Security Directory

D

dm drogerie markt

dm-drogeriemarkt.at

0

dm drogerie markt is a leading retail company in Austria specializing in drugstore products with a strong online presence. The website serves as a platform for product search, store availability, and customer engagement, targeting Austrian consumers. The technical infrastructure leverages modern JavaScript frameworks and integrates multiple third-party services for analytics, marketing, and user consent management. However, the website currently lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security concern. Security headers are well implemented, but the absence of HTTPS severely impacts the overall security posture. Privacy compliance is minimal with no detected privacy or cookie policies in the provided content. Business credibility is strong given the consistent domain registration and professional website design.

W

Wilhelm Schwarzmüller GmbH

schwarzmueller.com

0

Wilhelm Schwarzmüller GmbH operates as one of Europe's largest providers of towed commercial vehicles, specializing in manufacturing and servicing premium transport solutions tailored to various industries such as construction, logistics, and tank transport. The company maintains a strong market position with a broad portfolio of over 150 vehicle types and a commitment to quality, evidenced by ISO certifications and industry awards. Their digital presence is robust, featuring multilingual support, active social media channels, and comprehensive customer service offerings including telematics and rental services. Technically, the website is built on WordPress with modern frameworks and SEO optimizations, although it lacks HTTPS encryption, which is a significant security concern. The security posture is weak due to the absence of SSL/TLS, HSTS, and other critical security headers, exposing users to potential risks. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding, detailed contact information, and trust signals. Strategic improvements in security infrastructure are essential to enhance trust and protect user data.

S

SanLucar Fruit S.L.U.

sanlucar.com

0

SanLucar Fruit S.L.U. is a well-established company specializing in fresh fruits, vegetables, and related products, with a strong emphasis on quality, sustainability, and natural health benefits. The website reflects a mature digital presence with comprehensive product categories, corporate responsibility initiatives, and multilingual support targeting consumers and business partners globally. Technically, the site is built on WordPress with modern plugins and a reputable theme, offering good SEO and user experience. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to potential risks and undermining trust. Privacy policies and cookie consent mechanisms are present and appear GDPR compliant, supporting responsible data handling. Overall, while the business and content quality are high, urgent improvements in SSL/TLS implementation are necessary to enhance security and user trust.

LKH Graz II is a large healthcare provider operating multiple hospital locations in and around Graz, Austria. The organization focuses on delivering high-quality medical and human care services to patients while also serving as a significant regional employer. The website serves as an information portal for patients, partners, and staff, providing access to services, news, and contact information. Technically, the site is built on TYPO3 CMS and uses Matomo for analytics, with a cookie consent mechanism compliant with GDPR. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall, exposing users to potential risks. The site also suffers from slow load times and lacks modern security headers, which should be addressed promptly to improve security posture and user trust.

The website for thesteel.com is currently inaccessible due to geographic blocking implemented by an Amazon CloudFront distribution, resulting in a 403 error page. This prevents access to any meaningful content, metadata, or business information. The domain is registered and uses AWS infrastructure with Microsoft Outlook for email services, indicating some level of legitimate setup. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken the security posture. No privacy, cookie, or terms of service policies are present, and no contact information or business details are available on the site. Overall, the website's digital maturity is low, with poor content quality and minimal technical implementation visible due to blocking.

The website for dow.com is currently inaccessible, returning an error page indicating a possible CDN or WAF blocking or server-side issue. Dow is a large multinational company operating primarily in the energy, manufacturing, and chemical sectors, serving industrial clients and business partners. The domain registration data is consistent with the company's identity and history, confirming legitimacy. However, the website lacks a valid SSL certificate and HTTPS support, which severely impacts its security posture. No privacy, cookie, or terms of service policies are detectable, and no contact information or social media links are present in the accessible content. The technical infrastructure appears to rely on Akamai CDN and Microsoft Outlook for email services, but the website performance is slow and minimal resources are loaded. Overall, the site is currently not usable for end users or business interactions due to the error page and lack of security features.

The website justiz-marketing.com currently serves as a minimal redirect page with no substantive content, metadata, or business information. The domain is mature, registered since 2015 with GoDaddy, and shows strong domain protection status. However, the lack of HTTPS support and absence of any meaningful website content or contact details significantly reduce the site's credibility and security posture. Technically, the site lacks modern security practices such as SSL/TLS encryption, security headers, and DNSSEC. There are no privacy or cookie policies, which impacts GDPR compliance and user trust. Overall, the website appears underdeveloped or possibly in a staging state, limiting its business and security effectiveness.

