Security Directory

R

Red Bull Records

redbullrecords.com

0

Red Bull Records is a well-established independent record label focused on long-term artist development with a global perspective. The website showcases a comprehensive artist roster, music releases, events, news, and an integrated merchandise shop, reflecting a mature digital presence. The brand leverages multiple social media platforms and music streaming services to engage its audience effectively. Technically, the site is built on WordPress and integrates modern marketing and accessibility tools, though it suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy and terms policies are clearly presented and hosted on official Red Bull domains, indicating good compliance practices. Overall, the site is professional and trustworthy but requires urgent improvements in security infrastructure to protect user data and enhance trust.

My Health Toolkit, LLC operates a healthcare benefits management platform targeting members of various Blue Cross and Blue Shield plans across multiple states in the United States. The platform offers services such as claims status checking, digital ID card management, coverage confirmation, provider search, and medical spending account management. It serves as a centralized portal for eligible members to manage their health insurance benefits efficiently. Technically, the website relies on the Dojo Toolkit 1.13.0 for frontend functionality and integrates Google Analytics and Google Tag Manager for user tracking and analytics. The site is hosted on infrastructure associated with Level3. However, the website suffers from slow load times and basic mobile optimization. SEO and accessibility features are present but minimal. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, exposing users to significant risks. No security headers or advanced security configurations are implemented. Privacy and cookie policies are absent, and no GDPR compliance indicators are present. These deficiencies represent critical vulnerabilities and compliance gaps that must be addressed to protect user data and build trust. Overall, while the business model and service offerings are clear and well-targeted, the technical and security posture of the website is weak. Immediate remediation of SSL/TLS issues and implementation of privacy policies are recommended to improve security and compliance. Enhancements in performance and mobile responsiveness would also benefit user experience and trust.

V

VRM Holding GmbH & Co. KG

vrm-mediasales.de

0

VRM Media Sales is a regional media sales company operating primarily in the Rhein-Main and Mittelhessen regions of Germany. They specialize in developing tailored advertising solutions and media campaigns for local businesses, leveraging print and online media channels. The company positions itself as a competent partner for marketing strategies, offering services such as campaign planning, mediamix consulting, and corporate publishing. Their website reflects a medium-sized enterprise with a professional digital presence, targeting businesses seeking regional advertising opportunities. Technically, the site uses JavaScript, Google Analytics, Google Tag Manager, and a consent management platform, hosted on Versatel infrastructure and built on the ecomaXL CMS platform. However, the website suffers from a lack of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Other security best practices such as DNSSEC, DMARC, and security headers are missing, exposing the site to potential risks. Privacy compliance is well addressed with a comprehensive privacy policy, cookie consent mechanism, and GDPR notices. Overall, the website is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

V

VRM GmbH & Co. KG

vrm-abo.de

0

VRM GmbH & Co. KG operates a regional newspaper subscription platform offering print and digital news products primarily targeting German regional readers. The website serves as a portal for subscription management, product information, and user authentication via a dedicated SSO service. The company holds a strong position in the regional media market with multiple local newspapers under its umbrella. Technically, the site is built on Magento Commerce with modern JavaScript libraries and integrates multiple marketing and analytics tools such as Google Tag Manager, Microsoft Clarity, and Hotjar. While the SSL configuration is robust with TLS 1.3 support and no known vulnerabilities, improvements are recommended in DNS security (DNSSEC), HTTP security headers (HSTS), and email authentication (DMARC). The site demonstrates good privacy compliance with a comprehensive cookie consent mechanism and links to a detailed privacy policy. However, performance is a concern due to slow load times and a large page size, which could impact user experience. Overall, the website is professional, trustworthy, and compliant but would benefit from technical optimizations and enhanced security hardening.

S

SEMSEA GmbH

semsea-hh.de

0

SEMSEA GmbH is a specialized online marketing agency based in Hamburg, Germany, offering tailored services in SEA, SEO, and digital analytics. The company positions itself as a trusted partner for businesses aiming to enhance their digital presence and marketing effectiveness. The website reflects a mature digital infrastructure built on WordPress and Elementor, integrating modern tracking and consent management tools such as Google Tag Manager and Borlabs Cookie. Security posture is solid with HTTPS, SPF, and DMARC configured, though improvements like HSTS and DNSSEC could enhance protection. The site demonstrates good privacy compliance with a comprehensive privacy policy and cookie consent mechanism. Overall, SEMSEA GmbH presents a professional and credible online presence with strong trust indicators and partner affiliations.

