Security Directory

V

Versicherer im Raum der Kirchen

vrk.de

0

Versicherer im Raum der Kirchen (VRK) is a medium-sized German insurance provider specializing in sustainable and ethical insurance products tailored for individuals and church-related groups. The company offers a broad range of insurance services including auto, travel, home, liability, legal protection, health, and retirement products, with a strong emphasis on sustainability and customer-centric service. Their market position is niche but well-established within the church and non-profit sectors in Germany, supported by multiple sustainability and employer awards. Technically, the website is built on Adobe Experience Manager (AEM) and uses modern web technologies such as StencilJS components and responsive images. However, the site suffers from slow load times and lacks a valid SSL certificate, serving content over HTTP which significantly impacts security posture. Accessibility and SEO optimizations are well implemented, and the site is mobile-friendly with clear navigation. Security-wise, the absence of HTTPS and security headers is a critical weakness, exposing users to potential risks. No explicit security or incident response policies are found, and no vulnerability disclosure or security.txt files are present. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism in place. Overall, VRK's website demonstrates excellent content quality and business credibility but requires urgent improvements in security infrastructure to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, adding security headers, and improving performance to align with best practices.

A

Aerial Rapid Transit LLC

laart.la

0

Los Angeles Aerial Rapid Transit (LA ART) is a small-scale transportation project proposing a zero emissions aerial gondola system to connect key locations in Los Angeles, including Union Station, Chinatown, and Dodger Stadium. The project is affiliated with a non-profit and aims to reduce traffic congestion and pollution by providing an alternative transit option. The website serves as an informational and engagement platform, offering contact forms and social media links to connect with the community. Technically, the website is built on WordPress with common plugins and external integrations such as Google Analytics and Vimeo for media content. However, the site suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. The absence of modern security headers and privacy policies further weakens its compliance posture. From a security perspective, the site has basic SPF email protection but lacks HTTPS, HSTS, and DMARC records, exposing visitors to potential risks. No incident response or vulnerability disclosure information is provided. Overall, the security posture is weak and requires urgent improvements to protect user data and enhance trust. Strategically, the website should prioritize obtaining a valid SSL certificate, implementing privacy and cookie policies, and enhancing security headers. Improving site performance and accessibility will also benefit user experience and SEO. These steps will strengthen the project's credibility and support its mission to promote sustainable transportation in Los Angeles.

A

A1 Telekom Austria AG

a1click.at

0

A1click.at is an online marketplace operated under the A1 Telekom Austria AG brand, offering a curated selection of digital, entertainment, energy, finance, and insurance products. The platform leverages trusted partnerships and the A1 Trusted Brands certification to provide exclusive deals and services to Austrian consumers. The website features a modern frontend technology stack including Alpine.js and Tailwind CSS, integrated with multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, LinkedIn Insight Tag, and Hotjar. Despite a professional design and good content quality, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and missing security headers, which significantly impact its security posture. Privacy compliance is well addressed with a comprehensive cookie consent mechanism powered by OneTrust and a clear privacy policy in German. Contact information is limited to an email address and a newsletter subscription form, with no phone numbers or physical addresses disclosed. Overall, the website presents a solid business presence with room for improvement in technical security and performance optimization.

R

Railteam

railteam.eu

0

Railteam is a European rail alliance providing high-speed train services across more than 100 destinations in Europe. The alliance emphasizes sustainable travel, passenger comfort, and additional services such as lounges and flexible travel options like HOTNAT. The website is professionally designed with good content quality and clear navigation, targeting European rail travelers seeking efficient and environmentally friendly transport. Technically, the site uses Sweet CMS and common frontend libraries but suffers from critical security issues due to lack of a valid SSL certificate and absence of HTTPS, which severely impacts its security posture. Privacy policies and cookie consent mechanisms are present, but no direct contact information or security policies are found. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

V

Vienna Airport Lines

viennaairportlines.at

0

Vienna Airport Lines is a transportation service operating express bus lines between Vienna city and Vienna International Airport. It is a business unit of the Österreichische Postbus Aktiengesellschaft, a subsidiary of ÖBB-Personenverkehr AG, positioning itself as a reliable and convenient airport shuttle provider. The website presents clear business information, service offerings, and partner links, targeting travelers and commuters in Vienna. The digital infrastructure includes a responsive design and uses Matomo analytics for user tracking. However, the site lacks a valid SSL certificate, which severely impacts its security posture and user trust. No cookie consent mechanism or comprehensive privacy compliance features are evident. The site is moderately performant and accessible but requires urgent security improvements to meet modern standards.