K

KEYENCE CORPORATION OF AMERICA

keyence.com

0

KEYENCE CORPORATION OF AMERICA operates a comprehensive and professionally designed website focused on industrial automation products including sensors, machine vision systems, and measuring instruments. The company is positioned as a leading enterprise in the manufacturing and technology sectors, targeting industrial and factory automation professionals. The website demonstrates strong branding, clear navigation, and extensive product information, supported by a mature domain and consistent WHOIS data. Technically, the site uses Apache server technology, jQuery, and Akamai CDN, with modern marketing and analytics tools such as Google Tag Manager and Cookiebot for privacy compliance. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, significantly impacting the security posture score. Privacy policies and cookie consent mechanisms are well implemented, reflecting good compliance with GDPR standards. Overall, the site is trustworthy and professional but urgently requires SSL implementation to enhance security and user trust.

MBM Intellectual Property Law LLP is a Canadian intellectual property law firm providing services such as patents, trademarks, copyright protection, and litigation. The firm targets Canadian and international clients and operates multiple offices across Canada. The website content reflects a professional legal service provider with a moderate market position in the IP law sector. Technically, the website is built on outdated Joomla 1.7 CMS and PHP 5.5.9, lacks HTTPS encryption, and shows no evidence of modern security or privacy compliance practices. Security posture is weak due to missing SSL, outdated software, and lack of security headers. Privacy compliance is poor with no visible privacy or cookie policies. Overall, the website presents moderate business credibility but requires urgent technical and security improvements to protect client data and enhance trust.

THQ Nordic GmbH is a global video game publisher and developer founded in 2011, operating primarily in the media industry with a focus on video game publishing, development, and sales. The company maintains a strong market position with multiple subsidiaries and a broad portfolio of game titles, targeting gamers, content creators, and trade partners. The website reflects a professional business model with clear navigation, consistent branding, and a comprehensive online presence including an online store and limited print runs. Technically, the site is built on Drupal 9 with modern front-end libraries and integrates Google Analytics for user tracking. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. Security headers are present but insufficient to compensate for the lack of encryption. Privacy compliance is well addressed with a cookie consent mechanism and clear privacy and terms of service pages. The WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

L

Linz Center of Mechatronics GmbH

lcm.at

0

Linz Center of Mechatronics GmbH (LCM) is a medium-sized Austrian research and development service provider specializing in mechatronics and manufacturing technologies. The company supports medium and large enterprises in sectors such as machinery, automotive, and medical technology by integrating scientific research into practical, economically viable solutions. Their services include integrated hydraulic and electrical drive systems, vibration technology, Industrial IoT, measurement services, and transformation consulting. The website is professionally designed, multilingual, and targets industrial clients seeking innovation and sustainability improvements. Technically, the site runs on WordPress with the Divi theme and includes modern SEO and multilingual plugins, but suffers from slow load times and lacks a valid SSL certificate, which impacts security posture. Security measures include GDPR-compliant cookie consent and captcha-protected contact forms, but the absence of HTTPS and security headers are critical vulnerabilities. Overall, LCM presents a credible and professional digital presence aligned with its business objectives, but should urgently address SSL and security header issues to improve trust and compliance.

C

Home Page - ContourGlobal

contourglobal.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 25 security findings identified across all modules.

D

Dr. Thomas Schneider

dr-thomas-schneider.com

0

Dr. Thomas Schneider operates a specialized medical practice focused on prevention, sports medicine, occupational and traffic medicine in Lauf a.d.P., Germany. The website presents a comprehensive range of healthcare services targeting health-conscious individuals, athletes, and local businesses. The practice emphasizes holistic health coaching, orthomolecular medicine, and complementary therapies such as acupuncture and chiropractic care. Technically, the site is built on TYPO3 CMS with common JavaScript libraries like jQuery and Slick Carousel, hosted likely by Ionos. However, the website suffers from critical security shortcomings, notably the absence of HTTPS and a valid SSL certificate, exposing visitors to potential risks. Privacy compliance is minimal, with no cookie consent mechanisms or detailed GDPR indicators. Overall, the site is professionally designed and content-rich but requires urgent security and privacy improvements to meet modern standards.

