Security Directory

N

newco.es

newco.es

0

The website newco.es currently serves only a minimal HTML page that immediately redirects visitors to a /lander path. There is no substantive content, metadata, or business information available on the root page. DNS records show the domain is registered and has valid A records, but lacks DNSSEC and CAA records. The SPF record is restrictive, disallowing all mail sending. Critically, the site lacks a valid SSL certificate and does not support HTTPS, exposing it to security risks and reducing trustworthiness. No privacy, cookie, or terms of service policies are present, and no contact or company information is available. Overall, the digital maturity of the site is very low, with poor technical implementation and security posture.

T

TÜV NORD

tuev-nord.de

0

TÜV NORD is a well-established enterprise-level company specializing in safety, certification, and training services across multiple sectors including energy, transportation, real estate, healthcare, and technology. The website presents a professional and consistent brand image with comprehensive content targeting both private and business customers. The technical infrastructure is based on TYPO3 CMS with integration of modern marketing and analytics tools, though performance metrics indicate room for improvement. Security posture is weakened by the absence of a valid SSL certificate and HTTPS, which is a critical issue. Privacy compliance is well addressed with consent management and GDPR-aligned policies. Overall, the site is trustworthy but requires urgent security enhancements to protect user data and improve trust.

S

Stahlinstitut VDEh

vdeh.de

0

Stahlinstitut VDEh is a German-based institute specializing in steel technology, offering services such as seminars, standardization, membership, and publications. The website targets industry professionals and members within the steel manufacturing sector. The business model revolves around providing educational and industry services to its members and stakeholders. Technically, the website is built on PHP 7.4.33 with nginx and uses common frontend libraries like Bootstrap and jQuery. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. The site is moderately optimized for mobile and has a good design and navigation structure but suffers from slow DNS resolution and no caching headers that could improve performance. Security posture is weak due to missing HTTPS, lack of advanced security headers, and no cookie consent mechanism. Privacy compliance is minimal with a privacy policy present but no explicit GDPR compliance or cookie consent. Business credibility is moderate with clear branding and professional content but lacks direct contact information and certifications. Overall, the site scores low on security and privacy compliance, which should be prioritized to improve trust and user safety.

F

freenet Internet

freenet-internet.de

0

freenet Internet is a German telecommunications provider specializing in flexible internet tariffs that can be managed entirely via a mobile app. Their offerings include DSL and 5G internet services with monthly cancellable contracts, targeting customers who value freedom and simplicity. The website is built on modern JavaScript frameworks (Nuxt.js and Vue.js) and hosted on Amazon Web Services infrastructure, leveraging CloudFront CDN for content delivery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The presence of SPF and DMARC records indicates some email security awareness, but no advanced security headers or mechanisms are implemented. Privacy and terms of service documents are present and appear comprehensive, but no cookie consent mechanism is detected. Overall, the site provides good content quality and user experience but requires urgent improvements in security posture to protect users and enhance trust.

D

DIZ | Digitales Innovationszentrum GmbH

digitalhub-ai.de

0

Digital Hub Applied Artificial Intelligence Karlsruhe is a regional technology ecosystem hub focused on advancing artificial intelligence and cybersecurity in Karlsruhe, Germany. It serves as a network facilitator offering services such as events, workshops, startup programs, and expert access to foster innovation and collaboration. The website presents a professional and consistent brand image targeting businesses and individuals interested in AI and cybersecurity. Technically, the site is built on the Contao CMS platform, using Apache server and common web libraries like jQuery and Leaflet. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. Security headers are present but insufficient without proper HTTPS. Privacy compliance is partially addressed with a cookie consent mechanism and a privacy policy page, but GDPR compliance indicators and incident response information are missing. Overall, the site demonstrates moderate digital maturity with room for improvement in security and privacy practices.

P

Page Not Found

bertelsmann-investments.com

0

The website bertelsmann-investments.com currently serves only a 404 error page indicating that no site configuration is found. There is no accessible business content, contact information, or policies available on the site. The site is powered by TYPO3 CMS but lacks a valid SSL certificate and does not support HTTPS, resulting in a poor security posture. The DNS configuration shows hosting and mail services linked to arvato-systems.de and servicemail24.de respectively, but no further business details are exposed. Overall, the site is non-functional from a user and business perspective, with minimal technical implementation and no privacy or compliance features.

B

BMG Rights Management GmbH

bmg.com

0

BMG Rights Management GmbH operates as a global music publishing and record company, providing a broad range of services to music creators including publishing, recordings, and sync licensing. Positioned as a longtime home for artists and songwriters, BMG leverages a global network combined with innovative technology to empower its clients. The company is a division of the global media conglomerate Bertelsmann, indicating a strong market presence and enterprise scale. The website reflects a professional and consistent brand image targeting music industry professionals and creators. Technically, the site uses modern JavaScript libraries, Google Analytics for tracking, and a consent management platform to comply with privacy regulations. However, the hosting infrastructure appears to be Google Cloud Storage with DNS managed by Arvato Systems. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, which is a critical risk. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and trust.