S

Spotler

flowmailer.net

0

Spotler is a technology company specializing in data driven marketing software with a strong emphasis on transactional email delivery through its SendPro platform. The company holds a reputable market position in the Netherlands, supported by ISO 27001 certification and trusted by a range of clients from small to large enterprises. The website content is professionally presented, targeting businesses requiring reliable and fast transactional email services integrated with marketing automation capabilities. Technically, the site is built on WordPress with multilingual support and uses modern tools like Google Tag Manager and Cloudflare for performance and security. However, the absence of a valid SSL certificate significantly weakens the security posture, exposing the site to risks and reducing trust in secure communications. Privacy compliance is well addressed with clear privacy and cookie policies, though no explicit consent mechanism was detected. Overall, the site demonstrates good business credibility and technical maturity but requires urgent remediation of SSL/TLS issues to enhance security and user trust.

I

ION Analytics

inframationnews.com

0

ION Analytics operates a business-focused analytics platform specializing in energy infrastructure data. The website serves primarily as a sign-in portal for business users, indicating a subscription or access-controlled model. The platform is part of the larger ION Group, a known entity in the energy sector. Technically, the website employs modern JavaScript libraries and tracking tools such as Google reCAPTCHA, Hotjar, and Piwik PRO for analytics and user behavior monitoring. However, the site suffers from a critical lack of a valid SSL certificate, exposing users to potential security risks and undermining trust. The absence of privacy and cookie consent mechanisms further weakens its compliance posture. Overall, the website's content is minimal and functional but lacks comprehensive business and security disclosures.

F

Förderverein der Meister- und Techniker aus- und -fortbildung im saarländischen Handwerk e.V.

foerderverein-mts.de

0

The Förderverein der Meister- und Techniker aus- und -fortbildung im saarländischen Handwerk e.V. is a small non-profit association dedicated to supporting master craftsman and technician education in the Saarland region of Germany. Their activities include financial support for educational trips, fostering cross-border economic relationships, awarding excellence in master and technician works, marketing support, and lobbying efforts. The website is professionally designed using modern technologies such as Gatsby and React, hosted on Netlify, and provides clear organizational and contact information. However, the site lacks HTTPS security, which is a critical vulnerability. No privacy or cookie consent mechanisms are present, and no advanced security policies or incident response information is disclosed. Overall, the site serves its informational purpose well but requires significant improvements in security and privacy compliance to meet modern standards.

H

Handwerkskammer des Saarlandes

handwerkerforum-saar.de

0

Handwerkerforum Saar is a regional non-profit association affiliated with the Handwerkskammer des Saarlandes, focused on supporting and developing the local crafts and trades community. The website offers information about events, workshops, and networking opportunities aimed at handwerk businesses and apprentices in the Saarland region. The technical infrastructure is based on a custom or proprietary CMS platform with common web technologies such as Bootstrap and jQuery. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security concern. The cookie consent mechanism indicates some level of GDPR compliance, but no explicit security or incident response policies are present. Overall, the website provides relevant business content but suffers from technical and security shortcomings that should be addressed to improve trust and compliance.

S

Saar-Lor-Lux Umweltzentrum GmbH

saar-lor-lux-umweltzentrum.de

0

The Saar-Lor-Lux Umweltzentrum GmbH is a regional environmental consultancy affiliated with the Handwerkskammer des Saarlandes, focused on providing free and paid environmental and energy consulting services to craft businesses in the Saar-Lor-Lux region. Their key offerings include environmental consulting, energy advice, regional development, and training programs aimed at supporting sustainable business practices and energy efficiency. The website is built on TYPO3 CMS and uses modern JavaScript libraries, with a clear structure and good content quality targeting German-speaking users. However, the technical infrastructure shows significant security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which critically impacts the site's security posture. Privacy compliance is addressed through a visible privacy policy and a consent management platform (Usercentrics), and analytics are handled via a self-hosted Matomo instance with user consent. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS configuration and security best practices to enhance trust and protect user data.

I

Initiative #WirtschaftHilft (BDA, BDI, DIHK, ZDH)

wirtschafthilft.info

0

The website 'WirtschaftHilft' is a collaborative initiative by major German economic associations (BDA, BDI, DIHK, ZDH) aimed at supporting companies and society in managing the impacts of the Russia-Ukraine conflict. It serves as a comprehensive information hub providing resources on humanitarian aid, economic sanctions, reconstruction efforts, and labor market integration for Ukrainian refugees. The platform targets German businesses and stakeholders involved in Ukraine-related economic activities, positioning itself as a central coordination and information point backed by reputable organizations. Technically, the site is built on WordPress 6.8.1 with PHP 8.0.30 and uses plugins such as LayerSlider and Borlabs Cookie for enhanced user experience and privacy compliance. The hosting is managed by United Domains AG. While the site offers rich content, multimedia, and good mobile optimization, its performance is slow and accessibility is basic. SEO practices are adequately implemented. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No modern TLS protocols or security headers are configured, exposing the site to potential risks. However, cookie consent management is robust, and no exposed sensitive data or vulnerable libraries were detected. Overall, the site is professional and trustworthy in content and business credibility but requires urgent security improvements, especially regarding HTTPS implementation, to ensure user safety and compliance with best practices.

