Security Directory

F

Forschungsfabrik Mikroelektronik Deutschland

fmd-insight.de

0

FMD.insight is a specialized news platform operated by the Forschungsfabrik Mikroelektronik Deutschland, focusing on microelectronics research and innovation in Germany. It provides news, interviews, tutorials, and a virtual showroom to engage its target audience of researchers and industry professionals. The website is built on WordPress and uses various plugins including Matomo for analytics. While the content quality and user experience are good, the site lacks HTTPS support, which is a critical security deficiency. No cookie consent mechanism is present despite the use of tracking analytics, indicating partial privacy compliance. Contact information is available but email is obfuscated to prevent scraping. Overall, the site is professional but requires urgent security improvements.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 12 security findings identified across all modules.

S

Start EAD

startmoodle.com

0

Start EAD is a Brazilian SaaS platform offering a fully customizable virtual store integrated with the Moodle LMS for online course sales and management. The platform targets content creators, educators, and entrepreneurs seeking control over their EAD projects without high platform commissions. Technically, the site is built on WordPress with Elementor and uses various plugins for SEO and marketing. However, the site lacks HTTPS, which severely impacts its security posture. Marketing tools like Facebook Pixel and Google Tag Manager are used, but privacy and cookie policies are absent, indicating compliance gaps. Overall, the business presents a professional front with good content and user experience but requires urgent security and privacy improvements.

S

Start EAD

startead.com.br

0

Start EAD is a Brazilian SaaS platform focused on providing a comprehensive and customizable online course store integrated with the Moodle LMS. It targets content creators, educators, and entrepreneurs in the distance learning market, offering automated enrollment, payment integration, and technical support. The website is built on WordPress using Elementor and Astra theme, with modern UI elements and social media integration. However, the site lacks a valid SSL certificate, serving content over HTTP, which significantly impacts its security posture. No privacy or cookie policies were found, indicating potential compliance gaps. The business presents clear subscription plans and customer testimonials, reflecting moderate trustworthiness and professionalism.

J

Just a moment...

toubiz.de

0

The website toubiz.de is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page that blocks access to actual content. As a result, no business information, contact details, or policy documents are available for analysis. The site lacks a valid SSL/TLS certificate, which severely impacts its security posture and trustworthiness. The technical infrastructure relies on Cloudflare for hosting and security, but the absence of HTTPS and modern TLS protocols is a critical vulnerability. Analytics are limited to Cloudflare Insights with minimal tracking. Overall, the site is not usable for end users in its current state, and the lack of content prevents meaningful SEO, accessibility, or privacy compliance evaluation.

F

freenet DLS GmbH

mobilcom-debitel.de

0

Freenet DLS GmbH operates mobilcom-debitel.de, a major German telecommunications retail website offering mobile tariffs, devices, and related services. The company targets German consumers seeking mobile phone plans and devices, positioning itself as a comprehensive provider with a broad product portfolio. The website demonstrates a mature digital infrastructure leveraging Cloudflare CDN, modern JavaScript libraries, and personalization tools like Kameleoon. Security posture is strong with HTTPS, valid SSL certificates, SPF and DMARC email protections, and secure cookie settings, though some improvements are recommended such as enabling HSTS in SSL config and adding CSP headers. Privacy compliance is moderate due to the absence of explicit privacy and cookie policies or consent mechanisms. Overall, the site is professional, well-branded, and trustworthy with good SEO and user experience.

V

Vayamed GmbH

avaay.de

0

avaay.de represents a premium medical cannabis provider operating under Vayamed GmbH, part of the Sanity Group. The company focuses on delivering high-quality, natural cannabis products for patients and medical professionals, emphasizing pharmaceutical standards and sustainable cultivation. The website is well-structured, professionally designed, and optimized for SEO and mobile use, reflecting a mature digital presence. Technically, the site leverages WordPress with WooCommerce and Oxygen Builder, supported by Cloudflare CDN and multiple marketing and analytics tools with consent management, indicating a modern and compliant infrastructure. Security posture is solid with HTTPS, valid SPF and DMARC records, and security headers, though improvements in HSTS and DNSSEC could enhance protection. Overall, avaay.de demonstrates a high level of business credibility, privacy compliance, and technical sophistication, positioning it well in the healthcare e-commerce market.