Healthy Blue of South Carolina is a Medicaid health insurance provider operating under BlueChoice HealthPlan, an independent licensee of the Blue Cross Blue Shield Association. The website serves South Carolina residents eligible for Medicaid, offering enrollment, benefits information, provider resources, and member services. It positions itself as a large network with unique wellness programs and a trusted brand affiliation. Technically, the site is built on Drupal 10 with integrations for member login and analytics, but suffers from slow performance and lacks HTTPS security. The security posture is weak due to the absence of a valid SSL certificate and missing security headers, exposing users to potential risks. Privacy policies and terms of service are present, but cookie consent mechanisms are missing despite tracking scripts. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

B

BlueChoice HealthPlan of South Carolina

bluechoicesc.com

0

BlueChoice HealthPlan of South Carolina is a regional healthcare insurance provider affiliated with the Blue Cross Blue Shield Association. The company offers diversified and affordable health coverage plans targeting individuals, families, employers, agents, and providers primarily within South Carolina. Their services include annual health plans, Medicaid, wellness incentive programs, and digital member tools such as My Health Toolkit. The website is built on Drupal 10 and integrates modern JavaScript libraries and marketing tools, reflecting a moderate level of digital maturity. However, the site suffers from slow performance and lacks a valid SSL certificate, which significantly impacts its security posture. While SPF and DMARC email authentication are properly configured, the absence of HTTPS and security headers exposes the site to potential risks. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the website presents a professional and trustworthy business front but requires urgent security improvements to protect user data and enhance trust.

A

Arbeitsgemeinschaft der Vermessungsverwaltungen der Länder der Bundesrepublik Deutschland

adv-online.de

0

The website adv-online.de represents the Arbeitsgemeinschaft der Vermessungsverwaltungen der Länder der Bundesrepublik Deutschland (AdV), a governmental organization coordinating official surveying and geospatial data services across German federal states. The site provides comprehensive information about their activities, events, and services related to geobasis data, digital mapping, and surveying standards. The target audience includes government agencies, businesses, and the public interested in geospatial data and surveying. Technically, the site uses older JavaScript libraries and a custom CMS, hosted likely on Microsoft Azure, but suffers from slow load times and lacks modern web performance optimizations. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS support, missing security headers, and no DNSSEC or DMARC configurations. Privacy compliance is moderate with a clear privacy policy and cookie consent banner but lacks detailed data protection officer contacts or incident response information. Overall, the site is functional and content-rich but requires urgent security improvements to protect user data and enhance trust.

P

Portus Data Centers

portusdatacenters.com

0

Portus Data Centers operates as a carrier-neutral edge colocation data center provider with facilities in Germany and Luxembourg. The company targets businesses requiring high-performance, low-latency IT infrastructure, offering hybrid cloud and colocation services. Their market position is that of a medium-sized regional operator with a focus on sustainability and modern digital infrastructure. Technically, the website is built on WordPress with Elementor and integrates Google Analytics and Tag Manager for tracking. However, the site lacks a valid SSL certificate, which severely impacts security posture and user trust. The absence of cookie consent mechanisms and limited privacy compliance further reduce the site's compliance maturity. Security best practices such as SPF and DMARC are partially implemented but could be strengthened. Overall, the website presents professional content and clear business information but requires urgent improvements in security and privacy to meet modern standards.

The websitewelcome.com domain currently hosts a minimal placeholder page primarily providing an abuse contact email address. There is no substantive business description, privacy policies, or terms of service available, indicating a very limited web presence. The technical infrastructure shows DNS hosted via Cloudflare nameservers but lacks DNSSEC and has an invalid or missing SSL certificate, resulting in no HTTPS support. The website performance is moderate due to minimal content but lacks mobile optimization and accessibility features. Security posture is poor with no TLS protocols enabled, no security headers, and no HSTS, exposing the site to potential risks. Overall, the site is low trust and low professionalism, with critical security and compliance gaps that must be addressed to improve credibility and user safety.

T

Transloadit

uppy.io

0

Uppy is an open source JavaScript file uploader developed and maintained by Transloadit. It provides a modular and extensible solution for uploading files from local devices and various remote sources such as Dropbox, Google Drive, Instagram, and more. The platform targets developers and businesses seeking reliable and easy-to-integrate file upload capabilities. Uppy enjoys a solid market position as a community-driven project with commercial backing, supported by endorsements from notable technology communities and publications. Technically, the website leverages modern web technologies including React and Docusaurus for documentation, and integrates the Tus protocol for resumable uploads. Hosting and DNS services are provided by Cloudflare, ensuring robust infrastructure. However, the website suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. From a security perspective, while the site avoids known SSL vulnerabilities and uses secure protocols in its backend services, the lack of HTTPS and security headers exposes users to potential risks. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Contact and incident response information are not publicly available, limiting transparency. Overall, the website demonstrates good content quality, technical sophistication, and business credibility but is hampered by critical security deficiencies. Strategic improvements in SSL deployment, privacy compliance, and contact transparency are recommended to enhance trust and security.