B

Bertelsmann

createyourowncareer.de

0

Bertelsmann's Create Your Own Career website serves as a comprehensive career portal targeting students, graduates, professionals, and school students interested in opportunities within the Bertelsmann group. The site highlights multiple divisions and offers detailed information on programs, events, and job listings, positioning Bertelsmann as a large multinational media and services conglomerate with a strong employer brand. Technically, the site is built on TYPO3 CMS, hosted likely by Arvato Systems, and integrates modern marketing and consent tools such as Google Analytics, Google Tag Manager, and CookieFirst. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

S

SIDN fonds : een sterk internet voor iedereen

sidnfonds.nl

0

SIDN fonds is a Dutch non-profit organization dedicated to supporting innovative internet projects that contribute to a safer and more inclusive internet. With over 400 projects funded since 2015, it holds a strong position within the Dutch internet community, focusing on themes such as cybersecurity, digital accessibility, and public values. The website provides comprehensive information about its mission, funding opportunities, and supported projects, targeting innovators and organizations involved in internet initiatives. Technically, the website is hosted on Google Cloud infrastructure using OpenResty as the web server. It employs a robust Content Security Policy and integrates multiple analytics and marketing tools including Piwik PRO and Google Analytics. The site is mobile-optimized with good accessibility and SEO practices. However, a critical security gap is the absence of a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts the security posture. Security-wise, while several security headers are implemented, the lack of HTTPS and disabled TLS protocols expose the site to risks such as data interception and man-in-the-middle attacks. No explicit security or incident response policies are published, and no vulnerability disclosure mechanisms are evident. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the site is professionally designed and content-rich but requires urgent improvements in SSL/TLS deployment to enhance security and trustworthiness. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing security headers to protect users and data effectively.

A

Aalto-yliopisto

aalto.fi

0

Aalto-yliopisto is a leading multidisciplinary university in Finland specializing in technology, business, and arts. The website reflects a mature digital presence with comprehensive content targeting students, researchers, staff, and partners. It offers extensive information on education programs, research initiatives, events, and community engagement. The site is multilingual and well-branded, emphasizing sustainability and innovation. Technically, the site is built on Drupal 10 CMS, leveraging modern JavaScript libraries, CDN caching via Fastly, and integrates analytics and consent management tools such as Google Tag Manager and Cookiebot. The site is mobile-optimized, accessible, and SEO-friendly, with fast loading times and clear navigation. Security posture is strong with HTTPS enforced, valid SSL certificates, and multiple security headers. However, DNSSEC and CAA records are not implemented, which could enhance DNS security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is available but lacks explicit security incident response contacts. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enhancing DNS security, publishing vulnerability disclosure information, and improving incident response transparency.

I

Inland Southern California Climate Collaborative

iscclimatecollaborative.org

0

The Inland Southern California Climate Collaborative (ISC3) is a regional, cross-sectoral network focused on advancing equitable climate resilience solutions in Inland Southern California. The organization facilitates collaboration among agencies, organizations, and institutions to address climate risks such as heat, drought, and wildfires. The website serves as an informational platform providing resources, membership information, and regional climate reports. Technically, the site is built on WordPress with common plugins and libraries but suffers from a lack of a valid SSL certificate, resulting in insecure HTTP connections. Security posture is weak due to missing HTTPS, lack of security headers, and absence of email authentication DNS records. Privacy compliance is minimal, with no privacy or cookie policies detected. Business credibility is moderate, supported by university facilitation and government partnerships, but could be improved with more transparent policies and contact information. Overall, the site is functional and content-rich but requires significant security and privacy improvements to enhance trust and compliance.

E

EnviroMetro

envirometro.org

0

EnviroMetro is a small non-profit coalition focused on advocating for green, equitable, and healthy transportation policies in Los Angeles. The coalition collaborates with Metro and other organizations to influence transportation investment priorities and has played a key role in shaping regional ballot measures. The website is built on WordPress and uses common plugins such as Yoast SEO and MailChimp for marketing and analytics. While the site provides useful content and contact information, it lacks critical security features such as a valid SSL certificate and security headers, which exposes visitors to risks. Additionally, privacy and cookie policies are absent, indicating compliance gaps. The site’s performance is slow, and technical implementation could be improved to enhance user experience and security.

C

Climate Resolve

climateplans.la

0

Climate Plans Los Angeles is a small, niche advocacy and informational website focused on promoting climate-conscious community planning within the City of Los Angeles. The site provides resources and information about local community plan areas and encourages integration of climate considerations into urban development. Technically, the site is built on WordPress with Elementor and uses common web technologies such as jQuery and Bootstrap. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. The absence of privacy and cookie policies, as well as contact information, further reduces trust and compliance posture. Tracking technologies like Facebook Pixel and Google Analytics are present, indicating moderate user tracking without clear privacy disclosures. Overall, the site is functional but basic in content quality and technical implementation, with significant security and privacy gaps that should be addressed to improve user trust and regulatory compliance.