T

THE LÄB - How to LÄND and EXPÄND in Germany

the-laeb.de

0

THE LÄB is a technology-focused startup accelerator based in Karlsruhe, Germany, serving as the international orientation of the CyberLab Startup Accelerator. It supports startups primarily in the IT sector with mentoring, networking, and market entry assistance, targeting international entrepreneurs aiming to establish and expand in Germany, especially in the Baden-Württemberg region. The website is built on Squarespace and hosted by Squarespace, featuring a professional design and good content quality. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security shortfall. Security headers are partially implemented, but modern TLS protocols and advanced security features are missing. Privacy compliance is addressed with a privacy policy and cookie consent banner, though terms of service and security policies are absent. Contact information is clearly provided, including email, phone, physical address, and an embedded contact form. The site links to multiple partner and supporting organizations, reinforcing its credibility and network strength.

C

CyberForum Akademie

scaleup-leadership.de

0

The website scaleup-leadership.de represents the Scale-up Leadership program, a coaching and leadership development initiative targeted at startups transitioning to scale-ups, primarily in the technology sector in Germany. The program is organized by the CyberForum Akademie and funded by the L-Bank, positioning itself as a key player in European high-tech entrepreneurial networks. The site provides detailed program information, testimonials, and contact options including an external Microsoft Forms application form. Technically, the site is built on Squarespace CMS with standard fonts and assets, but critically lacks HTTPS support, exposing users to security risks. Privacy compliance is addressed with a cookie banner and a privacy policy in German, but no terms of service or explicit security policies are found. Overall, the site offers good content quality and user experience but suffers from a poor security posture due to missing SSL and security headers.

B

Bertelsmann

createyourowncareer.com

0

CreateYourOwnCareer.com is a career portal operated under the Bertelsmann group, a large multinational media and services conglomerate founded in 1835. The website provides comprehensive career-related content including job listings, graduate programs, internships, and networking events targeting students, graduates, and professionals. The site is built on TYPO3 CMS and hosted via Arvato Systems, reflecting a mature technical infrastructure with modern content management but lacking in SSL/TLS security. While the site includes cookie consent mechanisms and uses Google Analytics and Tag Manager for tracking, it lacks a valid HTTPS configuration, which is a critical security deficiency. The site demonstrates good content quality, branding consistency, and professional design, but the absence of HTTPS and related security best practices significantly lowers its security posture and overall trustworthiness.

A

AGRALE S.A

agrale.com.br

0

Agrale S.A is a well-established Brazilian manufacturer specializing in tractors, trucks, buses, utility vehicles, and engines with over 50 years of market presence. The company operates primarily in the transportation sector, serving agricultural, commercial, and industrial clients through a broad dealer and service network. Their website reflects a solid business model focused on manufacturing and after-sales services, targeting national and regional markets in Brazil. The site content is relevant and professionally presented, supporting the company's market position as a national leader. Technically, the website uses an older technology stack including jQuery 1.7.1 and Apache server on Ubuntu, hosted via Embratel Cloud DNS infrastructure. While the site includes Google Maps integration and FontAwesome icons, it lacks modern CMS or frameworks and shows signs of technical debt such as outdated libraries and missing HTTPS support. Performance and mobile optimization are basic, with room for improvement in SEO and accessibility. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, severely impacting its security posture. No advanced security headers or mechanisms like HSTS or OCSP stapling are implemented. The site uses standard security headers but misses critical protections and vulnerability disclosures. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is uncertain. No incident response or security policy pages were found. Overall, the website is functional and business-credible but requires urgent security improvements, especially enabling HTTPS and updating outdated technologies. Strategic recommendations include implementing a valid SSL certificate, enhancing security headers, publishing vulnerability disclosure policies, and modernizing the technical stack to improve performance, security, and compliance.

Aerolux is a small Brazilian business specializing in road signaling products for the Brazilian market. The website is currently a 'Coming soon' placeholder with minimal content, indicating the business is either new or preparing for a launch. The site targets businesses or entities needing road signaling solutions in Brazil. Technically, the site is built using Hostinger Website Builder and the Astro framework, hosted on Hostinger's GCP infrastructure. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security deficiency. Security headers are partially implemented, but key security features like TLS protocols and OCSP stapling are missing. Privacy and cookie policies are absent, and no incident response or vulnerability disclosure information is provided. Overall, the site demonstrates basic digital maturity but requires significant improvements in security and compliance to build trust and protect user data.