The website at dreamscape.cloud is currently inaccessible, serving a 403 Forbidden error page with no visible content or metadata. This prevents any meaningful analysis of the business, its services, or compliance posture. The domain is registered and has basic DNS records including MX and NS entries, but the SSL configuration is invalid or missing, resulting in no HTTPS availability. The presence of HSTS header indicates some security awareness, but the lack of a valid certificate and TLS protocols severely undermines security. Overall, the site is effectively blocked from public access, limiting visibility into its operations or security maturity.

The website at mycourse.app currently serves only a minimal 404 error page with no accessible content, metadata, or business information. The domain is registered and DNS is managed via Cloudflare, but there is no valid SSL certificate installed, resulting in no HTTPS support. The lack of content and security configuration indicates a very low digital maturity level and no visible business presence on the site. Security posture is weak due to missing HTTPS, lack of security headers, and no DNSSEC or DMARC records. Overall, the site is inaccessible for meaningful user interaction or business engagement, representing a high risk for trust and credibility. Strategic improvements should focus on establishing a valid SSL certificate, deploying a functional website with clear business information, and implementing basic security and privacy compliance measures.

C

CACHINA PE E.I.R.L.

fuertenetwork.com

0

Cachina Pe operates as a local Peruvian online marketplace platform focused on classified ads for services, rentals, and sales. The website targets the general public in Peru seeking an easy-to-use platform for posting and browsing ads. The business is small-sized and operates under the legal entity CACHINA PE E.I.R.L., with clear contact information and basic trust indicators such as company registration and privacy policies. Technically, the site is built using modern web technologies including Next.js and React, served via an Nginx server. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. Performance data is missing, but the site appears to have basic mobile optimization and accessibility features. SEO is basic with proper meta tags but lacks advanced optimization. From a security perspective, the site lacks critical protections such as HTTPS, HSTS, security headers, and domain security configurations like DNSSEC and DMARC. No incident response or vulnerability disclosure policies are present. Privacy compliance is minimal with no cookie consent mechanism detected. Contact information is available but no dedicated security or data protection contacts are found. Overall, the website presents moderate business credibility but suffers from critical security deficiencies that expose users to risks. Strategic improvements in SSL deployment, security headers, and privacy compliance are essential to enhance trust and protect user data.

The website echt-fake.de currently serves only a minimal 404 error page with no accessible content, metadata, or business information. This indicates the site is either inactive, under construction, or improperly configured. The DNS setup is basic with no DNSSEC or CAA records, and the SSL certificate is invalid or missing, resulting in no HTTPS support. Security headers are minimal, and no privacy or cookie policies are present. Overall, the site lacks fundamental digital maturity and security posture, presenting a high risk for visitors and no trust signals. Strategic recommendations include implementing a valid SSL certificate, publishing privacy and security policies, and providing meaningful content and contact information to improve credibility and compliance.

G

GLS Portugal

gls-portugal.pt

0

GLS Portugal is a well-established parcel delivery and logistics company operating since 2005, serving both business and private customers with a broad range of national and international shipping services. It is part of the GLS Group, leveraging a large European logistics network. The website demonstrates a mature digital presence with multilingual support, comprehensive parcel tracking tools, and client portals. Technically, the site is built on WordPress with modern libraries and hosted on Google Cloud, ensuring good performance and mobile optimization. Security posture is solid with HTTPS, HSTS, and reCAPTCHA Enterprise integration, though some security headers and OCSP stapling could be improved. Privacy compliance is strong with GDPR-aligned cookie consent and detailed policies. Overall, GLS Portugal presents a professional, trustworthy, and user-friendly online platform supporting its logistics business effectively.

U

ularwmg.com

ularwmg.com

0

The website ularwmg.com is currently inaccessible due to an HTTP 429 error indicating rate limiting or blocking, resulting in no accessible content or business information. The site appears to be hosted on the Wix platform but lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. No privacy, cookie, or terms of service policies are present, nor is there any contact information or business data available. The technical infrastructure is minimal, with basic JavaScript and LitElement framework usage detected, but overall performance is slow and the site is not optimized for mobile or SEO. Security posture is poor due to missing SSL, lack of security headers, and absence of DNS security features. Given the blocked status and lack of content, the overall risk is high, and the site cannot be properly evaluated for business credibility or compliance.