C

Climate Resolve

coolestinla.org

0

Climate Resolve is a well-established non-profit organization focused on climate advocacy and community engagement in Los Angeles. Their flagship event, Coolest in LA, celebrates 15 years of climate action and brings together leaders, advocates, and sponsors to promote sustainable solutions. The website is professionally designed using WordPress and Elementor, with good SEO and social media integration. The technical infrastructure leverages modern web technologies and Cloudflare for hosting and CDN services, ensuring good performance and availability. Security posture is adequate with HTTPS and valid SSL, but could be improved by enabling HSTS and DNSSEC. Privacy compliance is limited due to the absence of explicit privacy and cookie policies. Contact information is clearly provided, including obfuscated emails and a phone number. Overall, the site presents a credible and trustworthy image for a medium-sized non-profit organization.

P

Project Liberty LLC

thepeoplesbid.com

0

The People's Bid for TikTok is an initiative led by Project Liberty LLC aiming to create a consortium to purchase TikTok and migrate it to a decentralized platform that empowers users with control over their data. The website positions itself as a movement to reclaim digital rights and reshape social media governance. Technically, the site is built on Webflow, hosted on AWS infrastructure, and uses Matomo for analytics, indicating a moderate level of digital maturity. However, the site suffers from critical security shortcomings, including the absence of a valid SSL certificate and HTTPS protocols, lack of security headers, and no cookie consent mechanism, which significantly impact its security posture. Privacy policies and terms of service are present but basic, and contact information is limited to an email address. Overall, the site presents a professional and consistent brand image with good content quality but requires urgent security improvements to protect users and build trust.

M

Munich Urban Colab GmbH

munich-urban-colab.de

0

Munich Urban Colab GmbH operates a prominent innovation and coworking space in Munich, Germany, focused on developing and testing solutions for the future city through interdisciplinary and cross-sector collaboration. Positioned as one of Europe's largest startup centers, it serves startups, entrepreneurs, researchers, and public sector entities with services including coworking spaces, event venues, and community building. The website reflects a professional and well-branded digital presence with strong partnerships from major corporations and academic institutions. Technically, the site uses modern JavaScript modules, animation libraries, and a cookie consent management platform, but suffers from slow load times and lacks a valid SSL certificate, which impacts security posture. Security practices are basic, with no security headers or HSTS enabled, and no incident response or vulnerability disclosure policies found. Privacy compliance is good, with a clear privacy policy and cookie consent mechanism. Overall, the site is trustworthy and professional but requires urgent improvements in SSL and security configurations to enhance user trust and compliance.

G

GoDaddy, LLC

unternehmertum-vc.de

0

The domain unternehmertum-vc.de is currently a parked domain managed by GoDaddy, with no active business content or services hosted. The site primarily serves as a placeholder offering the domain for sale. The technical infrastructure is basic, relying on standard JavaScript and CSS with embedded third-party widgets for cookie consent (TrustArc) and customer reviews (Trustpilot). The site lacks a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. No security headers or advanced domain security configurations such as DMARC, DNSSEC, or CAA records are present. Privacy compliance is minimal but includes a cookie consent mechanism via TrustArc. Overall, the website quality is poor with slow load times and minimal content, reflecting its parked status rather than an operational business site.

B

BCS Eventos

bcseventos.com.br

0

BCS Eventos is a Brazilian company specializing in intelligent solutions for events such as fairs, congresses, and shows. Established in 1997, it has served over 1,000 events and offers a comprehensive event management platform called SIGEVENT, alongside technical support and equipment rental services. The company targets event organizers and managers, positioning itself as an experienced and reliable provider in the event technology sector. Technically, the website is hosted on KingHost with an Apache server and uses modern JavaScript libraries and Google Fonts, but lacks HTTPS security and advanced security headers. The site is professionally designed with good content quality and navigation, though performance data is limited. Security posture is weak due to missing SSL certificate and security headers, posing risks to user data and trust. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism. Overall, the website is functional and professional but requires significant security improvements to enhance trust and compliance.

A

Attention Required! | Cloudflare

argoenergia.com.br

0

The website argoenergia.com.br is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) blocking page, preventing access to any substantive content. As a result, no direct business information, metadata, or contact details are available for analysis. The domain is associated with the energy sector in Brazil based on the domain extension and DNS records, but no further business insights can be derived from the blocked content. The technical infrastructure includes Cloudflare protection, a valid SSL certificate with basic configuration, and DNS records with SPF and DMARC policies indicating some email security measures. However, the absence of DNSSEC and CAA records suggests room for improvement in DNS security. Performance metrics indicate a slow load time, likely due to the WAF challenge page. Security posture is moderate due to HTTPS and email authentication but lacks advanced security headers and HSTS enforcement. Overall, the site’s security and compliance posture cannot be fully assessed due to the blocking mechanism.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 11 security findings identified across all modules.

