Security Directory

The website for Stora Enso is currently inaccessible due to a Cloudflare firewall block, presenting a minimal page indicating the user has been blocked by the firewall. This prevents access to any substantive business content, policies, or contact information. The domain is mature and registered with strong protections, indicating a legitimate and established business presence. However, the lack of a valid SSL certificate and HTTPS support on the site is a critical security deficiency. The technical infrastructure relies on Cloudflare for security and hosting, but the SSL configuration is incomplete or invalid, which severely impacts the security posture. Overall, the site is not currently usable for end users, and the lack of visible privacy or cookie policies further reduces compliance and trust. Strategic recommendations include resolving SSL issues, improving content accessibility, and publishing comprehensive privacy and security policies.

T

TD Canada Trust

td.com

0

TD Canada Trust is a leading North American financial institution offering a broad range of banking and investment services to personal, small business, and commercial clients. The website reflects a mature digital presence with comprehensive content on corporate values, sustainability, innovation, and customer care. The technical infrastructure is built on Adobe Experience Manager and supported by major third-party services for analytics and marketing. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of HTTPS support, which poses significant risks to user data confidentiality and trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

S

Strom und Gas für Düsseldorf und NRW | Stadtwerke Düsseldorf

swd-ag.de

0

Security assessment completed with an overall score of 0/100 (unknown risk). 4 critical issues require immediate attention. Total of 29 security findings identified across all modules.

J

JOANNEUM RESEARCH Forschungsgesellschaft mbH

joanneum.at

0

JOANNEUM RESEARCH Forschungsgesellschaft mbH is a leading Austrian research institution specializing in applied research and technology development across multiple sectors including healthcare, digital technologies, robotics, and environmental sciences. The organization serves industry, government, and research partners with innovative solutions and maintains a strong market position supported by international collaborations and a large workforce. The website reflects a mature digital presence with comprehensive content and professional design, targeting stakeholders in research and industry. Technically, the site is built on WordPress with Elementor and uses modern web technologies, but suffers from a critical lack of HTTPS due to an invalid SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are well implemented, indicating good GDPR compliance. However, the absence of explicit security policies and incident response information suggests room for improvement in security governance. Overall, the site is trustworthy and professional but requires urgent security enhancements to protect user data and improve trust.

W

WIG Wietersdorfer Holding GmbH

wietersdorfer.com

0

WIG Wietersdorfer Holding GmbH is a large, family-owned industrial enterprise based in Austria with a 125-year history. The company operates internationally with subsidiaries in multiple countries, focusing on sectors such as cement, lime, GFK and PP pipe systems, and industrial minerals. Their business model is centered on manufacturing and global distribution, targeting industrial and construction markets. The website reflects a mature digital presence with a professional design, clear navigation, and multilingual support. Technically, the site is built on WordPress with the Avada theme and uses common plugins for forms, multilingual content, and cookie management. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which is a critical issue that needs immediate remediation. Privacy compliance is well addressed with comprehensive policies and a robust cookie consent mechanism. Overall, the site demonstrates good business credibility and digital maturity but requires urgent security improvements to protect user data and maintain trust.

A

Air Liquide

airliquide.com

0

Air Liquide is a global leader in gases, technologies, and services for industry and healthcare, operating in 60 countries with a large workforce and millions of customers. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding. However, the technical security posture is weak due to an invalid SSL certificate and disabled TLS protocols, which poses significant risks to user trust and data security. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. The absence of direct contact information and vulnerability disclosure policies suggests areas for improvement in transparency and incident response readiness. Overall, the domain registration data aligns well with the business claims, indicating high legitimacy.

W

Wüstenrot

wuestenrot.at

0

Wüstenrot is a well-established Austrian financial services provider with a 100-year history, offering integrated banking, insurance, and savings products. The website reflects a mature digital presence with professional design, comprehensive content, and clear navigation tailored to private customers in Austria. Technically, the site is built on Adobe Experience Manager and uses modern web technologies and analytics tools. However, a critical security gap exists due to the absence of a valid SSL certificate and enabled TLS protocols, exposing users to potential risks. Privacy compliance is strong with GDPR-aligned cookie consent and detailed privacy policies. Overall, the business is credible and trustworthy, but urgent security improvements are needed to protect user data and maintain trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

C

Cropster

cropster.com

0

Cropster is a mature, market-leading SaaS provider specializing in software solutions for the coffee industry, including roasting, inventory, and quality management. The company targets coffee farmers, roasters, and cafe managers with a comprehensive suite of products designed to streamline workflows and improve operational efficiency. Cropster maintains a consistent and professional brand presence with multilingual support and active content updates. Technically, the website is built on WordPress, leveraging modern JavaScript frameworks and AWS CloudFront CDN for delivery. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, despite the presence of strong security headers. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. The domain registration is consistent and trustworthy, reflecting a stable business operation. Overall, Cropster presents a professional and credible online presence but must urgently address SSL/TLS issues to improve security and trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