V

Verband Deutscher Hidden Champions

verband-deutscher-hidden-champions.de

0

The Verband Deutscher Hidden Champions e.V. (VDHC) is a German-based association representing medium-sized enterprises known as Hidden Champions. The organization focuses on fostering international networking, knowledge exchange, and visibility for its members, who are specialized SMEs with global market presence. The website is professionally designed, content-rich, and targets business leaders and decision-makers within this niche. Technically, the site is built on WordPress with modern plugins for SEO, forms, and cookie management, but lacks a valid SSL certificate, which impacts its security posture negatively. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. However, the absence of HTTPS and modern TLS protocols poses significant security risks. Overall, the site is credible and functional but requires urgent security improvements to protect user data and enhance trust.

B

Bundesverband betriebliche Weiterbildung - Wuppertaler Kreis e.V.

wkr-ev.de

0

The Wuppertaler Kreis e.V. is a German non-profit association representing 52 leading institutes in the business education and continuing professional development sector. Founded in 1955, it serves as a national umbrella organization advocating for workplace learning, qualification, and workforce development. The website reflects a well-structured and content-rich platform targeting business leaders and education providers, offering news, events, and member information. Technically, the site is built on TYPO3 CMS and hosted on a German provider, but suffers from critical security shortcomings due to the absence of HTTPS and a valid SSL certificate. This significantly undermines the security posture despite good content and business credibility. No cookie consent mechanism or advanced privacy compliance features are present, though a privacy policy and terms of service are available. Overall, the site is professional but requires urgent security upgrades to protect user data and improve trust.

D

DIHK-Gesellschaft für berufliche Bildung - Organisation zur Förderung der IHK-Weiterbildung gGmbH

dihk-bildungs-gmbh.de

0

DIHK-Bildungs-gGmbH is a German vocational education and training organization affiliated with the IHK and AHK networks, providing a wide range of standardized and innovative training, certification, and examination services. The website reflects a well-structured and content-rich platform targeting IHK and AHK employees as well as individuals seeking professional development. Technically, the site employs modern JavaScript modules, lazy loading, and integrates Matomo analytics and Usercentrics for consent management, hosted on SchlundTech infrastructure. However, the security posture is weakened by an invalid or missing SSL certificate and disabled TLS protocols, which significantly impacts secure communications. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information and partner links are clearly presented, enhancing business credibility.

D

DIHK Service GmbH

dihk-service-gmbh.de

0

DIHK Service GmbH is a project company affiliated with the German Chambers of Industry and Commerce (DIHK), serving as a key partner for IHKs, AHKs, and member companies. The organization focuses on developing and implementing projects that strengthen businesses and provide societal benefits, including workforce development, education, environmental protection, and sustainable business locations. The website reflects a medium-sized government/non-profit entity with a clear business model centered on state-funded projects and partnerships. Technically, the site uses standard web technologies and etracker analytics but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. However, the absence of HTTPS and security headers significantly weakens the security posture. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

P

PIER PLUS

pier-plus.de

0

PIER PLUS is a collaborative platform fostering cooperation among universities and research institutes in the Hamburg metropolitan region. It supports six research profiles and provides news, events, and a members area to facilitate networking and joint research efforts. The website is professionally designed with clear navigation and targets academic and research stakeholders in Hamburg. Technically, the site uses JavaScript libraries such as jQuery and sliders like Swiper and Slick, hosted by the University of Hamburg's computing center. However, the site suffers from a critical security deficiency: it lacks a valid SSL/TLS certificate, resulting in unencrypted HTTP access and no HTTPS enforcement. Additionally, no security headers or cookie consent mechanisms are present, which weakens its security and privacy posture. Analytics are implemented via Piwik (Matomo) and Etracker, indicating moderate user tracking. Overall, while the content and business presentation are excellent, the technical and security implementations require urgent improvements to protect user data and enhance trust.

H

Hamburg Innovation

hamburginnovation.de

0

Hamburg Innovation GmbH is a medium-sized innovation and technology transfer company based in Hamburg, Germany, founded in 2004. It serves as a bridge between academic research and practical application by connecting universities with businesses, policymakers, and society to foster innovation. The company offers consulting, mediation, and coordination services to support knowledge transfer, spin-offs, and new technologies. Technically, the website is built on WordPress with Elementor and Slider Revolution, providing a professional and content-rich user experience. However, the absence of a valid SSL certificate and HTTPS implementation represents a critical security vulnerability. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is clearly provided. The site uses Matomo for analytics, indicating a privacy-conscious approach. Overall, the website is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

H

Hamburg Open Online University

hoou.de

0

Hamburg Open Online University (HOOU) is a well-established non-profit educational initiative supported by Hamburg's universities and governmental bodies. It offers a wide range of open educational resources, including podcasts, videos, events, and online learning modules, targeting a broad audience from students to lifelong learners. The platform is built on WordPress with modern technologies and demonstrates good content quality, accessibility, and SEO practices. However, the absence of a valid SSL/TLS certificate is a critical security gap, exposing users to potential risks. The site integrates privacy-conscious analytics (Matomo) and marketing tools (Sendinblue, Brevo) with appropriate consent mechanisms. Overall, HOOU presents a professional and trustworthy educational platform with strong academic partnerships but requires urgent security improvements to protect user data and enhance trust.