L

Landitec GmbH

scope7.de

0

scope7.de is the online presence of Landitec GmbH's scope7® brand, specializing in hardware appliances tailored for open source solutions such as OPNsense®, flexiWAN, IPFire, Untangle®, and FRRouting. The company positions itself as a provider of powerful, cost-effective, and ready-to-use hardware platforms that are pre-installed with popular open source firewall and routing software. Their market position is strengthened by official certifications and partnerships, notably as an OPNsense Platinum Partner and flexiWAN certified hardware provider. The website reflects a professional and consistent brand image targeting businesses and professionals seeking vendor-independent open source security appliances. Technically, the site is built on Joomla CMS with modern frontend libraries and extensions, delivering good performance and mobile optimization. Security posture is solid with HTTPS enforced, HSTS header present, and no detected SSL vulnerabilities, though improvements like OCSP stapling and DNSSEC could enhance security further. Privacy compliance is well addressed with a clear privacy policy and cookie consent mechanism, aligning with GDPR requirements. Contact information is available with a clear company phone number and contact forms, supporting business credibility. Overall, the website demonstrates a mature digital presence with strong business and security fundamentals.

G

Gaia-X 4 Future Mobility

gaia-x4futuremobility.de

0

Gaia-X 4 Future Mobility is a collaborative project family focused on developing and implementing future mobility applications based on the Gaia-X initiative. It is funded by the German Federal Ministry for Economic Affairs and Climate Action and coordinated by the DLR Institute for AI Security. The initiative involves about 80 participants from industry and research, aiming to build an open, decentralized data and service ecosystem for mobility. The website provides detailed information about the six constituent projects, their goals, participants, and related initiatives. Technically, the site is built on the Webflow platform, uses Google Fonts and jQuery, and is hosted on a CDN. However, the site lacks a valid SSL certificate and does not enforce HTTPS, which is a critical security concern. Privacy and terms of service pages are present, but no cookie consent mechanism is detected. Overall, the site is professionally designed with good content relevance and navigation but requires urgent security improvements.

H

Hochschule Ruhr West

hs-ruhrwest.de

0

Hochschule Ruhr West is a public university of applied sciences located in the Ruhr region of Germany, with campuses in Mülheim an der Ruhr and Bottrop. The institution offers a broad range of degree programs including bachelor, master, part-time, and dual studies, alongside active research and transfer activities. The website reflects a well-established regional educational institution with a clear focus on accessibility, student services, and cooperation with industry and society. The target audience includes prospective and current students, academic staff, and business partners. Technically, the website employs modern web technologies including JavaScript, CSS, and Cookiebot for cookie consent management, and integrates Google Tag Manager for analytics and marketing. The content management system appears to be Ibexa, supporting a structured and navigable site architecture. Performance is moderate with a page load time of approximately 6 seconds and a page size of about 335 KB. The site is mobile-optimized and accessible with good SEO practices. From a security perspective, the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which is a critical vulnerability impacting user trust and data protection. No modern TLS protocols or security headers are detected, and HSTS is not enabled. DNS records show proper SPF and DMARC configurations, which help mitigate email spoofing risks. Cookie consent is implemented comprehensively, supporting GDPR compliance. However, no explicit security policy or incident response information is found. Overall, the website is professionally designed and content-rich but suffers from significant security shortcomings due to the absence of HTTPS. Strategic improvements in SSL deployment, security headers, and incident response transparency are recommended to enhance trust and compliance.

Z

ZENIT GmbH (Konsortialführerin), NRW.BANK (Konsortialpartnerin), NRW.Global Business GmbH, IHK NRW e.V.

nrweuropa.de

0

NRW.Europa is a regional representation of the Enterprise Europe Network in North Rhine-Westphalia, Germany, providing comprehensive support for internationalization, innovation, and funding to SMEs and research institutions. The website is built on TYPO3 CMS and features professional design, clear navigation, and multilingual support. However, the site lacks a valid SSL certificate and modern TLS protocols, which significantly impacts its security posture. While privacy compliance is well addressed through a cookie consent mechanism and a comprehensive privacy policy, the absence of HTTPS and other security headers poses risks. The site maintains active content with news and event calendars, reinforcing its credibility and engagement with its audience. Strategic improvements in SSL deployment and security configurations are critical to enhance trust and compliance.

J

Jugend will sich-er-leben (JWSL)

jwsl.de

0

Jugend will sich-er-leben (JWSL) is a German non-profit prevention program focused on occupational safety and health for apprentices. It provides educational materials, competitions, and media resources primarily targeting vocational schools, teachers, and training companies. The program is affiliated with the statutory accident insurance and the DGUV, positioning it as a recognized entity in the education and government sectors within Germany. Technically, the website is built on TYPO3 CMS with modern frontend frameworks like Bootstrap and uses Video.js for media playback. However, the site suffers from a critical security deficiency as it lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, but no terms of service or incident response contacts are found. Overall, the site offers good content and user experience but requires urgent security improvements.