The domain c-oncept.com currently hosts a parked domain page provided by Aruba.it, indicating that the domain is registered but not actively used for business purposes. The page contains minimal content, primarily informing visitors that the domain is taken, with no business description, contact information, or interactive elements. The technical infrastructure is based on Microsoft IIS 10.0 and ASP.NET, hosted by Aruba.it, but lacks a valid SSL certificate and modern security configurations. This results in an insecure HTTP-only site with no HTTPS support. Security posture is weak due to missing SSL, lack of security headers, and no evidence of privacy or cookie policies. Overall, the site does not present any business credibility or privacy compliance features, and no analytics or tracking technologies are detected.

G

Grand Hotel Oslo

grand.no

0

Grand Hotel Oslo is a historic and iconic hospitality business located in the heart of Oslo, Norway. It offers premium hotel accommodations, multiple restaurants and bars, event hosting facilities, and spa services. The hotel targets tourists, business travelers, and event organizers, positioning itself as a luxury and culturally significant venue. The website reflects a professional and consistent brand image with clear business information and trust indicators such as environmental certification and social media presence. Technically, the site uses modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking, hosted likely on Microsoft Azure infrastructure. However, a critical security gap exists as the website lacks HTTPS/SSL encryption, exposing visitors to potential risks. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the website is functional and content-rich but requires urgent security improvements to protect user data and enhance trust.

T

Tetra Pak International S.A.

tetrapak.com

0

Tetra Pak International S.A. operates a comprehensive global website showcasing its leadership in food processing and packaging solutions. The company targets food and beverage industry professionals, offering a broad range of services including packaging, integrated equipment, product innovation, and digital automation. The website is well-structured, professionally designed, and optimized for SEO and accessibility, reflecting a mature digital presence. Technically, the site is built on Adobe Experience Manager and hosted on IBM PWS, leveraging modern web technologies and third-party tools for analytics and cookie consent. However, the security posture is weakened by an invalid SSL certificate and lack of TLS protocol support, which poses risks to data confidentiality and user trust. Privacy and cookie policies are present with consent mechanisms, indicating compliance with GDPR and related regulations. Contact information is primarily via web forms, with no direct emails or phone numbers publicly listed. Overall, the site demonstrates high business credibility and professionalism but requires urgent remediation of SSL and TLS issues to improve security and trust.

D

DuPont

dupont.com

0

DuPont is a globally recognized enterprise specializing in manufacturing essential innovations across multiple sectors including automotive, electronics, healthcare, and water management. The company leverages science and innovation to deliver products such as protective equipment, clean water solutions, and advanced materials. The website reflects a professional and consistent brand presence targeting industrial and commercial clients. Technically, the site is built on Adobe Experience Manager with modern JavaScript libraries and integrates analytics and marketing tools such as Adobe Launch and Pingdom. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts the site's security posture. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, the site demonstrates strong business credibility but requires urgent security improvements.

Canto operates as a leading provider of digital asset management (DAM) solutions, offering a comprehensive SaaS platform designed to help businesses organize, edit, share, and analyze digital content efficiently. The company positions itself as an industry leader with a strong focus on enterprise customers, providing feature-rich tools that enhance content workflows and brand management. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the website is built using modern web technologies including Vue.js and is hosted on Netlify, indicating a contemporary and scalable infrastructure. The site demonstrates good SEO and mobile optimization practices, although performance metrics are not explicitly available. Accessibility is basic but present. The use of structured data and meta tags supports search engine visibility. From a security perspective, the site has several critical shortcomings. Despite having security headers like X-Content-Type-Options and X-Frame-Options, the absence of a valid SSL certificate and lack of HTTPS support severely undermine the security posture. No TLS protocols are enabled, and HSTS is not enforced, exposing users to potential risks. Privacy and cookie policies are comprehensive and GDPR compliant, but no explicit contact emails or phone numbers are provided, relying instead on contact forms. Overall, while the business and technical aspects of the website are strong, the critical lack of SSL/TLS encryption represents a significant risk that must be addressed promptly. Strategic recommendations include immediate SSL certificate installation, enabling modern TLS protocols, and enforcing HSTS to protect user data and maintain trust. Enhancing contact transparency and expanding security frameworks would further strengthen the company's security and compliance posture.