H

Hirtenberger Defence Systems

hirtenberger.com

0

Hirtenberger Defence Systems is a medium-sized manufacturing company specializing in the development and production of mortar systems and related defense technologies. The company operates globally, targeting military and defense sector customers with a comprehensive product range including mortar ammunitions, weapon systems, and auxiliary equipment. The website reflects a professional business presence with consistent branding and good content relevance, though it lacks some advanced features such as detailed contact information and comprehensive privacy compliance mechanisms. Technically, the website is built on WordPress using the Divi theme and incorporates SEO tools like Rank Math. However, the site suffers from slow load times and basic mobile optimization. The hosting provider is hosttech.at, and the DNS setup is standard without advanced security features like DNSSEC or CAA records. From a security perspective, the website has critical shortcomings including the absence of a valid SSL certificate, lack of HTTPS support, and missing security headers. These issues significantly reduce the security posture and expose the site to potential risks. Privacy compliance is minimal, with a basic privacy policy present but no cookie consent mechanism or GDPR compliance indicators. No incident response or vulnerability disclosure information is available, which may impact trust and security readiness. Overall, the website is functional and presents the business adequately but requires urgent improvements in security and privacy compliance to enhance trustworthiness and protect user data. Strategic recommendations include implementing HTTPS, enabling security headers, and establishing clear privacy and incident response policies.

I

ISG

isg-one.com

0

ISG is a global AI-centered technology research and IT advisory firm providing comprehensive sourcing, benchmarking, governance, and research services to enterprise clients. The company positions itself as a leader in AI-driven technology advisory, offering SaaS platforms to govern third-party relationships and benchmark IT landscapes. The website content is professionally designed, rich in relevant business information, and targets enterprises seeking operational excellence through technology. Technically, the site employs modern JavaScript frameworks and integrates multiple third-party services, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security posture. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. Social media presence is strong, enhancing trust and engagement. However, the absence of direct contact emails or phone numbers limits immediate contact options.

G

Grassfish

grassfish.com

0

Grassfish is a mature and established digital in-store platform and consulting company headquartered in Sweden, with additional presence in Austria. The company offers a comprehensive suite of digital signage and customer experience solutions tailored for retail brands and stores, positioning itself as the leading digital in-store platform in Europe trusted by over 500 brands. Their business model combines a SaaS platform with strategic, technical, and operational consulting services, targeting brands seeking to enhance their physical retail environments with digital innovation. Technically, the website is built on WordPress, leveraging modern web technologies and CDNs for content delivery, but currently suffers from critical SSL/TLS misconfigurations that undermine secure communications. The security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocols, posing significant risks to data confidentiality and user trust. Privacy compliance is well addressed with clear cookie consent mechanisms and comprehensive privacy policies aligned with GDPR requirements. Overall, while the business and content quality are excellent, the critical security gaps notably reduce the website's trustworthiness and require urgent remediation. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS protocols, and enhancing security headers and session management to safeguard user data and maintain compliance.

K

Kempinski Hotels

kempinski.com

0

Kempinski Hotels is a well-established luxury hospitality brand offering five-star hotels and resorts worldwide. The website reflects a mature and professional digital presence with comprehensive content targeting luxury travelers and business clientele. The brand emphasizes direct booking, loyalty programs, and a rich portfolio of global destinations. Technically, the site uses modern frameworks such as Next.js and React, hosted behind Cloudflare, ensuring good performance and mobile optimization. However, a critical security gap exists due to the absence of SSL/TLS certificates, severely impacting the security posture. While security headers are properly configured, the lack of HTTPS undermines user trust and data protection. Privacy and legal policies are comprehensive and GDPR compliant, but no cookie consent mechanism was detected. Overall, the site is professional and credible but requires urgent security improvements to protect user data and maintain trust.

W

WunderLand Group

wunderlandgroup.com

0

WunderLand Group is a mature, medium-sized staffing solutions firm specializing in digital, creative, and marketing workforce services. The company offers a broad range of expertise including UX design, content editing, front-end development, and project management. Their market position is supported by strong client and consultant testimonials and industry awards such as the Best of Staffing®. Technically, the website is built on WordPress with Elementor and uses a variety of modern JavaScript libraries and marketing tools, hosted on WP Engine with Cloudflare CDN. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks and undermining trust. Privacy compliance is partially addressed with a cookie consent mechanism, but GDPR compliance is not clearly demonstrated. Overall, the business credibility is solid, but the security weaknesses require urgent remediation.

C

CRIF Österreich

crif.at

0

CRIF Österreich operates as a leading provider of credit and risk management solutions, serving both businesses and private individuals primarily in Austria but also internationally. The company offers a broad portfolio including creditworthiness assessments, compliance, ESG risk management, identity management, and marketing services. The website reflects a mature enterprise with consistent branding and comprehensive content tailored to its target audience. Technically, the site uses modern JavaScript libraries and frameworks such as jQuery, Bootstrap, and Swiper.js, alongside Matomo analytics and Usercentrics for consent management. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are well implemented, indicating good GDPR compliance. Overall, the site is professional and trustworthy but requires urgent security improvements.