B

Berufsgenossenschaft Rohstoffe und Chemische Industrie

bgrci.de

0

Berufsgenossenschaft Rohstoffe und Chemische Industrie (BG RCI) is a statutory accident insurance institution in Germany serving sectors such as mining, chemical industry, paper manufacturing, leather, sugar, and construction materials. The organization provides accident insurance, prevention, rehabilitation, and consulting services focused on occupational safety and health. The website targets entrepreneurs and insured members within these industries, offering information, publications, and access to online services such as a member portal. The site is built on TYPO3 CMS and uses modern JavaScript libraries and Matomo for analytics, indicating a moderate level of digital maturity. However, the website suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential data interception risks. Privacy compliance is well addressed with a comprehensive privacy policy and GDPR adherence, but cookie consent mechanisms are missing. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

B

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM)

bgetem.de

0

Berufsgenossenschaft Energie Textil Elektro Medienerzeugnisse (BG ETEM) is a German statutory accident insurance institution serving sectors including energy, textiles, electronics, and media. The organization provides prevention, rehabilitation, compensation, and member services to insured companies and individuals. The website reflects a well-structured, content-rich platform targeting employers, insured persons, and safety professionals with comprehensive information and resources. Technically, the site is built on the Plone CMS with Bootstrap and jQuery, integrating Matomo analytics and Cookiefirst for consent management. However, the site lacks HTTPS encryption, which is a critical security deficiency. No security headers or modern TLS protocols are configured, exposing the site to potential risks. Privacy and legal compliance are well addressed with clear policies and cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and ensure compliance with modern standards.

B

BG Verkehr

bg-verkehr.de

0

BG Verkehr is a German statutory accident insurance institution specializing in transportation and logistics sectors. The website provides comprehensive information about insurance coverage, prevention, rehabilitation, and training services tailored for employees and companies in these industries. The site targets German-speaking users and serves as an official communication channel for BG Verkehr's services and updates. Technically, the website is built on the Plone CMS platform, utilizing modern frontend libraries such as Bootstrap and Font Awesome, and integrates Piwik/Matomo for analytics and Cookiefirst for cookie consent management. However, a critical security shortfall is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks and undermining trust. The site lacks security headers and advanced SSL configurations, which further impacts its security posture. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism. Overall, the website is professionally designed with good content quality and navigation but requires urgent security improvements to meet modern standards.

B

BG Kliniken – Klinikverbund der gesetzlichen Unfallversicherung gGmbH

bg-kliniken.de

0

BG Kliniken is a large non-profit healthcare organization in Germany specializing in acute care and rehabilitation for severely injured and occupationally ill patients. It operates one of the largest trauma center networks in the country, offering comprehensive medical services, research, and professional training through its BG Kliniken Akademie. The website is professionally designed with clear navigation targeting patients, insurance carriers, referring physicians, and job applicants. Technically, the site is built on TYPO3 CMS and integrates modern tools such as Usercentrics for cookie consent and Google Tag Manager for analytics. However, the site suffers from a critical security deficiency due to the absence of a valid SSL certificate and HTTPS support, exposing visitors to potential risks. DNS records show well-configured SPF and DMARC policies, enhancing email security. Overall, the site demonstrates strong business credibility and privacy compliance but requires urgent security improvements.

V

Versicherer im Raum der Kirchen

vrk.de

0

Versicherer im Raum der Kirchen (VRK) is a medium-sized German insurance provider specializing in sustainable and ethical insurance products tailored for individuals and church-related groups. The company offers a broad range of insurance services including auto, travel, home, liability, legal protection, health, and retirement products, with a strong emphasis on sustainability and customer-centric service. Their market position is niche but well-established within the church and non-profit sectors in Germany, supported by multiple sustainability and employer awards. Technically, the website is built on Adobe Experience Manager (AEM) and uses modern web technologies such as StencilJS components and responsive images. However, the site suffers from slow load times and lacks a valid SSL certificate, serving content over HTTP which significantly impacts security posture. Accessibility and SEO optimizations are well implemented, and the site is mobile-friendly with clear navigation. Security-wise, the absence of HTTPS and security headers is a critical weakness, exposing users to potential risks. No explicit security or incident response policies are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism in place. Overall, VRK's website demonstrates excellent content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, adding security headers, and improving performance to align with best practices.

A

Aerial Rapid Transit LLC

laart.la

0

Los Angeles Aerial Rapid Transit (LA ART) is a small-scale transportation project proposing a zero emissions aerial gondola system to connect key locations in Los Angeles, including Union Station, Chinatown, and Dodger Stadium. The project is affiliated with a non-profit and aims to reduce traffic congestion and pollution by providing an alternative transit option. The website serves as an informational and engagement platform, offering contact forms and social media links to connect with the community. Technically, the website is built on WordPress with common plugins and external integrations such as Google Analytics and Vimeo for media content. However, the site suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. The absence of modern security headers and privacy policies further weakens its compliance posture. From a security perspective, the site has basic SPF email protection but lacks HTTPS, HSTS, and DMARC records, exposing visitors to potential risks. No incident response or vulnerability disclosure information is provided. Overall, the security posture is weak and requires urgent improvements to protect user data and enhance trust. Strategically, the website should prioritize obtaining a valid SSL certificate, implementing privacy and cookie policies, and enhancing security headers. Improving site performance and accessibility will also benefit user experience and SEO. These steps will strengthen the project's credibility and support its mission to promote sustainable transportation in Los Angeles.