H

Hamburg Institute for Innovation, Climate Protection and Circular Economy GmbH

hiicce.de

0

Hamburg Institute for Innovation, Climate Protection and Circular Economy GmbH (HiiCCE) is a specialized institute focused on advancing the circular economy and climate protection through integrated environmental consulting, project development, and research. The organization serves a diverse clientele including corporations, NGOs, government entities, and international organizations, positioning itself as a national and international pioneer in sustainable resource management. The website reflects a professional digital presence built on WordPress with multilingual support and SEO optimization, although performance data is limited. Security posture is weak due to the absence of HTTPS and modern TLS protocols, exposing the site to potential risks. Privacy compliance is strong with comprehensive cookie and privacy policies and consent mechanisms in place. Contact information is clearly presented, enhancing business credibility.

N

NIT Northern Institute of Technology Management gGmbH

nithh.de

0

NIT Northern Institute of Technology Management gGmbH is a private business school affiliated with the Hamburg University of Technology (TUHH), specializing in MBA and Master's programs focused on Technology Management and Business Analytics & AI. Established in 1998, it serves an international student body with a practice-oriented curriculum and a faculty drawn from global institutions. The website is professionally designed and content-rich, targeting engineers and technology enthusiasts seeking management education. Technically, the site is built on HubSpot CMS and hosted behind Cloudflare, but it suffers from a critical security flaw due to the absence of a valid SSL certificate, resulting in no HTTPS support. Security headers are partially implemented, but modern TLS protocols and session security features are missing. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR indicators. Contact information is clearly provided, enhancing business credibility. Overall, the site offers a strong educational brand presence but requires urgent security improvements to protect user data and trust.

T

Tutech Innovation GmbH

tutech.de

0

Tutech Innovation GmbH is a medium-sized company operating as a technology and knowledge transfer entity, bridging academia and industry primarily in Hamburg, Germany. It is a subsidiary of the Technische Universität Hamburg and the Free and Hanseatic City of Hamburg, with over 30 years of experience. The company offers services including research management, intellectual property management, startup support, consulting, and educational seminars through its Tutech Academy. The website is professionally designed using WordPress and Elementor, featuring comprehensive content targeted at scientific, economic, and societal stakeholders. Technically, the site uses modern web technologies but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. Security headers are minimal, and no advanced security policies or incident response information is publicly available. Privacy compliance is well addressed with a comprehensive privacy policy and cookie policy, and Matomo analytics is used with privacy considerations. Overall, the site demonstrates strong business credibility but requires urgent security improvements to protect user data and enhance trust.

F

Forschungsfabrik Mikroelektronik Deutschland

fmd-insight.de

0

FMD.insight is a specialized news platform operated by the Forschungsfabrik Mikroelektronik Deutschland, focusing on microelectronics research and innovation in Germany. It provides news, interviews, tutorials, and a virtual showroom to engage its target audience of researchers and industry professionals. The website is built on WordPress and uses various plugins including Matomo for analytics. While the content quality and user experience are good, the site lacks HTTPS support, which is a critical security deficiency. No cookie consent mechanism is present despite the use of tracking analytics, indicating partial privacy compliance. Contact information is available but email is obfuscated to prevent scraping. Overall, the site is professional but requires urgent security improvements.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 12 security findings identified across all modules.

S

Start EAD

startmoodle.com

0

Start EAD is a Brazilian SaaS platform offering a fully customizable virtual store integrated with the Moodle LMS for online course sales and management. The platform targets content creators, educators, and entrepreneurs seeking control over their EAD projects without high platform commissions. Technically, the site is built on WordPress with Elementor and uses various plugins for SEO and marketing. However, the site lacks HTTPS, which severely impacts its security posture. Marketing tools like Facebook Pixel and Google Tag Manager are used, but privacy and cookie policies are absent, indicating compliance gaps. Overall, the business presents a professional front with good content and user experience but requires urgent security and privacy improvements.

S

Start EAD

startead.com.br

0

Start EAD is a Brazilian SaaS platform focused on providing a comprehensive and customizable online course store integrated with the Moodle LMS. It targets content creators, educators, and entrepreneurs in the distance learning market, offering automated enrollment, payment integration, and technical support. The website is built on WordPress using Elementor and Astra theme, with modern UI elements and social media integration. However, the site lacks a valid SSL certificate, serving content over HTTP, which significantly impacts its security posture. No privacy or cookie policies were found, indicating potential compliance gaps. The business presents clear subscription plans and customer testimonials, reflecting moderate trustworthiness and professionalism.