Wind Tre S.p.A. is a major Italian telecommunications operator offering a comprehensive range of services including mobile telephony, fiber and fixed internet, energy supply, and insurance products. The company targets both private consumers and business customers in Italy, positioning itself as a one-stop provider for connectivity, energy, and insurance needs. The website reflects a mature, well-established enterprise with a strong brand presence and extensive service offerings. Technically, the site is built on Adobe Experience Manager with integrations of Adobe Target and Google Tag Manager for marketing and analytics. However, the main domain lacks a valid SSL/TLS certificate and does not support HTTPS, which is a significant security concern. The site includes comprehensive legal, privacy, and cookie policies, demonstrating good privacy compliance and transparency. Contact information is clearly provided, including verified company emails, phone numbers, and social media channels. Overall, the security posture is basic due to missing HTTPS and related configurations, but the business credibility and content quality are high.

The website allianz.co.uk is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any substantive content, including business descriptions, contact information, or policy documents. The domain is mature, registered since 1999, and associated with a reputable registrar, indicating legitimacy. However, the lack of a valid SSL certificate and HTTPS support is a critical security flaw. The presence of multiple security headers is positive but overshadowed by the SSL misconfiguration. Overall, the site’s digital maturity and security posture cannot be fully assessed due to access restrictions, resulting in a low AI score and limited insights.

C

CP BAP

bankseminar.eu

0

CP BAP is a consulting company specializing in financial services and related sectors, offering tailored consulting, IT solutions, and blended learning services. The company positions itself as a trusted partner with a focus on sustainable success and regulatory compliance. The website is professionally designed with good content quality and SEO optimization, targeting financial institutions such as banks and IT service providers. Technically, the site is built on WordPress with Elementor and uses various plugins for search and cookie management. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with GDPR-compliant policies and cookie consent mechanisms. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and enhance trust.

W

Weitzer Parkett Vertriebs GmbH

weitzer-parkett.com

0

Weitzer Parkett Vertriebs GmbH is a well-established Austrian family-owned manufacturer and distributor of parquet flooring and wooden stairs, with a history dating back to 1831. The company holds a leading market position in Austria and is recognized as one of the top parquet manufacturers in Europe. Their product portfolio includes innovative parquet solutions such as Pflegefrei-Parkett, Gesund-Parkett, and Flüster-Parkett, emphasizing sustainability and ecological responsibility. The website reflects a mature digital presence with comprehensive product information, multi-language support, and strong branding consistency. Technically, the website is built on WordPress with WooCommerce, utilizing modern libraries and plugins such as jQuery, Slick Slider, and Borlabs Cookie for cookie management. It is hosted behind Cloudflare, providing CDN and security services. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, impacting user trust and data protection. The site implements GDPR-compliant privacy and cookie policies with explicit consent mechanisms. From a security perspective, while the site benefits from Cloudflare's protection and uses reCAPTCHA on forms, the lack of HTTPS and modern TLS protocols, as well as missing security headers like HSTS, reduce its security posture. No explicit security policy or incident response information is found, which could be improved to enhance transparency and readiness. Overall, the website is professional, content-rich, and business-credible but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include implementing a valid SSL certificate, enabling HTTPS, and enhancing security headers and protocols.

7

7LYTIX GMBH

7lytix.com

0

7LYTIX GMBH is a mature Austrian AI software company specializing in Action Intelligence solutions that optimize business processes such as predictive maintenance, supply chain management, and intelligent personalization. Recently acquired by the KEBA Group, 7LYTIX targets medium to large enterprises in manufacturing, retail, logistics, finance, and media sectors. The website reflects a professional and consistent brand presence with clear business information and customer trust indicators. Technically, the site uses modern JavaScript libraries and frameworks like Bootstrap and jQuery, with analytics implemented via Google Analytics and Matomo. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which significantly impacts its security posture. Privacy and cookie policies are present but basic, and no explicit security or incident response policies are found on the site. Overall, the business credibility is strong, but the security configuration requires urgent improvement to protect user data and maintain trust.

F

Flowserve Corporation

flowserve.com

0

Flowserve Corporation is a global enterprise specializing in manufacturing and servicing industrial flow control products such as pumps, valves, seals, and actuators. The company serves critical industries including energy, chemicals, water management, and oil & gas, positioning itself as a market leader with a comprehensive product portfolio and strong brand presence. The website reflects a mature digital infrastructure built on Drupal 10, with modern front-end technologies and multi-language support, indicating a high level of digital maturity and user experience focus. Security posture is mixed; while security headers and policies are well implemented, the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which poses a significant risk to secure communications. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to improve security and user trust.

dsm-firmenich is a leading global innovator in nutrition, health, and beauty, formed by the combination of two major companies. The website presents a comprehensive and professional digital presence with detailed information about their business units, sustainability efforts, and investor relations. The technical infrastructure is modern, leveraging Adobe Experience Manager CMS and marketing tools such as Marketo and Adobe Helix RUM. However, a critical security gap exists due to the absence of a valid SSL certificate, which undermines the security posture and trustworthiness of the site. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, the website is content-rich and professionally designed but requires urgent security improvements to meet industry standards.