M

Mayr-Melnhof Holz Holding AG

mm-holz.com

0

Mayr-Melnhof Holz is a leading European manufacturer in the wood industry, specializing in engineered wood products such as glued laminated timber and cross-laminated timber. With a history spanning over 170 years, the company holds a strong market position and offers a comprehensive range of wood construction solutions. The website reflects a mature digital presence with detailed product information, references, and a multilingual interface targeting architects, planners, and industry professionals. Technically, the site is built on TYPO3 CMS and employs modern JavaScript libraries like Owl Carousel and Google Analytics for user tracking. However, the site suffers from slow load times and lacks a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and modern TLS protocols is a critical vulnerability that needs immediate remediation. Security-wise, the company has implemented SPF records and avoids subdomain takeover risks, but the lack of DNSSEC, HSTS, and OCSP stapling reduces its overall security maturity. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism, aligning with GDPR requirements. Overall, the website is professional and content-rich but requires urgent security improvements, especially regarding SSL/TLS configuration, to enhance trust and protect user data.

P

Pave Commute

carployee.com

0

Pave Commute, formerly known as Carployee, is a technology company focused on promoting sustainable commuting behaviors within organizations. Their primary offering is a SaaS-based app that incentivizes and rewards employees for sustainable commuting, aiming to improve employee satisfaction and foster a positive company culture. The company targets HR leaders, sustainability managers, teams, and transportation managers, positioning itself as a key player in the transportation and sustainability sector. The website demonstrates a professional and consistent brand presence with clear business information and multiple contact channels. Technically, the website is built on WordPress with Elementor, utilizing modern web technologies such as jQuery and lazy loading for images. It is hosted behind Cloudflare, which provides CDN and security services. However, the site lacks a valid SSL certificate and does not support TLS, which is a significant security concern. Performance is currently slow, and while the site is mobile-optimized and accessible, improvements in security configurations are necessary. From a security perspective, the absence of HTTPS and TLS support is critical, exposing users to potential data interception risks. The site does implement some security headers and uses secure cookie flags, but lacks advanced protections like HSTS and OCSP stapling. Privacy compliance is strong, with comprehensive privacy and cookie policies and consent mechanisms in place. Contact information is readily available, enhancing business credibility. Overall, while the business and content quality are high, the security posture significantly lowers the risk profile. It is recommended that Pave Commute prioritize obtaining and configuring a valid SSL/TLS certificate and enhancing their security headers to protect user data and maintain trust. The company shows strong legitimacy and market positioning but must address these critical security issues to ensure safe and compliant operations.

S

Salzburger Nachrichten Medien GmbH & Co. KG

salzburg.com

0

Salzburger Nachrichten Medien GmbH & Co. KG operates a mature and well-established regional news website focused on Salzburg, Austria, and international news. The site offers a wide range of content including politics, economy, culture, sports, and local events, supported by various services such as job listings, real estate, e-paper, and podcasts. The company maintains a strong market position as a leading media provider in the region with a consistent and professional brand presence. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, leveraging GraphQL for data management. It uses Varnish caching and is hosted on Conova infrastructure. The site is well-optimized for mobile and SEO, with good accessibility features. However, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap. From a security perspective, the website lacks HTTPS, HSTS, and other essential security headers, which significantly lowers its security posture. While no critical vulnerabilities or malware were detected, the lack of encryption exposes users to potential risks. Privacy policies and cookie consent mechanisms are in place, indicating compliance with GDPR requirements. Overall, the website is content-rich and professionally managed but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling security headers, and enhancing incident response capabilities.

W

wikifolio Financial Technologies AG

wikifolio.com

0

wikifolio Financial Technologies AG operates a sophisticated online investment platform focused on European stocks and social trading. The platform enables investors worldwide to access trading ideas, create virtual portfolios, and invest in wikifolio certificates listed on stock exchanges in Germany, Austria, and Switzerland. The company is well-positioned in the European finance sector with a medium-sized operation and a strong brand presence supported by partnerships and positive testimonials. Technically, the website leverages modern web technologies including React, Next.js, and Chakra UI, hosted on Azure infrastructure with CDN support for performance. The site is well-optimized for SEO, accessibility, and mobile responsiveness, providing a professional user experience. From a security perspective, the site currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability. Security headers are partially implemented but key features like HSTS and OCSP stapling are missing. Privacy compliance is strong with comprehensive policies and clear contact information, but incident response and security policy disclosures are absent. Overall, the website presents a trustworthy and professional business front but requires urgent improvements in SSL/TLS security to protect user data and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling TLS 1.2+, and enhancing security headers and incident response readiness.