S

StairwayStudios

stairwaystudios.de

0

StairwayStudios is a small, established multimedia agency based in Schwarzenbek, Germany, specializing in web design, print design, and multimedia marketing services. Founded in 2000, the company leverages TYPO3 CMS and modern frontend technologies to deliver responsive and SEO-friendly websites, complemented by print media and corporate video production. Their client portfolio and testimonials indicate strong local market presence and long-term customer relationships. Technically, the website is built on TYPO3 CMS with common libraries such as jQuery and Bootstrap, but suffers from slow load times and lacks modern performance optimizations. Security posture is weak due to the absence of a valid SSL certificate and HTTPS, missing security headers, and lack of advanced security features like HSTS and OCSP stapling. Privacy compliance is supported by a cookie consent banner and a privacy policy in German, indicating GDPR awareness. Overall, the site is professional but requires significant security and performance improvements to enhance trust and user experience.

The Axel-Bourjau-Stiftung website represents a small regional non-profit foundation focused on supporting children and youth work through cultural, educational, and social projects in Büchen, Germany. The foundation was established in 2005 and primarily serves local communities, churches, and schools. The website content is well-structured and provides clear information about the foundation's mission, projects, and history, targeting local stakeholders and potential supporters. Technically, the website uses Bootstrap and jQuery for frontend development and is hosted with GoDaddy services. The site performance is moderate with a page load time of approximately 3.3 seconds and basic mobile responsiveness. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts security posture and user trust. From a security perspective, the absence of HTTPS, security headers, and cookie consent mechanisms are critical vulnerabilities. No forms or direct contact emails are present on the homepage, limiting direct user engagement. The site does not implement modern security best practices such as HSTS or OCSP stapling. Privacy compliance is minimal, with a privacy policy page present but no cookie consent or GDPR indicators. Overall, the website is functional and informative but requires urgent security improvements, especially enabling HTTPS and implementing privacy compliance features, to enhance trustworthiness and protect user data.

F

Fuerte Arts Movement

fuerte.org

0

Fuerte Arts Movement is a small non-profit organization focused on leveraging art and culture to drive collective action on social issues such as voting rights, housing justice, and environmental justice, with a focus on Arizona women of color and LGBTQ perspectives. The website serves as a community hub featuring advocacy campaigns, events, a zine library, and multimedia content. Technically, the site is built on WordPress with various plugins for event management and media display, but suffers from slow performance and lacks a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication records. Privacy compliance is minimal with no visible privacy or cookie policies. Overall, the site is content-rich and professionally designed but requires urgent improvements in security and privacy to protect users and build trust.

ETO Software is a technology company providing software solutions primarily for the human services sector, focusing on case management and related services. The website analyzed is a login portal affiliated with Social Solutions Global, Inc., indicating a parent-subsidiary relationship. The business targets organizations requiring specialized software to manage human services programs. The platform appears to operate as a SaaS offering with a moderate market presence in its niche. Technically, the website is built on legacy ASP.NET Web Forms technology with Telerik UI components and hosted on Amazon AWS infrastructure. The site performance is slow, and mobile optimization is basic. Security posture is weak due to lack of HTTPS, missing security headers, and absence of privacy and cookie policies. Marketing and analytics tools such as Pendo and Aptrinsic are integrated, indicating moderate user tracking without clear privacy compliance. Overall, the website lacks modern security and privacy best practices, which poses risks to user data protection and trust.

The website etosoftwareau.com is currently inaccessible, returning a 403 Forbidden error page with minimal HTML content. This indicates that the site is either restricted or blocked from public access, preventing any meaningful content or metadata extraction. The domain is registered and hosted on Amazon AWS infrastructure, specifically behind an AWS Elastic Load Balancer, but no valid SSL/TLS certificate is configured, resulting in no HTTPS support. Due to the lack of accessible content, no business information, contact details, or privacy and security policies could be identified. From a technical perspective, the site lacks modern security configurations such as HTTPS, security headers, and HSTS, which significantly lowers its security posture. The absence of analytics, marketing tools, or external links further indicates minimal or no active web presence at this URL. The DNS setup is standard with AWS Route53 nameservers, but DNSSEC and CAA records are not enabled, which could be improved for better domain security. Overall, the security posture is weak due to missing SSL and security headers, and the site is effectively blocked from public access, limiting any user or automated interaction. This results in a very low AI score reflecting poor content quality, technical implementation, security, privacy compliance, and business credibility. Strategic recommendations include obtaining and configuring a valid SSL certificate, enabling HTTPS, implementing security headers, and ensuring the site is accessible to users and crawlers to improve trust and compliance.