W

Weingut Michael Schroth

weingut-schroth.de

0

Weingut Michael Schroth is a small regional winery located in Grünstadt-Asselheim, Germany, specializing in a variety of wines including Winzersekt, Chardonnay, and Riesling. The website serves primarily as a digital presence showcasing the winery's offerings and regional identity. The business model focuses on wine production and sales targeted at wine consumers interested in the Pfalz region's specialties. Technically, the website uses basic HTML, CSS, JavaScript, and Adobe Typekit fonts, with jQuery for scripting. Hosting appears to be provided by Ionos, but the site suffers from slow load times and minimal mobile optimization. Security posture is weak, with no SSL/TLS certificate, no HTTPS, and absence of security headers or DNS security features. Privacy and compliance policies are missing, and no contact information is provided on the landing page, limiting user trust and regulatory compliance. Overall, the site is functional but lacks modern security and privacy standards, which poses risks to visitors and the business's credibility.

The Cheeky Crow Massage Co. operates an e-commerce storefront focused on massage-related services or products, hosted on the Big Cartel platform. The website is currently in maintenance mode, providing minimal content and no direct contact or policy information. Technically, the site uses Cloudflare for CDN and security headers are present; however, the lack of a valid SSL certificate means HTTPS is not properly enabled, severely impacting security and trust. Privacy and cookie policies are absent, and no contact details are provided, limiting user trust and compliance. Overall, the site is a small business with basic digital presence but requires significant improvements in security and compliance to meet modern standards.

F

Festspielhaus St. Pölten

festspielhaus.at

0

Festspielhaus St. Pölten is a prominent cultural venue in Austria specializing in dance, music, and architectural events. The website serves as a comprehensive platform for event information, ticket sales, subscriptions, and educational programs, targeting a diverse audience including families, schools, and cultural enthusiasts. The business is well-positioned regionally with a strong brand presence and partnerships with local institutions. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, but suffers from slow load times and lacks a valid SSL certificate, impacting security and user trust. The security posture is basic with no advanced headers or HTTPS, though privacy compliance is well addressed with detailed cookie and privacy policies. Overall, the site is professional and content-rich but requires urgent security improvements to enhance trust and compliance.

I

IOSBET

shelfsailor.com

0

The website shelfsailor.com operates as an online slot gaming platform branded as IOSBET, targeting the Indonesian market. It offers online slot games with a system designed to increase winning chances daily. The site positions itself as a new entrant in the online gaming sector with a focus on Indonesian users, leveraging affiliate partnerships with established e-commerce platforms like Lazada. The business model revolves around online gaming services with promotional and affiliate marketing components. Technically, the site employs modern JavaScript frameworks including React and uses extensive tracking and analytics tools from Alibaba's ecosystem, indicating a moderate level of digital maturity. However, the site suffers from slow performance due to large page size and numerous resources, and it lacks mobile optimization and accessibility features. Security-wise, the absence of HTTPS and security headers significantly weakens its posture, exposing users to potential risks. No privacy or cookie policies are present, and contact information is missing, which raises compliance and trust concerns. Overall, the site is accessible without WAF or security challenges but requires urgent improvements in security, privacy compliance, and performance to enhance user trust and operational integrity.

L

Lakeside Labs GmbH

lakeside-labs.com

0

Lakeside Labs GmbH operates as a research and innovation hub specializing in self-organizing networked systems. The organization targets researchers, technology innovators, and academic-industry partners, offering research projects, publications, and collaborative partnerships. The website reflects a medium-sized technology entity based in Austria with a professional online presence and consistent branding. Technically, the site is built on WordPress with common plugins and libraries, but suffers from slow performance and basic mobile optimization. Security posture is weak due to the absence of a valid SSL certificate and missing DNS records, which undermines trust and exposes the site to potential risks. Privacy compliance is minimal, lacking cookie consent and comprehensive GDPR indicators. Overall, the site is functional but requires significant improvements in security and compliance to enhance trustworthiness and protect user data.