Y

YourWay Digital

yourway.digital

0

YourWay Digital is a Brazilian digital agency specializing in custom development of applications, websites, and digital marketing services. Established in 2019 and based in Caxias do Sul, Brazil, the company has delivered over 70 projects and holds a Platinum partnership with RD Station, highlighted by winning the Limitless RD Station 2024 award. The website showcases a comprehensive portfolio of services including app development, marketing strategy, site creation, e-commerce solutions, social media management, and branding. Technically, the site is built on modern frameworks such as Next.js and React, hosted on Vercel, and integrates with AWS and Heroku platforms. However, the site lacks a valid SSL certificate, resulting in no proper HTTPS support, which is a critical security concern. Security headers are present but the SSL/TLS configuration is incomplete, exposing the site to potential risks. Privacy compliance is minimal with no visible privacy or cookie policies, though SPF and DMARC DNS records are properly configured for email security. Overall, the website is professionally designed with excellent content quality and user experience, but security and privacy practices require urgent improvement to enhance trust and compliance.

A

AKZONOBEL LTDA.

coralmatiz.com.br

0

Coral Matiz is a Brazilian loyalty and professional engagement platform operated by AKZONOBEL LTDA., targeting architects, interior designers, and landscapers. The platform offers curated content, professional tools, and a points-based rewards program to enhance user engagement and brand loyalty. The website is well-branded and content-rich, with clear navigation and a focus on professional users and students in the design sector. Technically, the site uses a modern front-end stack including Bootstrap, jQuery, and integrates Google Analytics and Tag Manager for tracking. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture, exposing users to risks when submitting sensitive personal data. Privacy and cookie policies are comprehensive and GDPR/LGPD compliant, with consent mechanisms implemented. Overall, the site demonstrates good business credibility but requires urgent security improvements to protect user data and comply with best practices.

I

Incepa

banheirosincepa.com.br

0

Incepa is a Brazilian manufacturing company specializing in bathroom and kitchen sanitary products, including ceramic sanitary ware, accessories, and complementary items. The company has recently integrated with the Roca brand, enhancing its market position. The website serves as a product catalog and brand promotion platform targeting residential customers, hotels, construction companies, and public environments. Technically, the site uses an Apache server with PHP 7.3.33 and integrates multiple marketing and analytics tools such as Google Tag Manager, Google Analytics, Facebook Pixel, and OneTrust for cookie consent. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts its security posture. The website content is well-structured and professionally designed, but privacy and security policies are missing or not clearly presented. Overall, the site demonstrates moderate digital maturity but requires urgent improvements in security and privacy compliance.

S

Sigevent.pro

sigevent.pro

0

The website sigevent.pro currently serves a minimal placeholder or error page in Portuguese indicating that no content was found at the requested URL. The domain appears to be related to event management services, with a partner or related site bcseventos.com.br referenced in the footer. The technical infrastructure is hosted on Amazon AWS, but the site lacks a valid SSL certificate and does not support HTTPS, which is a critical security deficiency. No privacy, cookie, or terms of service policies are present, and no contact information beyond a single company email is found. The overall website quality is poor with minimal content, no SEO or accessibility optimizations, and no security best practices implemented. The site is accessible without WAF or security challenges but is not functional as a business-facing website in its current state.

M

mobilityportal gmbh

mobilityportal.de

0

mobilityportal gmbh operates a digital multimodal mobility platform focused on public transportation (ÖPNV) in Germany. The company offers integrated solutions for managing various transport modes including bus, tram, on-demand services, and e-scooters, enabling seamless door-to-door transport options. Their platform supports both front-end passenger services and back-office digital processes, targeting public transport operators, municipalities, and mobility providers. The website reflects a professional business presence with clear service descriptions and contact options, positioning the company as an innovative player in the transportation technology sector.