J

Just a moment...

toubiz.de

0

The website toubiz.de is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page that blocks access to actual content. As a result, no business information, contact details, or policy documents are available for analysis. The site lacks a valid SSL/TLS certificate, which severely impacts its security posture and trustworthiness. The technical infrastructure relies on Cloudflare for hosting and security, but the absence of HTTPS and modern TLS protocols is a critical vulnerability. Analytics are limited to Cloudflare Insights with minimal tracking. Overall, the site is not usable for end users in its current state, and the lack of content prevents meaningful SEO, accessibility, or privacy compliance evaluation.

F

freenet DLS GmbH

mobilcom-debitel.de

0

Freenet DLS GmbH operates mobilcom-debitel.de, a major German telecommunications retail website offering mobile tariffs, devices, and related services. The company targets German consumers seeking mobile phone plans and devices, positioning itself as a comprehensive provider with a broad product portfolio. The website demonstrates a mature digital infrastructure leveraging Cloudflare CDN, modern JavaScript libraries, and personalization tools like Kameleoon. Security posture is strong with HTTPS, valid SSL certificates, SPF and DMARC email protections, and secure cookie settings, though some improvements are recommended such as enabling HSTS in SSL config and adding CSP headers. Privacy compliance is moderate due to the absence of explicit privacy and cookie policies or consent mechanisms. Overall, the site is professional, well-branded, and trustworthy with good SEO and user experience.

V

Vayamed GmbH

avaay.de

0

avaay.de represents a premium medical cannabis provider operating under Vayamed GmbH, part of the Sanity Group. The company focuses on delivering high-quality, natural cannabis products for patients and medical professionals, emphasizing pharmaceutical standards and sustainable cultivation. The website is well-structured, professionally designed, and optimized for SEO and mobile use, reflecting a mature digital presence. Technically, the site leverages WordPress with WooCommerce and Oxygen Builder, supported by Cloudflare CDN and multiple marketing and analytics tools with consent management, indicating a modern and compliant infrastructure. Security posture is solid with HTTPS, valid SPF and DMARC records, and security headers, though improvements in HSTS and DNSSEC could enhance protection. Overall, avaay.de demonstrates a high level of business credibility, privacy compliance, and technical sophistication, positioning it well in the healthcare e-commerce market.

T

THE LÄB - How to LÄND and EXPÄND in Germany

the-laeb.de

0

THE LÄB is a technology-focused startup accelerator based in Karlsruhe, Germany, serving as the international orientation of the CyberLab Startup Accelerator. It supports startups primarily in the IT sector with mentoring, networking, and market entry assistance, targeting international entrepreneurs aiming to establish and expand in Germany, especially in the Baden-Württemberg region. The website is built on Squarespace and hosted by Squarespace, featuring a professional design and good content quality. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are partially implemented, but modern TLS protocols and advanced security features are missing. Privacy compliance is addressed with a privacy policy and cookie consent banner, though terms of service and security policies are absent. Contact information is clearly provided, including email, phone, physical address, and an embedded contact form. The site links to multiple partner and supporting organizations, reinforcing its credibility and network strength.

C

CyberForum Akademie

scaleup-leadership.de

0

The website scaleup-leadership.de represents the Scale-up Leadership program, a coaching and leadership development initiative targeted at startups transitioning to scale-ups, primarily in the technology sector in Germany. The program is organized by the CyberForum Akademie and funded by the L-Bank, positioning itself as a key player in European high-tech entrepreneurial networks. The site provides detailed program information, testimonials, and contact options including an external Microsoft Forms application form. Technically, the site is built on Squarespace CMS with standard fonts and assets, but critically lacks HTTPS support, exposing users to security risks. Privacy compliance is addressed with a cookie banner and a privacy policy in German, but no terms of service or explicit security policies are found. Overall, the site offers good content quality and user experience but suffers from a poor security posture due to missing SSL and security headers.

B

Bertelsmann

createyourowncareer.com

0

CreateYourOwnCareer.com is a career portal operated under the Bertelsmann group, a large multinational media and services conglomerate founded in 1835. The website provides comprehensive career-related content including job listings, graduate programs, internships, and networking events targeting students, graduates, and professionals. The site is built on TYPO3 CMS and hosted via Arvato Systems, reflecting a mature technical infrastructure with modern content management but lacking in SSL/TLS security. While the site includes cookie consent mechanisms and uses Google Analytics and Tag Manager for tracking, it lacks a valid HTTPS configuration, which is a critical security deficiency. The site demonstrates good content quality, branding consistency, and professional design, but the absence of HTTPS and related security best practices significantly lowers its security posture and overall trustworthiness.