A

A1 Telekom Austria AG

a1click.at

0

A1click.at is an online marketplace operated under the A1 Telekom Austria AG brand, offering a curated selection of digital, entertainment, energy, finance, and insurance products. The platform leverages trusted partnerships and the A1 Trusted Brands certification to provide exclusive deals and services to Austrian consumers. The website features a modern frontend technology stack including Alpine.js and Tailwind CSS, integrated with multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Hotjar. Despite a professional design and good content quality, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and missing security headers, which significantly impact its security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism powered by OneTrust and a clear privacy policy in German. Contact information is limited to an email address and a newsletter subscription form, with no phone numbers or physical addresses disclosed. Overall, the website presents a solid business presence with room for improvement in technical security and performance optimization.

R

Railteam

railteam.eu

0

Railteam is a European rail alliance providing high-speed train services across more than 100 destinations in Europe. The alliance emphasizes sustainable travel, passenger comfort, and additional services such as lounges and flexible travel options like HOTNAT. The website is professionally designed with good content quality and clear navigation, targeting European rail travelers seeking efficient and environmentally friendly transport. Technically, the site uses Sweet CMS and common frontend libraries but suffers from critical security issues due to lack of a valid SSL certificate and absence of HTTPS, which severely impacts its security posture. Privacy policies and cookie consent mechanisms are present, but no direct contact information or security policies are found. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

V

Vienna Airport Lines

viennaairportlines.at

0

Vienna Airport Lines is a transportation service operating express bus lines between Vienna city and Vienna International Airport. It is a business unit of the Österreichische Postbus Aktiengesellschaft, a subsidiary of ÖBB-Personenverkehr AG, positioning itself as a reliable and convenient airport shuttle provider. The website presents clear business information, service offerings, and partner links, targeting travelers and commuters in Vienna. The digital infrastructure includes a responsive design and uses Matomo analytics for user tracking. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. No cookie consent mechanism or comprehensive privacy compliance features are evident. The site is moderately performant and accessible but requires urgent security improvements to meet modern standards.

S

Spotler

flowmailer.net

0

Spotler is a technology company specializing in data driven marketing software with a strong emphasis on transactional email delivery through its SendPro platform. The company holds a reputable market position in the Netherlands, supported by ISO 27001 certification and trusted by a range of clients from small to large enterprises. The website content is professionally presented, targeting businesses requiring reliable and fast transactional email services integrated with marketing automation capabilities. Technically, the site is built on WordPress with multilingual support and uses modern tools like Google Tag Manager and Cloudflare for performance and security. However, the absence of a valid SSL certificate significantly weakens the security posture, exposing the site to risks and reducing trust in secure communications. Privacy compliance is well addressed with clear privacy and cookie policies, though no explicit consent mechanism was detected. Overall, the site demonstrates good business credibility and technical maturity but requires urgent remediation of SSL/TLS issues to enhance security and user trust.

I

ION Analytics

inframationnews.com

0

ION Analytics operates a business-focused analytics platform specializing in energy infrastructure data. The website serves primarily as a sign-in portal for business users, indicating a subscription or access-controlled model. The platform is part of the larger ION Group, a known entity in the energy sector. Technically, the website employs modern JavaScript libraries and tracking tools such as Google reCAPTCHA, Hotjar, and Piwik PRO for analytics and user behavior monitoring. However, the site suffers from a critical lack of a valid SSL certificate, exposing users to potential security risks and undermining trust. The absence of privacy and cookie consent mechanisms further weakens its compliance posture. Overall, the website's content is minimal and functional but lacks comprehensive business and security disclosures.

F

Förderverein der Meister- und Techniker aus- und -fortbildung im saarländischen Handwerk e.V.

foerderverein-mts.de

0

The Förderverein der Meister- und Techniker aus- und -fortbildung im saarländischen Handwerk e.V. is a small non-profit association dedicated to supporting master craftsman and technician education in the Saarland region of Germany. Their activities include financial support for educational trips, fostering cross-border economic relationships, awarding excellence in master and technician works, marketing support, and lobbying efforts. The website is professionally designed using modern technologies such as Gatsby and React, hosted on Netlify, and provides clear organizational and contact information. However, the site lacks HTTPS security, which is a critical vulnerability. No privacy or cookie consent mechanisms are present, and no advanced security policies or incident response information is disclosed. Overall, the site serves its informational purpose well but requires significant improvements in security and privacy compliance to meet modern standards.

H

Handwerkskammer des Saarlandes

handwerkerforum-saar.de

0

Handwerkerforum Saar is a regional non-profit association affiliated with the Handwerkskammer des Saarlandes, focused on supporting and developing the local crafts and trades community. The website offers information about events, workshops, and networking opportunities aimed at handwerk businesses and apprentices in the Saarland region. The technical infrastructure is based on a custom or proprietary CMS platform with common web technologies such as Bootstrap and jQuery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The cookie consent mechanism indicates some level of GDPR compliance, but no explicit security or incident response policies are present. Overall, the website provides relevant business content but suffers from technical and security shortcomings that should be addressed to improve trust and compliance.