E

Error: 404 Page not found

qiata.com

0

The website at qiata.com currently serves only a 404 Page Not Found error with no accessible business content or metadata. The site uses Joomla CMS with the Helix Ultimate template framework and includes Bootstrap and Font Awesome libraries. The SSL configuration supports TLS 1.2 with a strong cipher suite but lacks modern features such as TLS 1.3, HSTS, OCSP stapling, and DNSSEC, indicating a basic security posture. No privacy, cookie, or terms of service policies are present, nor is there any contact or business information available on the site. Performance is slow with a page load time of approximately 4.8 seconds. Overall, the site lacks content, security best practices, and compliance indicators, resulting in a low trustworthiness and professionalism rating.

D

Deciso

opnsense.org

0

OPNsense.org is the official website for OPNsense®, an open source firewall and routing platform developed by Deciso. The platform targets enterprises, professionals, and the open source community, offering a free core product alongside a commercial Business Edition with enhanced features. The website demonstrates a mature digital presence with comprehensive content, community engagement, and commercial offerings including official hardware and training. Technically, the site is built on WordPress with modern frontend frameworks and integrates Google Analytics and custom search capabilities. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and HTTPS support, exposing users to potential risks. Privacy policies and terms of service are present and comprehensive, but cookie consent mechanisms are not implemented. Overall, the site is professional and trustworthy but requires urgent security improvements to protect visitors and maintain credibility.

S

SECUDOS GmbH

secudos.de

0

SECUDOS GmbH is a German-based technology company specializing in innovative IT security solutions aimed at ensuring digital sovereignty and high-performance network infrastructures for businesses. Their product portfolio includes secure data exchange software (Qiata), a hardened operating system (DOMOS), and recovery technology for hardware appliances (SDR). The company positions itself as a reliable and experienced partner with over 20 years of expertise in complex network environments, serving a broad range of corporate clients. Technically, the website is built on Joomla CMS with modern frameworks like Bootstrap and jQuery, offering good mobile optimization and user experience. However, the absence of a valid SSL certificate and lack of HTTPS support significantly weaken the security posture, despite proper email authentication records and GDPR compliance. Overall, the site demonstrates good business credibility and privacy practices but requires urgent improvements in SSL/TLS implementation to enhance security and trust.

R

Reintel

reintel.es

0

Reintel is the largest neutral operator of dark fiber infrastructure in Spain, operating as a subsidiary of Grupo Red Eléctrica (redeia). The company provides critical telecommunications infrastructure services including long-distance fiber networks, dedicated cables, equipment hosting, and customized connectivity solutions. Their market position is strong within the Spanish energy and telecommunications sectors, serving businesses requiring extensive fiber optic connectivity. The website reflects a mature digital presence built on Drupal 10, integrating modern technologies such as Google Tag Manager, Cookiebot for consent management, and Google Maps API. Despite a slow page load time, the site offers excellent content quality, clear navigation, and good mobile optimization. Security posture is solid with HTTPS, valid SSL certificates, and OCSP stapling, though improvements are recommended in DNS security and HTTP security headers. Privacy compliance is robust with comprehensive privacy and cookie policies and active consent mechanisms. Overall, Reintel demonstrates a professional and trustworthy online presence aligned with its business stature.

R

Red Eléctrica

ree.es

0

Red Eléctrica is the Spanish Transmission System Operator (TSO) responsible for the operation, development, and maintenance of the national electricity grid. The company plays a critical role in ensuring the quality and security of electricity supply across Spain and supports the country's ecological transition by integrating renewable energy sources and developing infrastructure projects. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design, targeting energy sector stakeholders and the general public interested in electricity data and sustainability. Technically, the site is built on Drupal 10 with modern front-end libraries and uses Akamai and Imperva for DNS and CDN services. However, a critical security shortcoming is the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is strong, supported by consistent branding, corporate governance links, and trust signals. Overall, the site scores well in content and business credibility but requires urgent improvements in SSL/TLS security to enhance trust and protect users.

