookie consent mechanism was detected. Overall, IXOPAY presents a professional and credible business front with strong technical foundations but requires urgent remediation of SSL/TLS issues to ensure secure and trusted operations. Strategic improvements in performance and privacy consent mechanisms would further enhance their digital maturity.

G

Grover Deutschland GmbH

getgrover.com

0

Grover Deutschland GmbH operates a leading e-commerce platform specializing in flexible monthly rentals of consumer electronics, including smartphones, laptops, cameras, gaming consoles, and smart home devices. The company emphasizes sustainability by promoting reuse and reducing electronic waste through its rental model. Their market position is strong in Germany and select European countries, supported by a comprehensive product catalog and partnerships with major tech brands. Technically, the website is built on modern frameworks like Next.js and React, hosted on Cloudflare, and integrates various marketing and analytics tools such as Datadog, Braze, and Intercom. Security measures include HTTPS with strong headers, though improvements like enabling HSTS preload and DNSSEC are recommended. Privacy compliance is robust with clear policies and consent mechanisms. Overall, Grover presents a professional, trustworthy, and user-friendly digital presence with a solid security posture.

F

freenet DLS GmbH

mobilcom-debitel.de

0

Freenet DLS GmbH operates mobilcom-debitel.de, a major German telecommunications retail website offering mobile tariffs, devices, and related services. The company targets German consumers seeking mobile phone plans and devices, positioning itself as a comprehensive provider with a broad product portfolio. The website demonstrates a mature digital infrastructure leveraging Cloudflare CDN, modern JavaScript libraries, and personalization tools like Kameleoon. Security posture is strong with HTTPS, valid SSL certificates, SPF and DMARC email protections, and secure cookie settings, though some improvements are recommended such as enabling HSTS in SSL config and adding CSP headers. Privacy compliance is moderate due to the absence of explicit privacy and cookie policies or consent mechanisms. Overall, the site is professional, well-branded, and trustworthy with good SEO and user experience.

E

Endosane Pharmaceuticals GmbH

endosane.com

0

Endosane Pharmaceuticals GmbH is a small healthcare-focused biopharmaceutical company specializing in innovative mental health treatments targeting the endocannabinoid system. Founded in 2021 and based in Berlin, Germany, the company leverages deep neuroscience insights to address unmet needs in psychiatric disorders such as schizophrenia and PTSD. Their business model centers on research and clinical trial development, positioning them as a niche innovator in mental health therapeutics. The website reflects a professional and consistent brand presence with clear navigation and relevant content aimed at patients, healthcare professionals, investors, and caregivers. Technically, the site is built on Squarespace using common web libraries like jQuery and Popper.js, but suffers from slow performance and lacks advanced analytics or marketing tracking. Security posture is weak due to the absence of a valid SSL certificate and modern TLS protocols, exposing the site to risks and undermining user trust. Privacy compliance is basic, with a privacy policy and cookie banner present but no GDPR-specific indicators or terms of service. Contact information is provided via a physical address and a contact form with captcha protection, but no verified company emails or phone numbers are listed. Overall, the site is functional and informative but requires significant improvements in security and compliance to enhance trust and protect user data.

V

Vayamed GmbH

avaay.de

0

avaay.de represents a premium medical cannabis provider operating under Vayamed GmbH, part of the Sanity Group. The company focuses on delivering high-quality, natural cannabis products for patients and medical professionals, emphasizing pharmaceutical standards and sustainable cultivation. The website is well-structured, professionally designed, and optimized for SEO and mobile use, reflecting a mature digital presence. Technically, the site leverages WordPress with WooCommerce and Oxygen Builder, supported by Cloudflare CDN and multiple marketing and analytics tools with consent management, indicating a modern and compliant infrastructure. Security posture is solid with HTTPS, valid SPF and DMARC records, and security headers, though improvements in HSTS and DNSSEC could enhance protection. Overall, avaay.de demonstrates a high level of business credibility, privacy compliance, and technical sophistication, positioning it well in the healthcare e-commerce market.

V

Vayamed GmbH

vayamed.com

0

Vayamed GmbH operates as a specialized healthcare provider focusing on medical cannabis therapies, offering high-quality, natural cannabinoid products and expert consultation services primarily to patients, doctors, and pharmacists in Germany. The company is part of the larger Sanity Group, positioning itself as a reputable player in the medical cannabis market with a medium-sized business footprint. Their digital presence is built on WordPress with WooCommerce, integrating modern marketing and consent management tools. However, the website lacks a valid SSL certificate, which critically impacts its security posture. While security headers are partially implemented, the absence of HTTPS and modern TLS protocols exposes the site to significant risks. Privacy compliance is well addressed with clear cookie consent mechanisms and a comprehensive privacy policy. Contact information is prominently displayed, enhancing business credibility. Overall, the site demonstrates good content quality and SEO practices but requires urgent security improvements to protect user data and maintain trust.

V

vaay

vaay.com

0

vaay is a German-based e-commerce company specializing in high-quality CBD and hemp-derived products. The company operates under Sanity Care GmbH and maintains a strong market position by focusing on product quality, transparency, and customer education. Their product range includes CBD oils, vape pens, sleep sprays, active gels, massage oils, and bath bombs, targeting wellness and lifestyle consumers. The website is professionally designed, mobile-optimized, and provides clear navigation and comprehensive content in German with some English options. Technically, vaay leverages Shopify as its platform, enhanced with various marketing, analytics, and customer support tools such as Klaviyo, Usercentrics, Reamaze, and Littledata. Security measures include valid SSL, strong security headers, and secure cookie practices, although HSTS could be further strengthened. Privacy compliance is robust with clear policies and consent mechanisms. Overall, vaay demonstrates a mature digital presence with good security posture and privacy awareness, making it a trustworthy and professional online retailer in the CBD sector.