A

Amtsverwaltung Büchen

amt-buechen.de

0

Amt Büchen operates as a local government administration serving 15 municipalities in the Herzogtum Lauenburg district of Schleswig-Holstein, Germany. The website provides comprehensive citizen services, public announcements, and administrative information primarily targeting residents and local businesses. The site is built on TYPO3 CMS and uses common frontend technologies such as Bootstrap and jQuery, hosted by Hetzner. Despite good content quality and clear navigation, the site lacks a valid SSL certificate, which impacts security posture and user trust. Cookie consent mechanisms are implemented, supporting GDPR compliance. Contact information is clearly presented, enhancing business credibility. However, the absence of security headers and slow page load times indicate areas for technical improvement.

Security assessment completed with an overall score of 50/100 (unknown risk). 2 critical issues require immediate attention. Total of 14 security findings identified across all modules.

S

Saarländische Nahverkehrs-Service GmbH

saarvv-profil.de

0

The website represents Saarländische Nahverkehrs-Service GmbH, a regional public transportation service provider in Saarland, Germany. It offers information about the saarVV public transport network, focusing on sustainability, digitalization, and service improvements. The site targets local public transport users and stakeholders. Technically, the website is built on WordPress using Elementor, with common web technologies like jQuery and Swiper.js. The site is mobile-optimized but suffers from slow load times and lacks some advanced performance optimizations. Security-wise, the site uses HTTPS with a valid certificate but lacks important security headers, HSTS, and OCSP stapling. No cookie consent mechanism or comprehensive privacy compliance features are present. Contact information is clearly provided, including email, phone, and physical address. Social media presence is active on major platforms. Overall, the site is functional and professional but could improve in security and privacy compliance to enhance trust and user safety.

Worldshop.eu is a well-established e-commerce platform operated by Miles & More GmbH, serving as the sales channel for Europe's leading loyalty program. The website offers a broad range of lifestyle and aviation-branded products, targeting Miles & More members and aviation enthusiasts. The platform integrates loyalty features such as mileage redemption and earning, alongside traditional e-commerce functionalities. Technically, the site employs a modern tech stack including Apache Wicket, jQuery, and Material Design components, hosted by Noris Network AG. Despite a rich user experience and comprehensive content, the absence of a valid SSL certificate and lack of HTTPS implementation represent critical security vulnerabilities. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the site demonstrates strong business credibility and user engagement but requires urgent security improvements to protect user data and maintain trust.

D

DSV-Gruppe

dsv-gruppe.de

0

DSV-Gruppe is a specialized solutions provider primarily serving the Sparkassen financial group and its associated companies and associations in Germany. Established in 1923, it holds a leading market position in financial services, focusing on communication, organization, payment, and digital transformation solutions. The website reflects a professional and consistent brand presence targeting Sparkassen and related stakeholders. Technically, the site is built on Adobe Experience Manager with modern JavaScript modules and integrates multiple marketing and analytics tools. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the site demonstrates good content quality and business credibility but requires urgent security improvements.

The website bertelsmann-hr.de is currently inaccessible, returning a 403 Forbidden error page with minimal HTML content. This prevents any meaningful extraction of business, privacy, or security-related information from the site itself. DNS data shows the domain is registered and hosted by Arvato Systems in Germany, but no SSL certificate is installed, resulting in no HTTPS support. The lack of accessible content and security features indicates a poor security posture and limited digital maturity. Without access to the actual website content, no privacy policies, contact information, or business details can be confirmed. The overall risk is elevated due to the absence of HTTPS and the blocked access, which also limits the ability to assess compliance or trustworthiness.

The Hill to Sea Corridor website provides informational content about a proposed 28-mile transportation route connecting multiple transit lines and regional amenities. The site targets local residents and commuters interested in regional transit development. The business model appears to be informational or advocacy-focused without commercial transactions or services. Technically, the site uses a modern JavaScript module approach, likely React or a similar framework, hosted on DigitalOcean with DNS managed by DigitalOcean nameservers. However, the site suffers from slow load times and minimal content depth. Security posture is weak, with no valid SSL certificate, no HTTPS enabled, and absence of security headers or best practices. Privacy and compliance policies are missing, and no contact or business information is provided, limiting trust and credibility. Overall, the site is accessible but lacks fundamental security and compliance features, resulting in a low security and trust score.