SIGEL is a medium-sized manufacturing company specializing in innovative office equipment and smart procurement solutions tailored for modern, agile work environments. The company positions itself as a trusted partner for businesses seeking high-quality office products, supported by multiple international design awards and ISO certification. The website is professionally designed using Drupal 11, with strong SEO, accessibility, and multi-language support, reflecting a mature digital presence. However, the absence of a valid SSL certificate and HTTPS implementation significantly undermines the site's security posture. While security headers and cookie consent mechanisms are well implemented, the lack of incident response and vulnerability disclosure policies indicates room for improvement in security governance. Overall, the website is trustworthy and professional but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

P

Pankl SHW Industries AG

pankl.com

0

Pankl SHW Industries AG operates as a leading Austrian manufacturing group specializing in high-technology mechanical systems for niche markets including motorsport, luxury automotive, and aerospace. The company is majority-owned by Pierer Industrie AG and maintains a strong international presence with 21 locations and over 4,200 employees. Their product portfolio spans engine and turbo systems, drivetrain components, forged parts, aerospace components, and advanced powder metallurgy products. The website reflects a professional corporate identity with comprehensive content and clear navigation, targeting industrial clients and partners. Technically, the site is built on WordPress with modern plugins and frameworks, optimized for SEO and mobile use. However, the absence of a valid SSL certificate and HTTPS implementation significantly weakens the security posture, exposing users to potential risks. Privacy and cookie policies are well implemented, indicating GDPR compliance. The domain registration is mature and consistent with the business claims, enhancing trustworthiness. Strategic security improvements are recommended to elevate the site's protection and user trust.

S

Spanische Hofreitschule & Lipizzanergestüt Piber

srs.at

0

The website for Spanische Hofreitschule & Lipizzanergestüt Piber represents a well-established cultural institution in Austria focused on classical horse riding performances and heritage preservation. It offers rich content about its services, events, and visitor information, targeting tourists and cultural enthusiasts. The site uses modern CMS technology (Craft CMS) and integrates privacy-compliant analytics and cookie consent mechanisms. However, the lack of a valid SSL certificate and HTTPS severely impacts its security posture. While security headers are partially implemented, the absence of encryption exposes users to risks. The business information is clear and consistent with WHOIS data, supporting legitimacy. Overall, the site is professionally designed and user-friendly but requires urgent security improvements to protect visitors and enhance trust.

E

EVN

evn.at

0

EVN is a large Austrian energy provider specializing in electricity, gas, heating, water, photovoltaic solutions, and e-mobility services. The website targets private customers, businesses, agriculture, and municipalities, offering a comprehensive range of energy-related products and services. The company maintains a professional and consistent online presence with clear navigation and rich content. Technically, the site uses Kentico CMS, Cloudflare CDN, and integrates analytics tools like eTracker and Microsoft Application Insights. However, the security posture is weak due to the absence of a valid SSL certificate and disabled TLS protocols, which critically impacts secure communications. Privacy and cookie policies are present and GDPR compliant, with a consent mechanism implemented. Overall, the site is trustworthy and professional but requires urgent improvements in SSL/TLS configuration to ensure user security.

S

Svenska Cellulosa Aktiebolaget SCA (publ)

sca.com

0

SCA (Svenska Cellulosa Aktiebolaget) is a large enterprise operating primarily in the forestry, energy, and logistics sectors, with a strong focus on sustainability and renewable resources. The company manages Europe's largest private forest holdings and offers a comprehensive value chain including forest services, wood products, containerboard, renewable energy, pulp, and logistics. The website is professionally designed, content-rich, and well-structured, targeting stakeholders such as forest owners, investors, customers, and job seekers. Technically, the site uses modern JavaScript modules, SVG graphics, and is hosted behind Cloudflare, but lacks a valid SSL certificate, resulting in no HTTPS support which is a critical security concern. Privacy and cookie policies are present and indicate GDPR compliance, and the site uses Piwik PRO for analytics with moderate user tracking. The security posture is weak due to the absence of HTTPS and modern TLS protocols, no HSTS, and no OCSP stapling. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

I

IBT Connecting Energies GmbH

ibtgroup.at

0

IBT Connecting Energies GmbH is a medium-sized energy sector company specializing in high-efficiency cogeneration and trigeneration solutions for industrial clients. The company has a strong market position in Italy and Europe, supported by strategic partnerships with technology leaders such as Capstone Green Energy and Century Corporation. Their business model focuses on B2B energy efficiency projects, including consulting, implementation, maintenance, and investment services. The website reflects a professional digital presence with comprehensive content and clear navigation, targeting industrial customers seeking sustainable energy solutions. Technically, the site is built on WordPress with modern plugins and SEO tools, hosted likely on SiteGround. However, the lack of a valid SSL certificate and HTTPS implementation is a critical security gap. Privacy and cookie policies are well implemented and GDPR compliant, enhancing user trust. Social media integration and partner logos further strengthen credibility. Overall, the site demonstrates good digital maturity but requires urgent security improvements to protect user data and maintain trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

P

Polymer Competence Center Leoben GmbH

pccl.at

0

The Polymer Competence Center Leoben GmbH (PCCL) is a leading Austrian research institution specializing in polymer technology and polymer sciences. It collaborates closely with industry partners and academic institutions to deliver innovative R&D projects across sectors such as automotive, aerospace, packaging, and renewable energy. The website reflects a mature organization with a clear focus on cooperative research and sustainable polymer solutions. Technically, the site is built on Joomla CMS with a variety of extensions and frameworks, but suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. This significantly impacts the security posture and user trust. Privacy and compliance documentation is well maintained, including GDPR-compliant privacy policies and incident reporting mechanisms. Overall, the site is professional and content-rich but requires urgent improvements in security infrastructure to align with best practices and user expectations.