A

AGRALE S.A

agrale.com.br

0

Agrale S.A is a well-established Brazilian manufacturer specializing in tractors, trucks, buses, utility vehicles, and engines with over 50 years of market presence. The company operates primarily in the transportation sector, serving agricultural, commercial, and industrial clients through a broad dealer and service network. Their website reflects a solid business model focused on manufacturing and after-sales services, targeting national and regional markets in Brazil. The site content is relevant and professionally presented, supporting the company's market position as a national leader. Technically, the website uses an older technology stack including jQuery 1.7.1 and Apache server on Ubuntu, hosted via Embratel Cloud DNS infrastructure. While the site includes Google Maps integration and FontAwesome icons, it lacks modern CMS or frameworks and shows signs of technical debt such as outdated libraries and missing HTTPS support. Performance and mobile optimization are basic, with room for improvement in SEO and accessibility. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, severely impacting its security posture. No advanced security headers or mechanisms like HSTS or OCSP stapling are implemented. The site uses standard security headers but misses critical protections and vulnerability disclosures. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is uncertain. No incident response or security policy pages were found. Overall, the website is functional and business-credible but requires urgent security improvements, especially enabling HTTPS and updating outdated technologies. Strategic recommendations include implementing a valid SSL certificate, enhancing security headers, publishing vulnerability disclosure policies, and modernizing the technical stack to improve performance, security, and compliance.

Aerolux is a small Brazilian business specializing in road signaling products for the Brazilian market. The website is currently a 'Coming soon' placeholder with minimal content, indicating the business is either new or preparing for a launch. The site targets businesses or entities needing road signaling solutions in Brazil. Technically, the site is built using Hostinger Website Builder and the Astro framework, hosted on Hostinger's GCP infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are partially implemented, but key security features like TLS protocols and OCSP stapling are missing. Privacy and cookie policies are absent, and no incident response or vulnerability disclosure information is provided. Overall, the site demonstrates basic digital maturity but requires significant improvements in security and compliance to build trust and protect user data.

Y

YourWay Digital

yourway.digital

0

YourWay Digital is a Brazilian digital agency specializing in custom development of applications, websites, and digital marketing services. Established in 2019 and based in Caxias do Sul, Brazil, the company has delivered over 70 projects and holds a Platinum partnership with RD Station, highlighted by winning the Limitless RD Station 2024 award. The website showcases a comprehensive portfolio of services including app development, marketing strategy, site creation, e-commerce solutions, social media management, and branding. Technically, the site is built on modern frameworks such as Next.js and React, hosted on Vercel, and integrates with AWS and Heroku platforms. However, the site lacks a valid SSL certificate, resulting in no proper HTTPS support, which is a critical security concern. Security headers are present but the SSL/TLS configuration is incomplete, exposing the site to potential risks. Privacy compliance is minimal with no visible privacy or cookie policies, though SPF and DMARC DNS records are properly configured for email security. Overall, the website is professionally designed with excellent content quality and user experience, but security and privacy practices require urgent improvement to enhance trust and compliance.

A

AKZONOBEL LTDA.

coralmatiz.com.br

0

Coral Matiz is a Brazilian loyalty and professional engagement platform operated by AKZONOBEL LTDA., targeting architects, interior designers, and landscapers. The platform offers curated content, professional tools, and a points-based rewards program to enhance user engagement and brand loyalty. The website is well-branded and content-rich, with clear navigation and a focus on professional users and students in the design sector. Technically, the site uses a modern front-end stack including Bootstrap, jQuery, and integrates Google Analytics and Tag Manager for tracking. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to risks when submitting sensitive personal data. Privacy and cookie policies are comprehensive and GDPR/LGPD compliant, with consent mechanisms implemented. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and comply with best practices.

I

Incepa

banheirosincepa.com.br

0

Incepa is a Brazilian manufacturing company specializing in bathroom and kitchen sanitary products, including ceramic sanitary ware, accessories, and complementary items. The company has recently integrated with the Roca brand, enhancing its market position. The website serves as a product catalog and brand promotion platform targeting residential customers, hotels, construction companies, and public environments. Technically, the site uses an Apache server with PHP 7.3.33 and integrates multiple marketing and analytics tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and OneTrust for cookie consent. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. The website content is well-structured and professionally designed, but privacy and security policies are missing or not clearly presented. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance.

S

Sigevent.pro

sigevent.pro

0

The website sigevent.pro currently serves a minimal placeholder or error page in Portuguese indicating that no content was found at the requested URL. The domain appears to be related to event management services, with a partner or related site bcseventos.com.br referenced in the footer. The technical infrastructure is hosted on Amazon AWS, but the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. No privacy, cookie, or terms of service policies are present, and no contact information beyond a single company email is found. The overall website quality is poor with minimal content, no SEO or accessibility optimizations, and no security best practices implemented. The site is accessible without WAF or security challenges but is not functional as a business-facing website in its current state.