S

Saar-Lor-Lux Umweltzentrum GmbH

saar-lor-lux-umweltzentrum.de

0

The Saar-Lor-Lux Umweltzentrum GmbH is a regional environmental consultancy affiliated with the Handwerkskammer des Saarlandes, focused on providing free and paid environmental and energy consulting services to craft businesses in the Saar-Lor-Lux region. Their key offerings include environmental consulting, energy advice, regional development, and training programs aimed at supporting sustainable business practices and energy efficiency. The website is built on TYPO3 CMS and uses modern JavaScript libraries, with a clear structure and good content quality targeting German-speaking users. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which critically impacts the site's security posture. Privacy compliance is addressed through a visible privacy policy and a consent management platform (Usercentrics), and analytics are handled via a self-hosted Matomo instance with user consent. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration and security best practices to enhance trust and protect user data.

I

Initiative #WirtschaftHilft (BDA, BDI, DIHK, ZDH)

wirtschafthilft.info

0

The website 'WirtschaftHilft' is a collaborative initiative by major German economic associations (BDA, BDI, DIHK, ZDH) aimed at supporting companies and society in managing the impacts of the Russia-Ukraine conflict. It serves as a comprehensive information hub providing resources on humanitarian aid, economic sanctions, reconstruction efforts, and labor market integration for Ukrainian refugees. The platform targets German businesses and stakeholders involved in Ukraine-related economic activities, positioning itself as a central coordination and information point backed by reputable organizations. Technically, the site is built on WordPress 6.8.1 with PHP 8.0.30 and uses plugins such as LayerSlider and Borlabs Cookie for enhanced user experience and privacy compliance. The hosting is managed by United Domains AG. While the site offers rich content, multimedia, and good mobile optimization, its performance is slow and accessibility is basic. SEO practices are adequately implemented. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No modern TLS protocols or security headers are configured, exposing the site to potential risks. However, cookie consent management is robust, and no exposed sensitive data or vulnerable libraries were detected. Overall, the site is professional and trustworthy in content and business credibility but requires urgent security improvements, especially regarding HTTPS implementation, to ensure user safety and compliance with best practices.

V

Verband Deutscher Hidden Champions

verband-deutscher-hidden-champions.de

0

The Verband Deutscher Hidden Champions e.V. (VDHC) is a German-based association representing medium-sized enterprises known as Hidden Champions. The organization focuses on fostering international networking, knowledge exchange, and visibility for its members, who are specialized SMEs with global market presence. The website is professionally designed, content-rich, and targets business leaders and decision-makers within this niche. Technically, the site is built on WordPress with modern plugins for SEO, forms, and cookie management, but lacks a valid SSL certificate, which impacts its security posture negatively. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. However, the absence of HTTPS and modern TLS protocols poses significant security risks. Overall, the site is credible and functional but requires urgent security improvements to protect user data and enhance trust.

B

Bundesverband betriebliche Weiterbildung - Wuppertaler Kreis e.V.

wkr-ev.de

0

The Wuppertaler Kreis e.V. is a German non-profit association representing 52 leading institutes in the business education and continuing professional development sector. Founded in 1955, it serves as a national umbrella organization advocating for workplace learning, qualification, and workforce development. The website reflects a well-structured and content-rich platform targeting business leaders and education providers, offering news, events, and member information. Technically, the site is built on TYPO3 CMS and hosted on a German provider, but suffers from critical security shortcomings due to the absence of HTTPS and a valid SSL certificate. This significantly undermines the security posture despite good content and business credibility. No cookie consent mechanism or advanced privacy compliance features are present, though a privacy policy and terms of service are available. Overall, the site is professional but requires urgent security upgrades to protect user data and improve trust.

D

DIHK-Gesellschaft für berufliche Bildung - Organisation zur Förderung der IHK-Weiterbildung gGmbH

dihk-bildungs-gmbh.de

0

DIHK-Bildungs-gGmbH is a German vocational education and training organization affiliated with the IHK and AHK networks, providing a wide range of standardized and innovative training, certification, and examination services. The website reflects a well-structured and content-rich platform targeting IHK and AHK employees as well as individuals seeking professional development. Technically, the site employs modern JavaScript modules, lazy loading, and integrates Matomo analytics and Usercentrics for consent management, hosted on SchlundTech infrastructure. However, the security posture is weakened by an invalid or missing SSL certificate and disabled TLS protocols, which significantly impacts secure communications. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information and partner links are clearly presented, enhancing business credibility.