T

THE LÄB - How to LÄND and EXPÄND in Germany

the-laeb.de

0

THE LÄB is a technology-focused startup accelerator based in Karlsruhe, Germany, serving as the international orientation of the CyberLab Startup Accelerator. It supports startups primarily in the IT sector with mentoring, networking, and market entry assistance, targeting international entrepreneurs aiming to establish and expand in Germany, especially in the Baden-Württemberg region. The website is built on Squarespace and hosted by Squarespace, featuring a professional design and good content quality. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are partially implemented, but modern TLS protocols and advanced security features are missing. Privacy compliance is addressed with a privacy policy and cookie consent banner, though terms of service and security policies are absent. Contact information is clearly provided, including email, phone, physical address, and an embedded contact form. The site links to multiple partner and supporting organizations, reinforcing its credibility and network strength.

C

CyberForum Akademie

scaleup-leadership.de

0

The website scaleup-leadership.de represents the Scale-up Leadership program, a coaching and leadership development initiative targeted at startups transitioning to scale-ups, primarily in the technology sector in Germany. The program is organized by the CyberForum Akademie and funded by the L-Bank, positioning itself as a key player in European high-tech entrepreneurial networks. The site provides detailed program information, testimonials, and contact options including an external Microsoft Forms application form. Technically, the site is built on Squarespace CMS with standard fonts and assets, but critically lacks HTTPS support, exposing users to security risks. Privacy compliance is addressed with a cookie banner and a privacy policy in German, but no terms of service or explicit security policies are found. Overall, the site offers good content quality and user experience but suffers from a poor security posture due to missing SSL and security headers.

B

Bertelsmann

createyourowncareer.com

0

CreateYourOwnCareer.com is a career portal operated under the Bertelsmann group, a large multinational media and services conglomerate founded in 1835. The website provides comprehensive career-related content including job listings, graduate programs, internships, and networking events targeting students, graduates, and professionals. The site is built on TYPO3 CMS and hosted via Arvato Systems, reflecting a mature technical infrastructure with modern content management but lacking in SSL/TLS security. While the site includes cookie consent mechanisms and uses Google Analytics and Tag Manager for tracking, it lacks a valid HTTPS configuration, which is a critical security deficiency. The site demonstrates good content quality, branding consistency, and professional design, but the absence of HTTPS and related security best practices significantly lowers its security posture and overall trustworthiness.

A

AGRALE S.A

agrale.com.br

0

Agrale S.A is a well-established Brazilian manufacturer specializing in tractors, trucks, buses, utility vehicles, and engines with over 50 years of market presence. The company operates primarily in the transportation sector, serving agricultural, commercial, and industrial clients through a broad dealer and service network. Their website reflects a solid business model focused on manufacturing and after-sales services, targeting national and regional markets in Brazil. The site content is relevant and professionally presented, supporting the company's market position as a national leader. Technically, the website uses an older technology stack including jQuery 1.7.1 and Apache server on Ubuntu, hosted via Embratel Cloud DNS infrastructure. While the site includes Google Maps integration and FontAwesome icons, it lacks modern CMS or frameworks and shows signs of technical debt such as outdated libraries and missing HTTPS support. Performance and mobile optimization are basic, with room for improvement in SEO and accessibility. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, severely impacting its security posture. No advanced security headers or mechanisms like HSTS or OCSP stapling are implemented. The site uses standard security headers but misses critical protections and vulnerability disclosures. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is uncertain. No incident response or security policy pages were found. Overall, the website is functional and business-credible but requires urgent security improvements, especially enabling HTTPS and updating outdated technologies. Strategic recommendations include implementing a valid SSL certificate, enhancing security headers, publishing vulnerability disclosure policies, and modernizing the technical stack to improve performance, security, and compliance.

A

Acrilys

acrilys.com.br

0

Acrilys is a Brazilian manufacturing company specializing in plastic technologies, particularly injection molding and vacuum forming with proprietary tooling. The company emphasizes sustainability and ecological awareness, investing in people and technology to deliver innovative and efficient solutions. Their market position is strengthened by certifications such as ISO 9001:2015 and IATF 16949:2016, indicating a commitment to quality and automotive industry standards. The website targets industrial clients and businesses requiring plastic manufacturing services, primarily in Brazil. Technically, the website is built on Webflow CMS, hosted and served via Cloudflare, and uses modern web fonts and libraries. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security flaw. The presence of a cookie consent mechanism and privacy policy indicates some privacy compliance, though GDPR compliance is not fully evident. Overall, the security posture is weak due to missing SSL and lack of incident response information. The website is professionally designed with good content quality and navigation but requires urgent security improvements to protect user data and enhance trust.

Aerolux is a small Brazilian business specializing in road signaling products for the Brazilian market. The website is currently a 'Coming soon' placeholder with minimal content, indicating the business is either new or preparing for a launch. The site targets businesses or entities needing road signaling solutions in Brazil. Technically, the site is built using Hostinger Website Builder and the Astro framework, hosted on Hostinger's GCP infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are partially implemented, but key security features like TLS protocols and OCSP stapling are missing. Privacy and cookie policies are absent, and no incident response or vulnerability disclosure information is provided. Overall, the site demonstrates basic digital maturity but requires significant improvements in security and compliance to build trust and protect user data.