Z

ZKW Group

zkw-group.com

0

ZKW Group is a leading global supplier specializing in innovative premium lighting systems and electronics for the automotive industry. The company positions itself as a strategic partner to automotive manufacturers worldwide, focusing on delivering advanced lighting solutions. The website reflects a professional corporate presence with multilingual support and strong branding aligned with its parent company, LG. Technically, the site is built on WordPress with modern plugins such as Elementor and Yoast SEO, hosted on WP Engine with Google Cloud infrastructure. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the site's security posture. The site implements cookie consent mechanisms compliant with GDPR via Usercentrics, but lacks visible contact information and detailed security or incident response policies. Overall, while the business and technical maturity are solid, urgent remediation of SSL/TLS issues is necessary to ensure secure user interactions and maintain trust.

J

Jungheinrich AG

jungheinrich.com

0

Jungheinrich AG is a globally leading company in the intralogistics sector, headquartered in Hamburg, Germany. The company specializes in manufacturing industrial trucks, warehouse and material flow technology, and providing logistics services. The website reflects a mature enterprise with a strong market position and comprehensive service offerings targeting businesses requiring intralogistics solutions. Technically, the website employs modern web technologies including Vue.js, CoreMedia CMS, and integrates multiple marketing and analytics tools such as Google Tag Manager, Marketo, and Cookiebot. However, a critical security issue is present due to an invalid SSL certificate and lack of enabled TLS protocols, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professionally designed, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

A

American Superconductor

amsc.com

0

American Superconductor (AMSC) is a medium-sized US-based technology company specializing in advanced power electronics and superconductor systems that support smarter, cleaner energy solutions globally. The company serves energy utilities, renewable energy developers, and marine power sectors, positioning itself as a key player in the energy technology market with NASDAQ listing and a global footprint. The website reflects a professional digital presence with clear business descriptions, investor relations, and product offerings focused on grid and renewable energy solutions. Technically, the site is built on WordPress with modern JavaScript libraries and frameworks, hosted on Pantheon, and optimized for mobile users. However, performance is moderate and accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, exposing the site to risks and reducing trust. Privacy compliance is well addressed with comprehensive privacy and cookie policies. Overall, the site is credible but requires urgent security improvements to protect users and enhance trust.

S

Sanitär-Heinze GmbH & Co. KG

sanitaer-heinze.com

0

Sanitär-Heinze GmbH & Co. KG operates as a specialized wholesale and service provider in the sanitary, heating, ventilation, and renewable energy sectors primarily serving professional customers in Germany. The company offers a broad portfolio including bathroom products, heating systems, ventilation solutions, and 3D bathroom planning services. Their market position is that of an established regional player with a consistent brand presence and multiple product lines. Technically, the website is built on the Pimcore CMS platform, leveraging modern JavaScript libraries and Google analytics tools, with a professional design and good navigation. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that significantly impacts the security posture. Cookie consent is implemented properly, and privacy policies are comprehensive and GDPR compliant. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

A

Arbonia AG

arbonia.com

0

Arbonia AG is a large Swiss manufacturing company specializing in interior architectural products such as doors, showers, and room partition systems. The company operates through 15 specialized subsidiaries producing in Central Europe and serves architects, interior designers, and construction industry professionals globally. The website is built on TYPO3 CMS and features a modern design with good navigation and mobile optimization. It includes a GDPR-compliant cookie consent mechanism and links to comprehensive privacy policies. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which significantly impacts its security posture. Security headers are well configured, but the absence of TLS protocols and OCSP stapling are notable vulnerabilities. Contact information is present but lacks direct emails or phone numbers on the site. Social media presence is active on YouTube, Instagram, and LinkedIn. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS implementation to enhance security and user trust.