D

DIHK Service GmbH

dihk-service-gmbh.de

0

DIHK Service GmbH is a project company affiliated with the German Chambers of Industry and Commerce (DIHK), serving as a key partner for IHKs, AHKs, and member companies. The organization focuses on developing and implementing projects that strengthen businesses and provide societal benefits, including workforce development, education, environmental protection, and sustainable business locations. The website reflects a medium-sized government/non-profit entity with a clear business model centered on state-funded projects and partnerships. Technically, the site uses standard web technologies and etracker analytics but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. However, the absence of HTTPS and security headers significantly weakens the security posture. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

P

PIER PLUS

pier-plus.de

0

PIER PLUS is a collaborative platform fostering cooperation among universities and research institutes in the Hamburg metropolitan region. It supports six research profiles and provides news, events, and a members area to facilitate networking and joint research efforts. The website is professionally designed with clear navigation and targets academic and research stakeholders in Hamburg. Technically, the site uses JavaScript libraries such as jQuery and sliders like Swiper and Slick, hosted by the University of Hamburg's computing center. However, the site suffers from a critical security deficiency: it lacks a valid SSL/TLS certificate, resulting in unencrypted HTTP access and no HTTPS enforcement. Additionally, no security headers or cookie consent mechanisms are present, which weakens its security and privacy posture. Analytics are implemented via Piwik (Matomo) and Etracker, indicating moderate user tracking. Overall, while the content and business presentation are excellent, the technical and security implementations require urgent improvements to protect user data and enhance trust.

H

Hamburg Innovation

hamburginnovation.de

0

Hamburg Innovation GmbH is a medium-sized innovation and technology transfer company based in Hamburg, Germany, founded in 2004. It serves as a bridge between academic research and practical application by connecting universities with businesses, policymakers, and society to foster innovation. The company offers consulting, mediation, and coordination services to support knowledge transfer, spin-offs, and new technologies. Technically, the website is built on WordPress with Elementor and Slider Revolution, providing a professional and content-rich user experience. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is clearly provided. The site uses Matomo for analytics, indicating a privacy-conscious approach. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

H

Hamburg Open Online University

hoou.de

0

Hamburg Open Online University (HOOU) is a well-established non-profit educational initiative supported by Hamburg's universities and governmental bodies. It offers a wide range of open educational resources, including podcasts, videos, events, and online learning modules, targeting a broad audience from students to lifelong learners. The platform is built on WordPress with modern technologies and demonstrates good content quality, accessibility, and SEO practices. However, the absence of a valid SSL/TLS certificate is a critical security gap, exposing users to potential risks. The site integrates privacy-conscious analytics (Matomo) and marketing tools (Sendinblue, Brevo) with appropriate consent mechanisms. Overall, HOOU presents a professional and trustworthy educational platform with strong academic partnerships but requires urgent security improvements to protect user data and enhance trust.

H

Hamburg Institute for Innovation, Climate Protection and Circular Economy GmbH

hiicce.de

0

Hamburg Institute for Innovation, Climate Protection and Circular Economy GmbH (HiiCCE) is a specialized institute focused on advancing the circular economy and climate protection through integrated environmental consulting, project development, and research. The organization serves a diverse clientele including corporations, NGOs, government entities, and international organizations, positioning itself as a national and international pioneer in sustainable resource management. The website reflects a professional digital presence built on WordPress with multilingual support and SEO optimization, although performance data is limited. Security posture is weak due to the absence of HTTPS and modern TLS protocols, exposing the site to potential risks. Privacy compliance is strong with comprehensive cookie and privacy policies and consent mechanisms in place. Contact information is clearly presented, enhancing business credibility.

N

NIT Northern Institute of Technology Management gGmbH

nithh.de

0

NIT Northern Institute of Technology Management gGmbH is a private business school affiliated with the Hamburg University of Technology (TUHH), specializing in MBA and Master's programs focused on Technology Management and Business Analytics & AI. Established in 1998, it serves an international student body with a practice-oriented curriculum and a faculty drawn from global institutions. The website is professionally designed and content-rich, targeting engineers and technology enthusiasts seeking management education. Technically, the site is built on HubSpot CMS and hosted behind Cloudflare, but it suffers from a critical security flaw due to the absence of a valid SSL certificate, resulting in no HTTPS support. Security headers are partially implemented, but modern TLS protocols and session security features are missing. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR indicators. Contact information is clearly provided, enhancing business credibility. Overall, the site offers a strong educational brand presence but requires urgent security improvements to protect user data and trust.

T

Tutech Innovation GmbH

tutech.de

0

Tutech Innovation GmbH is a medium-sized company operating as a technology and knowledge transfer entity, bridging academia and industry primarily in Hamburg, Germany. It is a subsidiary of the Technische Universität Hamburg and the Free and Hanseatic City of Hamburg, with over 30 years of experience. The company offers services including research management, intellectual property management, startup support, consulting, and educational seminars through its Tutech Academy. The website is professionally designed using WordPress and Elementor, featuring comprehensive content targeted at scientific, economic, and societal stakeholders. Technically, the site uses modern web technologies but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. Security headers are minimal, and no advanced security policies or incident response information is publicly available. Privacy compliance is well addressed with a comprehensive privacy policy and cookie policy, and Matomo analytics is used with privacy considerations. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and enhance trust.