M

mobilityportal gmbh

mobilityportal.de

0

mobilityportal gmbh operates a digital multimodal mobility platform focused on public transportation (ÖPNV) in Germany. The company offers integrated solutions for managing various transport modes including bus, tram, on-demand services, and e-scooters, enabling seamless door-to-door transport options. Their platform supports both front-end passenger services and back-office digital processes, targeting public transport operators, municipalities, and mobility providers. The website reflects a professional business presence with clear service descriptions and contact options, positioning the company as an innovative player in the transportation technology sector.

E

Error: 404 Page not found

qiata.com

0

The website at qiata.com currently serves only a 404 Page Not Found error with no accessible business content or metadata. The site uses Joomla CMS with the Helix Ultimate template framework and includes Bootstrap and Font Awesome libraries. The SSL configuration supports TLS 1.2 with a strong cipher suite but lacks modern features such as TLS 1.3, HSTS, OCSP stapling, and DNSSEC, indicating a basic security posture. No privacy, cookie, or terms of service policies are present, nor is there any contact or business information available on the site. Performance is slow with a page load time of approximately 4.8 seconds. Overall, the site lacks content, security best practices, and compliance indicators, resulting in a low trustworthiness and professionalism rating.

D

Deciso

opnsense.org

0

OPNsense.org is the official website for OPNsense®, an open source firewall and routing platform developed by Deciso. The platform targets enterprises, professionals, and the open source community, offering a free core product alongside a commercial Business Edition with enhanced features. The website demonstrates a mature digital presence with comprehensive content, community engagement, and commercial offerings including official hardware and training. Technically, the site is built on WordPress with modern frontend frameworks and integrates Google Analytics and custom search capabilities. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and HTTPS support, exposing users to potential risks. Privacy policies and terms of service are present and comprehensive, but cookie consent mechanisms are not implemented. Overall, the site is professional and trustworthy but requires urgent security improvements to protect visitors and maintain credibility.

S

SECUDOS GmbH

secudos.de

0

SECUDOS GmbH is a German-based technology company specializing in innovative IT security solutions aimed at ensuring digital sovereignty and high-performance network infrastructures for businesses. Their product portfolio includes secure data exchange software (Qiata), a hardened operating system (DOMOS), and recovery technology for hardware appliances (SDR). The company positions itself as a reliable and experienced partner with over 20 years of expertise in complex network environments, serving a broad range of corporate clients. Technically, the website is built on Joomla CMS with modern frameworks like Bootstrap and jQuery, offering good mobile optimization and user experience. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken the security posture, despite proper email authentication records and GDPR compliance. Overall, the site demonstrates good business credibility and privacy practices but requires urgent improvements in SSL/TLS implementation to enhance security and trust.

R

Reintel

reintel.es

0

Reintel is the largest neutral operator of dark fiber infrastructure in Spain, operating as a subsidiary of Grupo Red Eléctrica (redeia). The company provides critical telecommunications infrastructure services including long-distance fiber networks, dedicated cables, equipment hosting, and customized connectivity solutions. Their market position is strong within the Spanish energy and telecommunications sectors, serving businesses requiring extensive fiber optic connectivity. The website reflects a mature digital presence built on Drupal 10, integrating modern technologies such as Google Tag Manager, Cookiebot for consent management, and Google Maps API. Despite a slow page load time, the site offers excellent content quality, clear navigation, and good mobile optimization. Security posture is solid with HTTPS, valid SSL certificates, and OCSP stapling, though improvements are recommended in DNS security and HTTP security headers. Privacy compliance is robust with comprehensive privacy and cookie policies and active consent mechanisms. Overall, Reintel demonstrates a professional and trustworthy online presence aligned with its business stature.

R

Red Eléctrica

ree.es

0

Red Eléctrica is the Spanish Transmission System Operator (TSO) responsible for the operation, development, and maintenance of the national electricity grid. The company plays a critical role in ensuring the quality and security of electricity supply across Spain and supports the country's ecological transition by integrating renewable energy sources and developing infrastructure projects. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design, targeting energy sector stakeholders and the general public interested in electricity data and sustainability. Technically, the site is built on Drupal 10 with modern front-end libraries and uses Akamai and Imperva for DNS and CDN services. However, a critical security shortcoming is the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is strong, supported by consistent branding, corporate governance links, and trust signals. Overall, the site scores well in content and business credibility but requires urgent improvements in SSL/TLS security to enhance trust and protect users.