S

Streets For All San Francisco

streetsforallsf.org

0

Streets For All San Francisco is a small non-profit advocacy organization dedicated to improving transportation safety and public space in San Francisco. Their website serves as a platform for community engagement, initiatives, events, and fundraising. The organization positions itself as a local leader in advocating for safer, greener streets and better transit options. Technically, the website is built on Squarespace, leveraging standard web technologies and third-party services such as Mailchimp for email marketing and ActBlue for donations. While the site is visually consistent and user-friendly, performance is somewhat slow and SEO/accessibility features are basic. Security posture is adequate with modern TLS protocols and no known SSL vulnerabilities, but lacks advanced security headers, DNS protections, and privacy compliance mechanisms. Contact information is limited to an email address and social media links, with no phone or physical address provided. Overall, the site is functional and professional but would benefit from enhanced privacy policies, security hardening, and performance optimization.

B

bevestor GmbH

bevestor.de

0

bevestor GmbH is a German digital wealth management company offering modern, fully online investment solutions primarily focused on ETF portfolios and sustainable investment options. Positioned as a multiple award-winning Robo-Advisor, bevestor targets retail investors starting from 500 euros, providing automated portfolio management and risk mitigation strategies such as Anlageschutz. The company operates under the Deka-Gruppe umbrella, leveraging the trust and infrastructure of the DekaBank for secure custody of client assets. The website is content-rich, professionally designed, and well-structured, targeting German-speaking customers with clear calls to action and educational resources.

A

A1 Telekom Austria Group

telekom.at

0

A1 Telekom Austria Group is a leading telecommunications provider in Austria, offering a comprehensive range of services including mobile telephony, fixed internet, TV streaming, and digital security products. The website reflects a mature digital presence with a strong focus on residential customers, youth, and families, supported by loyalty programs and customer apps. Technically, the site is built on the Liferay CMS platform, utilizing modern JavaScript libraries and frameworks, and integrates cookie consent management via OneTrust and analytics through Google Tag Manager. Security posture is robust with HTTPS enforced, strong TLS configurations, and appropriate security headers, although improvements such as enabling HSTS and OCSP stapling could enhance security further. Privacy compliance is well addressed with clear privacy and cookie policies, and GDPR adherence is evident. Overall, the website demonstrates high professionalism, excellent user experience, and trustworthy business practices.

A

Amtsverwaltung Büchen

amt-buechen.eu

0

Amt Büchen is a regional government administration serving 15 municipalities in the Herzogtum Lauenburg district of Schleswig-Holstein, Germany. The website provides citizens with access to public services, administrative information, announcements, and digital portals such as appointment booking and citizen services. The site targets local residents and stakeholders, offering a comprehensive overview of the Amt's functions and community resources. Technically, the website is built on TYPO3 CMS with Bootstrap and jQuery, hosted by Hetzner. While the site is well-structured and mobile-optimized, it suffers from a critical security issue: the SSL certificate is invalid or missing, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. Other security best practices such as security headers, DMARC, and HSTS are also missing. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy page, but no terms of service or security policy pages are found. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

T

TÜV NORD GROUP

hydrohub.de

0

HydroHub is a specialized consulting and engineering center focused on hydrogen technology and infrastructure, operating as an initiative within the TÜV NORD GROUP. The website presents a professional and comprehensive overview of their services, targeting manufacturers, grid and storage operators, industrial users, public sector entities, and investors. The technical infrastructure is based on TYPO3 CMS with modern JavaScript libraries and includes cookie consent and tracking mechanisms. However, the site lacks HTTPS encryption, which is a critical security deficiency. The security posture is weak due to missing SSL, security headers, and DNSSEC, exposing the site to potential risks. Privacy compliance is well addressed with a clear cookie consent mechanism and a comprehensive privacy policy. Overall, the site is professionally designed and trustworthy but requires urgent security improvements to protect user data and enhance trust.

Brussels Airlines is an enterprise-level transportation company operating primarily in Belgium and is part of the Lufthansa Group. The website is currently inaccessible due to a Web Application Firewall or security mechanism, resulting in an Access Denied page served by AkamaiGHost. This prevents access to any meaningful content, metadata, or business information on the site. The technical infrastructure includes Akamai CDN and Barracuda Networks for email security, with SPF and DMARC records properly configured. However, the SSL/TLS configuration is severely lacking, with no valid certificate or modern TLS protocols enabled, exposing the site to significant security risks. Security headers are minimal, and no privacy or cookie policies are detectable on the landing page. Overall, the site’s security posture is weak, and the lack of accessible content limits the ability to assess business credibility or compliance. The site is heavily tracked by multiple advertising and analytics services as indicated by the content security policy, but these cannot be verified due to the blocked content.

The website sparkphotonics.org is currently inaccessible due to an HTTP 429 error indicating rate limiting or blocking, resulting in an error page with minimal content. No business-related content, metadata, or contact information is available for analysis. The site is hosted on Wix infrastructure with a valid SSL certificate supporting modern TLS protocols but lacks advanced security features such as HSTS, OCSP stapling, and DMARC records. No privacy, cookie, or terms of service policies are present, and no analytics or advertising technologies are detected. Overall, the site exhibits poor content quality, limited technical implementation, and weak security posture due to missing security headers and policies. The lack of accessible content and contact details severely limits the ability to assess business credibility or compliance.