F

FRIEDEN Informatik GmbH

steinringer.com

0

FRIEDEN Informatik GmbH is a specialized IT and software company serving the Austrian residential construction sector, offering consulting, custom software solutions, and IT support. The company is a subsidiary of the Wohnbaugenossenschaft FRIEDEN, leveraging over 25 years of industry experience to provide tailored IT services to housing cooperatives, property managers, and real estate developers. The website content is professionally presented, targeting a German-speaking audience primarily in Austria. Technically, the site is built on WordPress with modern frameworks like Bootstrap and uses advanced cookie consent management to comply with GDPR. However, the SSL/TLS configuration is currently invalid, which poses a significant security risk and undermines trust. Security headers are partially implemented, but critical protections like a valid HTTPS certificate and XSS protection are missing. The domain steinringer.com shows inconsistent DNS and SSL data, suggesting it may not be the primary domain for the website content, which is hosted on frieden-informatik.at. Overall, the business demonstrates strong market positioning and privacy compliance but requires urgent improvements in SSL security and domain configuration to enhance trust and security posture.

The domain humai.tech is registered to Partium Technologies GmbH, an Austrian technology company founded in 2017. Currently, the website is suspended due to ICANN verification requirements, and no active business content or services are available on the site. The domain is mature with 8 years of registration history, but the suspension indicates administrative compliance issues rather than technical or security problems. The hosting provider is Host Europe GmbH, and the site runs on a legacy Microsoft IIS and ASP.NET 4.0 stack. From a technical perspective, the website lacks HTTPS support, has no valid SSL certificate, and does not implement modern security headers or DNSSEC. Performance metrics are unavailable, and the site shows poor mobile optimization and accessibility. No privacy, cookie, or terms of service policies are present, and no analytics or advertising technologies are detected. Contact information is limited to Host Europe support details and a form to resend verification emails. Security posture is weak due to the absence of HTTPS and domain protection locks, increasing risk exposure. The domain registration is consistent and legitimate, but the lack of domain locks and the suspension status reduce trustworthiness. Overall, the website is non-operational and presents significant compliance and security gaps. Strategic recommendations include obtaining a valid SSL certificate to enable HTTPS, completing ICANN verification promptly, implementing domain protection locks, adding privacy and cookie policies, and improving technical infrastructure to modern standards to restore trust and operational status.

The domain parker.com appears to represent a large manufacturing business, likely Parker Hannifin or a related entity, based on DNS and domain data. However, the website content is currently inaccessible due to an access denial page, likely caused by a Web Application Firewall or other security mechanism. This prevents direct analysis of business content, policies, or contact information. The technical infrastructure includes Akamai CDN services and multiple MX mail servers, indicating enterprise-grade hosting and email setup. Security posture is weak on the web server side, with no valid SSL certificate or HTTPS support detected, which is a critical issue. The domain's DNS and WHOIS data show a consistent and legitimate registration with appropriate email security policies such as DMARC with reject policy and reporting enabled. Overall, the site is currently not accessible for normal users, limiting content and privacy compliance analysis.

E

EGLO FINLAND OY

eglo.com

0

EGLO FINLAND OY operates as a major player in the global lighting manufacturing and retail sector, offering a wide range of lighting and home decor products through a multilingual e-commerce platform. The company is well-established with a domain age of 27 years and a strong market presence supported by a global network of sales entities. The website is professionally designed, user-friendly, and targets consumers and retailers seeking lighting solutions. Technically, the site leverages Magento Commerce with modern JavaScript frameworks and integrates multiple marketing and analytics tools, reflecting a mature digital infrastructure. However, the absence of a valid SSL certificate and disabled TLS protocols represent significant security weaknesses that undermine the site's security posture. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business is credible and trustworthy, but urgent security improvements are recommended to protect user data and enhance trust.

G

Global Blue

globalblue.com

0

Global Blue operates as a provider of tax-free shopping solutions and related financial services targeting international shoppers and retailers. The website serves as an informational and service platform, primarily implemented as a modern Angular single-page application. However, the site currently lacks visible content beyond the SPA shell, with no accessible privacy, cookie, or terms of service policies, and no contact information available in the HTML content. Technically, the site uses Varnish caching and modern JavaScript frameworks but suffers from poor SSL/TLS configuration, lacking a valid certificate and HTTPS support, which severely impacts security and trustworthiness. Security headers are minimal, and no vulnerability disclosure or incident response information is published. Overall, the website's security posture is weak, and privacy compliance is poor, which could expose the business to risks and reduce user trust.