N

New Work SE

new-work.se

0

New Work SE is a large technology company focused on shaping the future of work through its portfolio of strong brands including XING, kununu, onlyfy, and InterNations. The company operates primarily in the German-speaking market, providing recruitment, employer branding, and global networking services. Their website reflects a professional and consistent brand image with comprehensive content aimed at professionals and companies seeking talent solutions. Technically, the website uses modern technologies such as Algolia for search, Usercentrics for consent management, and Adobe Analytics for tracking. Hosting is on Amazon AWS infrastructure. Security posture is solid with HTTPS, SPF, and DMARC configured, though improvements like HSTS and OCSP stapling are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is trustworthy and professional, though performance optimization could enhance user experience.

V

VTT Technical Research Centre of Finland Ltd.

vtt.fi

0

VTT Technical Research Centre of Finland Ltd. is a leading European research institute providing visionary research, development, and innovation services across multiple sectors including energy, transportation, technology, manufacturing, and healthcare. The company offers a broad portfolio of advanced services such as 6G hardware technologies, quantum computing, cybersecurity, and sustainable development solutions. Their market position is strong, supported by extensive partnerships and a large expert community. Technically, the website is built on Drupal CMS with modern technologies and demonstrates good performance and accessibility. Security posture is solid with HTTPS, valid SPF, and OCSP stapling, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is well managed with comprehensive cookie consent via Cookiebot and a detailed privacy policy. Overall, the website reflects a professional, trustworthy, and mature digital presence.

S

SQS - Software Quality Systems

sqs.es

0

SQS - Software Quality Systems is a medium-sized Spanish company specializing in software testing, quality assurance, certification, and data space services. It serves regulated sectors such as healthcare, pharmaceuticals, railways, and automotive, offering professional consulting, managed testing services, and training. The company holds multiple recognized certifications including ISO 9001, ISO/IEC 27001, and ENS, positioning itself as a trusted provider in the technology and regulated industries. Technically, the website is built on WordPress with Divi theme and integrates modern marketing and analytics tools such as Google Analytics, Hotjar, and reCAPTCHA. However, the site lacks a valid SSL certificate and modern TLS support, which significantly weakens its security posture. Privacy compliance is well addressed with GDPR cookie consent and a comprehensive privacy policy. Contact information is clearly available, enhancing business credibility. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

G

GAIA-X 4 KI

gaia-x4ki.eu

0

GAIA-X 4 KI is a medium-sized German research project focused on developing a data and service ecosystem for training and validating AI applications, particularly in the automotive and manufacturing sectors. The project emphasizes data sovereignty, transparency, and interoperability based on the GAIA-X infrastructure. The website provides detailed information about the project, consortium partners, news, and publications, targeting industry stakeholders, research institutions, and SMEs. Technically, the site uses modern TLS protocols, Bootstrap frontend, and likely a Ruby on Rails backend, hosted on Hetzner infrastructure. While HTTPS is properly implemented, the site lacks advanced security headers, DNS security features, and privacy/cookie policies, which lowers its security and privacy posture. Overall, the site is well-branded, professionally designed, and content-rich but could improve in privacy compliance and security hardening.

N

net-maxX GmbH

net-maxx.de

0

net-maxX GmbH operates a virtual platform designed for fan communities, leveraging interactive virtual worlds to connect users. The company is a small technology startup based in Germany, founded in 2023, and collaborates with partners such as Telemaxx and agenturserver.de. The website is built on the Ghost CMS platform and demonstrates good content quality and user experience with moderate performance. Security posture is adequate with HTTPS and SPF configured, but lacks advanced TLS features and email security enhancements like DMARC. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional and trustworthy but could improve in security and privacy areas.

V

Verivox GmbH

verivox.de

0

Verivox GmbH operates a leading independent comparison portal in Germany, offering consumers the ability to compare tariffs across energy, telecommunications, insurance, and finance sectors. Established in 1998, the company has positioned itself as a market leader with multiple awards and a strong reputation for transparency and customer satisfaction. The website provides comprehensive services including tariff comparisons, calculators, and personalized recommendations, supported by a modern technical infrastructure leveraging advanced JavaScript frameworks and third-party analytics and consent management tools. Despite its strong market presence and user-centric design, the site suffers from an invalid SSL certificate, which poses a significant security risk and undermines user trust. The company demonstrates good privacy compliance with clear policies and consent mechanisms, but should address critical security issues promptly to maintain its high credibility and protect user data.

Z

ZENIT GmbH

zenit.de

0

ZENIT GmbH is a regional innovation and technology center based in North Rhine-Westphalia, Germany, focused on transforming the Mittelstand (SMEs) through services in innovation, technology transfer, digitalization, funding, and internationalization. The company holds a strong market position as a key facilitator and network coordinator for SMEs and research institutions in NRW, leveraging partnerships with European and regional stakeholders. The website reflects a mature digital presence with comprehensive content, event management, and community testimonials. Technically, the site is built on WordPress with modern JavaScript libraries and SEO optimizations, but suffers from a critical lack of a valid SSL certificate and modern security configurations, exposing it to significant security risks. Privacy compliance is partially met with a detailed privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.