C

Christof Group

christof-group.at

0

Christof Group is a large, family-owned industrial group specializing in critical process equipment manufacturing and plant engineering services, operating across Austria, Germany, and Slovenia. The company is positioned as a world leader in its sector with a strong portfolio of subsidiaries and a history of over 150 years in the industry. The website reflects a professional B2B business model targeting industrial clients in energy, petrochemical, and pharmaceutical sectors. Technically, the site is built on WordPress with modern SEO and multilingual capabilities but lacks HTTPS, which is a significant security shortfall. The security posture is weak due to the absence of SSL/TLS encryption and limited security headers, exposing the site to potential risks. Privacy compliance is addressed with a cookie consent mechanism and privacy policy, but incident response and security policies are missing. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

S

SPAR International

spar-international.com

0

SPAR International is a well-established global voluntary food retail group founded in 1932, operating over 13,900 stores across 48 countries. The business model focuses on licensed wholesalers and retailers working in partnership to deliver diverse store formats and retail solutions. The website reflects a mature digital presence with comprehensive content, clear navigation, and a focus on partner engagement and responsible retailing. Technically, the site is built on WordPress with common plugins and libraries, but suffers from significant security shortcomings including lack of a valid SSL certificate and DNS configuration issues. Privacy compliance is well addressed through Cookiebot consent management and a comprehensive privacy policy. However, the absence of HTTPS and security headers poses risks to user data and trust. Overall, the site is professional and content-rich but requires urgent security improvements to align with best practices and user expectations.

K

Kering Eyewear S.p.A.

keringeyewear.com

0

Kering Eyewear S.p.A. is a prominent luxury eyewear company operating under the global Kering Group umbrella. Established in 2014 and headquartered in Italy, it designs, develops, and distributes eyewear for a portfolio of 14 prestigious brands, including proprietary and licensed luxury houses. The company positions itself as a market leader in the luxury eyewear segment, targeting discerning consumers and industry partners. The website reflects a high level of professionalism with rich multimedia content, clear navigation, and consistent branding across multiple languages and regions. Technically, the site leverages modern JavaScript libraries, Google Tag Manager for analytics, and OneTrust for cookie consent, hosted on Microsoft Azure infrastructure. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines user trust and data protection. Privacy and cookie policies are well implemented, indicating good GDPR compliance. Contact information is available, though no phone numbers are explicitly provided. Overall, the site demonstrates strong business credibility but requires urgent security improvements to meet modern standards.

N

Nederman Holding AB

nederman.com

0

Nederman Holding AB is a well-established global leader in industrial air filtration and environmental technology, with a history dating back to 1944. The company offers a comprehensive range of products and services focused on protecting people, the environment, and production processes from harmful industrial emissions. Their market position is strong, supported by multiple subsidiaries and a broad product portfolio including dust and fume extraction systems and connected IIoT solutions. Technically, the website is built on a modern stack including Bootstrap, jQuery, and Sitecore CMS, hosted via Cloudflare, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Privacy compliance is partially addressed through OneTrust cookie consent, but no explicit GDPR or security policies are found. Overall, the site demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

M

MCR

morse.com

0

MCR is a well-established and large hotel management and ownership company, recognized as the third largest hotel owner-operator in the United States. The company operates a diverse portfolio of hotels across multiple states and brands, with a strong reputation supported by numerous industry awards and recognitions. The website reflects a mature business with a professional online presence, targeting investors, partners, and hospitality professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery and Google Maps integration, but suffers from a lack of HTTPS due to an invalid or missing SSL certificate, which significantly impacts its security posture. Security headers are well implemented, but the absence of SSL and modern TLS protocols is a critical vulnerability. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of use, but the lack of a cookie consent mechanism is a gap. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

A

ASSA ABLOY Group - global leader in access solutions | ASSA ABLOY

assaabloy.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 19 security findings identified across all modules.

P

Peak Technology

peaktechnology.at

0

Peak Technology is a specialized engineering company focused on manufacturing bespoke carbon fibre components and high pressure vessels primarily for the space and motorsport industries. The company positions itself as a trusted partner with over 15 years of motorsport championship involvement and expertise in space mission components. Their business model is B2B, providing high-tech composite solutions with certifications such as ISO 9001 and EN 9100 that underline their quality management commitment. The website is professionally designed using WordPress with modern SEO practices and structured data, targeting industry professionals and partners. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security gap that undermines trust and data protection. The site lacks a cookie consent mechanism despite setting cookies, and no incident response or vulnerability disclosure policies are visible. Overall, the technical infrastructure is moderate with room for improvement in security and privacy compliance. Strategic recommendations include immediate SSL deployment, enhanced security headers, and formalized security policies to improve the security posture and trustworthiness of the digital presence.