S

Smarter Ecommerce GmbH

smarter-ecommerce.com

0

Smarter Ecommerce GmbH is an established Austrian company founded in 2007, specializing in AI-powered PPC campaign management software and expert consulting services tailored for ecommerce businesses. The company holds reputable certifications such as Google Premier Partner and Microsoft Advertising Elite Partner, positioning itself as a trusted player in the ecommerce marketing technology sector. Their offerings focus on Performance Max optimization, Google Ads management, and comparison shopping services, targeting ecommerce clients seeking to maximize advertising ROI. Technically, the website leverages modern web technologies including Bootstrap, GSAP, and Storyblok CMS, hosted behind Cloudflare CDN. The site implements a consent management platform (Usercentrics) and integrates multiple analytics and tracking tools such as Google Analytics, Hotjar, and Microsoft Clarity, reflecting a mature digital marketing infrastructure. Mobile optimization and SEO practices are well addressed, although performance metrics are not explicitly available. From a security perspective, the site lacks a valid SSL certificate, which is a critical vulnerability impacting user trust and data protection. While some security headers are present, important enhancements such as DNSSEC, CAA records, and full HSTS implementation are missing. No explicit security or incident response policies are published, and no vulnerability disclosure mechanisms are evident. Privacy compliance is well managed through a comprehensive privacy policy and cookie consent mechanism. Overall, the website demonstrates strong business credibility and digital maturity but requires urgent remediation of SSL/TLS issues and security hardening to ensure secure user interactions and compliance with best practices.

P

Pümpel

puempel.at

0

Pümpel is a well-established construction materials and services company based in Vorarlberg, Austria, with over 90 years of experience. The company serves both private and commercial customers, offering a wide range of products including wood, windows, doors, tools, and garden supplies, alongside services such as consultation, delivery, custom cutting, and professional installation. Their market position is strong regionally, supported by certifications and a professional online presence. Technically, the website is built on WordPress with a modern frontend stack including Bootstrap and jQuery, but it lacks HTTPS and uses an outdated PHP version, which poses security risks. The security posture is weak due to missing SSL and security headers, although SPF and DMARC email protections are in place. Privacy compliance is basic with cookie consent and privacy information available, but no dedicated security or incident response policies are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

H

Hypo Tirol Bank AG

hypotirol.com

0

Hypo Tirol Bank AG operates as a digital regional bank in Austria, primarily serving private and corporate clients in Tirol and Vienna. The website presents a comprehensive portfolio of banking products including accounts, cards, savings, investments, loans, and insurance services. The bank emphasizes personal service combined with digital convenience, targeting a broad customer base from individuals to public institutions. The site is professionally designed with clear navigation and localized German content, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins and integrates marketing and tracking tools such as Google Tag Manager and Adrom.net. However, the website currently lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security vulnerability. Other security best practices such as security headers and HSTS are also missing. Privacy compliance is well addressed with a comprehensive privacy and cookie policy and an active consent mechanism. Overall, while the business and content aspects are strong, the security posture requires urgent improvement to protect user data and maintain trust.

B

brandingpark GmbH

brandingpark.at

0

brandingpark GmbH is an established Austrian company specializing in event branding and event logistics since 2006. The company offers comprehensive services including event creation, management, logistics, and consulting, targeting event organizers and promotional businesses primarily in Austria. The website reflects a professional business with clear service offerings and multiple office locations in Graz and Vienna. Technically, the site is built on the Wix platform utilizing modern web technologies such as React 18 and Wix Pro Gallery, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. The absence of HTTPS and security headers exposes the site to potential risks and undermines user trust. Privacy compliance is minimal, with no evident cookie consent mechanisms, though a basic privacy policy and terms of service are present. Overall, the business appears credible and trustworthy, but the technical and security posture requires significant improvement to meet modern standards.

TDK Corporation is a leading global manufacturer of electronic components and devices, specializing in high magnetics technology. The company maintains a strong market position with a comprehensive corporate website offering detailed information on its business, sustainability efforts, investor relations, and career opportunities. The website is professionally designed, multilingual, and targets investors, customers, and job seekers worldwide. Technically, the site is built on Drupal CMS with modern JavaScript libraries such as jQuery, Swiper.js, and GSAP, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Security posture is weak due to missing HTTPS and security headers, though privacy and cookie policies are present with consent mechanisms, indicating good privacy compliance. Overall, the site is trustworthy and professional but requires urgent security improvements to protect user data and enhance trust.

T

TCI Consult GmbH

tciconsult.eu

0

TCI Consult GmbH is a specialized consulting firm with over 30 years of experience focusing on corporate management, banking control, business intelligence, and cybersecurity. The company operates primarily in Austria and Germany, targeting sectors such as finance, public services, telecommunications, and manufacturing. Their services include data warehousing consulting, cybersecurity assessments, and compliance support for EU regulations like NIS 2 and DORA. Technically, the website employs modern JavaScript libraries and frameworks such as jQuery and Foundation, with analytics powered by Google Analytics and Piwik/Matomo. However, the site suffers from a critical security flaw due to an invalid SSL certificate, resulting in no HTTPS protection. This significantly impacts the security posture and trustworthiness of the site. Privacy compliance is partially addressed through Cookiebot consent mechanisms and a privacy policy located on the impressum page, but lacks comprehensive GDPR indicators. Overall, the website presents professional content and consistent branding but requires urgent security improvements to meet modern standards.