H

Heinrich Heine Fachmedien GmbH & Co. KG - Bücher vom Buchhändler

heinebuch.de

0

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 27 security findings identified across all modules.

V

Verein für Konsumenteninformation (VKI)

europakonsument.at

0

Europakonsument.at is the official website of the European Consumer Centre Austria, operated by the Verein für Konsumenteninformation (VKI). It provides free advice and assistance to consumers facing cross-border issues within the EU, UK, Norway, and Iceland. The site offers complaint forms, consumer rights information, and updates on relevant topics such as travel, online shopping, and warnings. The organization is government-backed and co-funded by the EU, positioning it as a trusted non-profit consumer advocacy entity in Austria. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and uses Matomo for analytics. While the site is content-rich and well-structured with good mobile optimization and accessibility, it suffers from a lack of a valid SSL certificate, resulting in a basic security posture. Privacy compliance is strong with a clear cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is professional and trustworthy but requires urgent improvements in SSL and security headers to enhance user trust and security.

V

Verein für Konsumenteninformation (VKI)

verbraucherrecht.at

0

The website Verbraucherrecht.at is operated by the Verein für Konsumenteninformation (VKI), a prominent Austrian non-profit organization focused on consumer rights and legal information. It provides comprehensive resources including news, legal judgments, collective actions, and educational offerings targeted at Austrian consumers. The site is well-branded, consistent, and supported by the Austrian Ministry of Social Affairs, reinforcing its authoritative position in the consumer protection sector. Technically, the site is built on Drupal CMS, hosted on AWS infrastructure, and uses modern web technologies including Matomo for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly undermines user trust and security posture. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism. Overall, the site offers valuable content and services but requires urgent security improvements to meet modern standards.

V

Verein für Konsumenteninformation (VKI)

vki.at

0

The Verein für Konsumenteninformation (VKI) is a well-established Austrian non-profit organization dedicated to consumer protection through product testing, advice, and information dissemination. The website serves as a comprehensive portal for consumers, offering access to product recalls, educational seminars, and greenwashing checks, targeting Austrian consumers primarily. Technically, the site is built on Drupal CMS and hosted on Amazon AWS infrastructure, utilizing Matomo analytics with a clear cookie consent mechanism, reflecting a moderate level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. While privacy policies and GDPR compliance are well addressed, the lack of security headers and modern TLS protocols indicates room for significant security improvements. Overall, the site provides excellent content quality and user experience but requires urgent security enhancements to align with best practices and regulatory requirements.

The website studieren-in-bayern.de currently serves a 404 Page Not Found error, indicating that the requested content is unavailable or inaccessible. There is no substantive business content, metadata, or contact information present on the page. The site is powered by TYPO3 CMS as evidenced by the error page branding, but no further technical or business details are available. The DNS configuration lacks DNSSEC and CAA records, and the SSL certificate is invalid or missing, resulting in no HTTPS support. This severely impacts the security posture and trustworthiness of the site. Overall, the website is non-functional from a user and business perspective, with no privacy or compliance policies detected.

The website research-in-bavaria.de currently serves only a 404 Page Not Found error, indicating that the requested content is unavailable or the page does not exist. There is no accessible business information, contact details, or privacy and security policies on the site. The site is built on TYPO3 CMS as evidenced by the error page branding, but no active content or services are presented. Technically, the site lacks a valid SSL certificate and does not support HTTPS, exposing visitors to insecure connections. Performance is poor with a very slow load time despite minimal content. Security posture is weak due to missing HTTPS, lack of security headers, and absence of DNSSEC or CAA records. Overall, the site is not operational for end users and presents significant security and compliance gaps.

The website medigate.de is currently a parked domain landing page primarily serving advertisements and indicating the domain is for sale. There is no substantive business content, contact information, or service offerings present. The technical infrastructure relies on parking nameservers and third-party ad networks, with no valid SSL certificate, resulting in an insecure HTTP-only site. Performance is poor with a very slow load time. Security posture is weak due to lack of HTTPS, security headers, and privacy compliance mechanisms. Overall, the site does not present a credible or professional business presence and lacks essential security and privacy features.