A

Algonquin Orthodontics

algonquinorthodontics.com

0

Algonquin Orthodontics is a specialized orthodontic practice located in Lake in the Hills, Illinois, led by Dr. Amer Shammaa. The practice offers a range of orthodontic services including metal braces, clear braces, and Invisalign® clear aligners, targeting patients of all ages in the local McHenry County area. The website presents a professional and user-friendly interface with clear navigation and relevant content aimed at educating and attracting patients. Technically, the site is built on a Symfony PHP framework hosted on AWS infrastructure, utilizing modern web fonts and iconography, and integrates Google Tag Manager for analytics. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Security headers are minimal, and privacy compliance is poor due to the absence of privacy and cookie policies. The WHOIS data aligns with the business claims, indicating a legitimate small healthcare business. Overall, while the business and content quality are good, the security posture and privacy compliance require urgent improvements to enhance trust and protect user data.

S

SEEBURGER: Integrate your business in any cloud

seeburger.com

0

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 23 security findings identified across all modules.

P

pluradent-austria.at

pluradent-austria.at

0

The website pluradent-austria.at operates as an affiliate media platform specializing in online casino reviews and rankings targeted at Austrian players. It provides comprehensive content on casino options, bonuses, payment methods, legal considerations, and responsible gambling. The site is hosted behind Cloudflare and uses modern JavaScript libraries like Swiper.js for UI components. However, the site lacks a valid SSL certificate, resulting in no secure HTTPS connection, which significantly impacts its security posture. Security headers are present but cannot compensate for the missing SSL. Privacy compliance is poor due to the absence of privacy and cookie policies, and no contact information is provided, limiting business credibility. Overall, the site offers good content quality and moderate professionalism but requires urgent improvements in security and privacy to enhance trust and compliance.

Chiesi Farmaceutici S.p.A is a well-established global pharmaceutical company headquartered in Italy, recognized among the top 50 pharmaceutical companies worldwide. The company specializes in respiratory, neonatology, and rare diseases with over 80 years of experience. Their business model focuses on pharmaceutical research, development, manufacturing, and global partnerships, supported by a broad network of subsidiaries across multiple countries. The website reflects a professional corporate presence with comprehensive content targeting healthcare professionals, patients, and partners. Technically, the site uses a PHP backend with various JavaScript libraries and analytics tools, hosted on Azure DNS infrastructure. However, the absence of a valid SSL certificate and lack of HTTPS significantly undermine the security posture. Security headers are implemented but cannot compensate for the missing encryption. Privacy and cookie policies are present with consent mechanisms, indicating good compliance practices. The WHOIS data confirms domain legitimacy and consistency with the company's profile. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration to ensure secure communications.

G

Geiger.com

geiger.com

0

Geiger.com is a large, family-owned US-based distributor specializing in promotional products, corporate gifts, and imprinted apparel. The company positions itself as the largest family-owned promotional product distributor in the US, serving a broad business audience with a comprehensive product catalog and services including custom products, kitting, corporate programs, and expos. The website reflects a mature digital presence with extensive product categories, client brand logos, and active social media engagement. Technically, the website uses modern JavaScript frameworks such as Vue.js and Bootstrap 5, hosted likely on AWS infrastructure. Marketing and analytics tools include Google Tag Manager, Google Analytics, Osano CMP for consent management, Filestack for file handling, and Searchspring for search functionality. The site is mobile-optimized and accessible with good SEO practices, though performance metrics indicate slow loading. From a security perspective, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical vulnerability. While some security headers are present, key TLS protocols and best practices like HSTS, OCSP stapling, and session resumption are not enabled. No incident response or vulnerability disclosure policies are found. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professionally designed and credible from a business standpoint but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate SSL/TLS deployment, enabling modern security headers and protocols, implementing cookie consent, and publishing incident response information.

L

LVA GmbH

lva-gmbh.at

0

LVA GmbH is a well-established Austrian company specializing in food safety, quality control, certification, and training services primarily targeting the food, cosmetics, pharmaceutical, and supplement industries. Founded in 1926, it holds a strong market position as a leading competence center in the Central and Eastern European region, serving clients in over 80 countries. The company offers a comprehensive portfolio including laboratory analyses, expert assessments, inspections, research, and educational seminars. Technically, the website is built on WordPress with modern SEO and cookie consent tools, but lacks a valid SSL certificate, which impacts security and user trust. The security posture is basic with no HTTPS, no HSTS, and missing advanced security headers, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and content-rich but requires urgent security improvements to align with best practices.