UniCredit Bank Austria AG operates as a major financial institution in Austria, providing a wide range of banking services including retail, corporate, and private banking. The website targets private customers, corporate clients, and private banking customers with comprehensive offerings such as accounts, credit cards, loans, insurance, and investment products. The bank is part of the UniCredit Group, indicating a strong market position and enterprise scale. The website is professionally designed with consistent branding and rich content, supporting a high level of user engagement and trust. Technically, the website employs modern JavaScript libraries and third-party services such as Tag Commander for tag management and Genesys for customer service. Hosting is supported by Akamai CDN infrastructure, enhancing availability and performance. However, the site suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw for a banking website. Accessibility and SEO optimizations are well implemented, and mobile responsiveness is good. Security posture is weak due to the absence of HTTPS, missing security headers, and no HSTS policy. While no immediate vulnerabilities are detected, these gaps expose the site to risks and reduce user trust. Privacy compliance is strong with clear privacy and cookie policies, GDPR adherence, and consent mechanisms in place. Business credibility is high, supported by certifications and transparent legal information. Overall, the site is a professional and comprehensive banking portal but requires urgent security improvements, especially SSL/TLS implementation, to meet industry standards and protect user data effectively.

The domain bspotted.net currently serves no active website content and instead displays a Heroku error page indicating 'No such app'. This suggests the website is inactive or decommissioned. There is no business information, metadata, or user-facing content available to analyze. The DNS records show multiple A records and Google MX records, indicating email services are configured, but no SSL certificate is present, and the site is served over HTTP only. The hosting provider is Heroku, but the lack of a valid SSL certificate and security headers indicates a poor security posture. Overall, the site is not accessible for normal users and lacks any privacy or compliance policies, contact information, or business credibility indicators.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

O

Oper Graz

oper-graz.com

0

Oper Graz is a well-established cultural institution based in Austria, specializing in opera, ballet, concerts, and related performing arts. The website serves as a portal for event information, ticket sales, and community engagement, targeting a broad audience including families, youth, and cultural enthusiasts. The business model revolves around live event performances and ticketing services, supported by partnerships with regional theater organizations. Technically, the site is built on WordPress with a multilingual setup and uses common plugins for SEO, forms, and interactive content. However, the absence of a valid SSL certificate and HTTPS severely impacts the site's security posture. While the site demonstrates good content quality, accessibility, and SEO practices, the lack of modern security protocols and headers exposes it to risks. Privacy compliance is addressed with clear policies and cookie consent mechanisms. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

H

Holcim

lafargeholcim.com

0

Holcim is a globally recognized enterprise specializing in innovative and sustainable building materials and solutions. The company positions itself as a leader in decarbonizing construction with a broad portfolio including low-carbon cement, concrete, roofing, and insulation products. Their website reflects a mature, well-established business with a strong emphasis on sustainability, innovation, and corporate responsibility. The target audience includes construction professionals, architects, investors, and sustainability advocates worldwide. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and employs modern web technologies and SEO best practices. However, a critical security gap exists due to the absence of HTTPS/SSL, which severely impacts the site's security posture. While security headers are properly configured, the lack of encryption exposes users to risks. Privacy and cookie policies are comprehensive and GDPR compliant, indicating good privacy governance. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

V

VTU Top GmbH

vtu.com

0

VTU Top GmbH is a medium-sized Austrian engineering company specializing in the planning and implementation of modern, sustainable process plants primarily serving the Life Sciences, Chemistry, and Process Industry sectors. The company offers a broad range of services including general planning (EPCMv), process engineering, electrical engineering, automation, GMP services, and manufacturing science & technology. The website is built on TYPO3 CMS with modern frontend technologies and provides comprehensive business and contact information, including a contact form and social media presence on LinkedIn. However, the site currently lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Privacy and cookie policies are well implemented with a consent mechanism, reflecting good GDPR compliance. Overall, the website presents a professional image but requires urgent security improvements to protect user data and enhance trust.

S

Speedinvest

speedinvest.com

0

Speedinvest is a well-established European venture capital firm focused on funding early-stage technology startups across multiple sectors including deep tech, fintech, health, climate tech, marketplaces, and SaaS. With over €1 billion under management, the company provides not only capital but also hands-on support and access to a broad network of founders and industry experts. The website reflects a professional and comprehensive digital presence, targeting founders and startups seeking early-stage investment and growth support. Technically, the site is built on Webflow and hosted via Cloudflare, leveraging modern JavaScript libraries such as GSAP and jQuery for enhanced user experience. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which severely impacts its security posture and trustworthiness. Cookie consent is managed effectively via Cookiebot, ensuring GDPR compliance and transparency in data collection practices. Overall, while the business model and content quality are strong, the lack of HTTPS and security headers represents a significant risk that should be addressed promptly.