U

UKE-Stiftung

uke-stiftung.de

0

The UKE-Stiftung website represents a medium-sized non-profit foundation focused on advancing healthcare through funding medical research, education, and patient care. The organization holds a strong market position within the German healthcare and research sector, emphasizing innovation and excellence. Technically, the website is built on a modern WordPress CMS with Elementor and several supporting plugins, delivering a professional and responsive user experience. Security posture is adequate with HTTPS and valid SSL certificates but lacks advanced features such as HSTS, DNSSEC, and OCSP stapling, which could enhance protection. Privacy compliance is addressed with a privacy policy and cookie information, though no explicit consent mechanism is observed. Overall, the site is trustworthy and professionally maintained, but improvements in security hardening and incident response transparency are recommended.

The website medcel.com.br is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, presenting a security challenge page instead of actual content. This prevents any meaningful extraction of business, privacy, or security policies and limits the ability to assess the website's digital maturity or business model. The DNS configuration shows use of Cloudflare for DNS and protection, and Microsoft Outlook for email services, with proper SPF and DMARC records indicating good email security practices. However, the SSL/TLS configuration is critically lacking, with no valid certificate and no TLS protocols enabled, resulting in a poor security posture. Performance metrics indicate very slow load times and minimal resource delivery, likely due to the block page. Overall, the website's security posture is weak due to missing HTTPS and the presence of a blocking WAF, and the content quality and business credibility cannot be assessed due to lack of access.

U

Unikontor

unikontor.de

0

Unikontor is the official online shop of Universität Hamburg, providing a diverse range of high-quality, sustainable merchandising products such as hoodies, T-shirts, bags, and conference materials. The website targets students, staff, tourists, and supporters of the university, positioning itself as a trusted provider of university-branded merchandise with a strong emphasis on sustainability and fair production practices. Technically, the site is built on the Shopware CMS platform, running on modern PHP and Apache servers, with good performance and mobile optimization. Security measures include HTTPS with strong TLS protocols, essential security headers, and OCSP stapling, though improvements like DNSSEC and CAA records could enhance security further. Privacy compliance is addressed with a visible cookie consent mechanism and a privacy policy, although some areas could be more comprehensive. Overall, the site demonstrates a good balance of business credibility, technical implementation, and security posture, making it a reliable and professional e-commerce platform for university merchandise.

Universität Hamburg is a large, well-established public university in Germany, recognized as the largest research and education institution in Northern Germany with a strong excellence status. The website serves as a comprehensive portal for students, researchers, staff, and the public, offering extensive information on academic programs, research projects, career services, and international cooperation. Technically, the site uses modern JavaScript libraries and analytics tools but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy policies and cookie consent mechanisms are well implemented, reflecting good GDPR compliance. However, the absence of HTTPS and security headers significantly weakens the security posture, exposing the site to potential risks. Strategic recommendations include immediate SSL deployment, enabling modern TLS protocols, and enhancing security headers to protect user data and improve trust.

G

Gemeinde Börnsen

boernsen-erleben.de

0

The website 'boernsen-erleben.de' serves as an official community information portal for the municipality of Börnsen, Germany. It provides residents and visitors with local news, event announcements, business listings, and social information. The site promotes a mobile app and offers structured navigation across various community topics. Technically, the site is built on the ProcessWire CMS, hosted by Strato, and uses common web libraries such as jQuery and Owl Carousel. Performance is moderate with a page load time of approximately 3.8 seconds. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism. The site uses Matomo analytics, indicating moderate user tracking with some privacy considerations. Overall, the website is functional and informative but requires significant security improvements to protect user data and comply with modern web standards.

G

Gemeinde Büchen

buechen.de

0

Gemeinde Büchen operates as a local government entity serving approximately 6,700 residents in the Herzogtum Lauenburg district of Germany. The website provides comprehensive information about municipal services, including family and social services, education, culture, economy, and local infrastructure. It targets residents, families, businesses, and visitors, positioning itself as a community hub with a focus on quality of life and connectivity. Technically, the site is built on TYPO3 CMS with Bootstrap and jQuery, but suffers from slow load times and lacks modern security configurations such as HTTPS. The security posture is weak due to the absence of SSL/TLS encryption, security headers, and DNS security features. Privacy compliance is partially addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response policies are evident. Overall, the site is functional and informative but requires urgent security improvements to protect user data and enhance trust.

F

Friedrich-Alexander-Universität Erlangen-Nürnberg

fau.de

0

Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) is a large, well-established public research university in Germany, founded in 1743. It offers a broad spectrum of over 280 study programs and is recognized as one of the leading research institutions in the country. The university serves a diverse audience including prospective students, current students, researchers, staff, alumni, companies, schools, and the press. Its business model centers on education, research, and outreach, with strong partnerships and international collaborations. The website reflects a mature digital presence with comprehensive content, structured navigation, and integration of multimedia and social media channels.