D

DIG GmbH

dig.at

0

DIG GmbH is a medium-sized Austrian company specializing in digital spend management solutions across Source2Pay, Finance, and Supply Chain sectors. As part of the Proalpha Group, DIG offers ERP-independent software and consulting services targeting enterprises seeking to optimize procurement and financial processes. The website demonstrates a professional and consistent brand presence with comprehensive content, customer testimonials, and references from reputable clients. Technically, the site is built on the HubSpot CMS platform, utilizing modern marketing and analytics tools such as HubSpot Analytics, Google Tag Manager, and Cookiebot for consent management. However, a critical security issue is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Performance is also suboptimal with a high load time and resource count. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is credible and well-positioned in its market but requires urgent security improvements.

sprungbrett.at is an Austrian job platform focused on connecting job seekers with employment opportunities primarily in commercial and technical sectors. The website offers job listings, initiative application options, and personnel search services for companies. It targets job seekers in Austria and positions itself as a regional recruitment service with a professional and user-friendly interface. Technically, the site uses a Contao CMS backend with PHP 7.4 and nginx server, integrating common web technologies such as jQuery, Google Analytics, Google Maps API, and ShareThis for social sharing. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. Security headers are present but undermined by the absence of HTTPS. Privacy compliance is weak, with no visible privacy or cookie policies. Contact information is clearly provided, including email, phone, and physical address, enhancing business credibility. Overall, the site is functional and professional but requires urgent security and compliance improvements.

The website iiasacat.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page that blocks direct content access. This prevents any meaningful extraction of business, contact, or policy information. The domain is registered and uses Cloudflare for DNS and security services, but lacks a valid SSL certificate, which is a critical security deficiency. The absence of visible content, metadata, or structured data indicates the site is either under protection or not publicly available. Consequently, the technical infrastructure appears to rely heavily on Cloudflare's security platform, but the lack of HTTPS and content accessibility severely limits digital maturity and user trust. Security headers are present, but without valid SSL, the overall security posture is weak. No privacy or cookie policies are found, indicating poor compliance with data protection regulations. Overall, the site presents a high risk due to inaccessibility and missing security best practices.

N

NOA

noa-vu.nl

0

NOA is a Dutch company specializing in scientifically validated online assessments and psychological tests, primarily serving educational institutions, HR professionals, and reintegration sectors. With over 25 years of experience and origins linked to the Vrije Universiteit, NOA holds a strong market position supported by ISO 9001 and ISO 27001 certifications. The website reflects a professional and consistent brand with comprehensive content and clear navigation, targeting Dutch-speaking audiences. Technically, the site uses Microsoft IIS with ASP.NET and Umbraco CMS, integrating modern tools like Google Tag Manager and Elmah.io for error logging. However, the absence of HTTPS is a critical security gap, exposing users to potential risks. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Contact information is complete and accessible, enhancing business credibility.

O

Oskar Schmidt GmbH

schmidtauto.at

0

Autohaus Schmidt, officially Oskar Schmidt GmbH, is a well-established automobile dealership and service provider based in Salzburg, Austria, with a history dating back to 1928. The company operates multiple locations and offers a wide range of services including new and used car sales, vehicle rental, servicing, repairs, and financing. Their market position is strong within the regional transportation sector, supported by authorized partnerships with major car brands such as Ford, Volvo, Peugeot, and Citroën. The website reflects a professional and consistent brand image targeting car buyers and service customers in Salzburg and surrounding areas. Technically, the website uses modern JavaScript, AWS CloudFront CDN, and Google Tag Manager for analytics and marketing. However, it lacks HTTPS, which is a critical security deficiency. The site includes cookie consent mechanisms and privacy policies compliant with GDPR, indicating a good level of privacy awareness. Performance data is unavailable, but the site appears mobile-optimized and SEO-friendly. From a security perspective, the absence of SSL/TLS encryption severely impacts the site's security posture, exposing users to potential risks. Other security headers and best practices are partially implemented but overshadowed by the lack of HTTPS. No incident response or vulnerability disclosure policies are present. The domain registration data aligns well with the business claims, enhancing trustworthiness. Overall, while the business and website demonstrate professionalism and good content quality, the critical lack of HTTPS significantly lowers the security score and overall risk profile. Strategic improvements in security infrastructure are essential to protect users and maintain trust.

S&P Global is a leading enterprise in the financial data and analytics sector, providing essential intelligence through a combination of data, connected technologies, and expert insights. The website reflects a mature, well-structured digital presence with comprehensive content targeting financial professionals and enterprises. Technically, the site leverages Adobe Experience Manager CMS, integrates modern analytics and error tracking tools, and maintains good SEO and accessibility standards. However, a critical security gap exists due to the absence of a valid SSL certificate, which significantly impacts the security posture and overall trustworthiness. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. The domain registration aligns with the company's long-standing history and public presence, reinforcing legitimacy. Strategic improvements in SSL configuration and enhanced security practices are recommended to elevate the site's security and trust levels.