N

New Work SE

new-work.se

0

New Work SE is a large technology company focused on shaping the future of work through its portfolio of strong brands including XING, kununu, onlyfy, and InterNations. The company operates primarily in the German-speaking market, providing recruitment, employer branding, and global networking services. Their website reflects a professional and consistent brand image with comprehensive content aimed at professionals and companies seeking talent solutions. Technically, the website uses modern technologies such as Algolia for search, Usercentrics for consent management, and Adobe Analytics for tracking. Hosting is on Amazon AWS infrastructure. Security posture is solid with HTTPS, SPF, and DMARC configured, though improvements like HSTS and OCSP stapling are recommended. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is trustworthy and professional, though performance optimization could enhance user experience.

V

VTT Technical Research Centre of Finland Ltd.

vtt.fi

0

VTT Technical Research Centre of Finland Ltd. is a leading European research institute providing visionary research, development, and innovation services across multiple sectors including energy, transportation, technology, manufacturing, and healthcare. The company offers a broad portfolio of advanced services such as 6G hardware technologies, quantum computing, cybersecurity, and sustainable development solutions. Their market position is strong, supported by extensive partnerships and a large expert community. Technically, the website is built on Drupal CMS with modern technologies and demonstrates good performance and accessibility. Security posture is solid with HTTPS, valid SPF, and OCSP stapling, though improvements like enabling HSTS and DNSSEC are recommended. Privacy compliance is well managed with comprehensive cookie consent via Cookiebot and a detailed privacy policy. Overall, the website reflects a professional, trustworthy, and mature digital presence.

S

SQS - Software Quality Systems

sqs.es

0

SQS - Software Quality Systems is a medium-sized Spanish company specializing in software testing, quality assurance, certification, and data space services. It serves regulated sectors such as healthcare, pharmaceuticals, railways, and automotive, offering professional consulting, managed testing services, and training. The company holds multiple recognized certifications including ISO 9001, ISO/IEC 27001, and ENS, positioning itself as a trusted provider in the technology and regulated industries. Technically, the website is built on WordPress with Divi theme and integrates modern marketing and analytics tools such as Google Analytics, Hotjar, and reCAPTCHA. However, the site lacks a valid SSL certificate and modern TLS support, which significantly weakens its security posture. Privacy compliance is well addressed with GDPR cookie consent and a comprehensive privacy policy. Contact information is clearly available, enhancing business credibility. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

G

GAIA-X 4 KI

gaia-x4ki.eu

0

GAIA-X 4 KI is a medium-sized German research project focused on developing a data and service ecosystem for training and validating AI applications, particularly in the automotive and manufacturing sectors. The project emphasizes data sovereignty, transparency, and interoperability based on the GAIA-X infrastructure. The website provides detailed information about the project, consortium partners, news, and publications, targeting industry stakeholders, research institutions, and SMEs. Technically, the site uses modern TLS protocols, Bootstrap frontend, and likely a Ruby on Rails backend, hosted on Hetzner infrastructure. While HTTPS is properly implemented, the site lacks advanced security headers, DNS security features, and privacy/cookie policies, which lowers its security and privacy posture. Overall, the site is well-branded, professionally designed, and content-rich but could improve in privacy compliance and security hardening.

N

net-maxX GmbH

net-maxx.de

0

net-maxX GmbH operates a virtual platform designed for fan communities, leveraging interactive virtual worlds to connect users. The company is a small technology startup based in Germany, founded in 2023, and collaborates with partners such as Telemaxx and agenturserver.de. The website is built on the Ghost CMS platform and demonstrates good content quality and user experience with moderate performance. Security posture is adequate with HTTPS and SPF configured, but lacks advanced TLS features and email security enhancements like DMARC. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is professional and trustworthy but could improve in security and privacy areas.

V

Verivox GmbH

verivox.de

0

Verivox GmbH operates a leading independent comparison portal in Germany, offering consumers the ability to compare tariffs across energy, telecommunications, insurance, and finance sectors. Established in 1998, the company has positioned itself as a market leader with multiple awards and a strong reputation for transparency and customer satisfaction. The website provides comprehensive services including tariff comparisons, calculators, and personalized recommendations, supported by a modern technical infrastructure leveraging advanced JavaScript frameworks and third-party analytics and consent management tools. Despite its strong market presence and user-centric design, the site suffers from an invalid SSL certificate, which poses a significant security risk and undermines user trust. The company demonstrates good privacy compliance with clear policies and consent mechanisms, but should address critical security issues promptly to maintain its high credibility and protect user data.

Z

ZENIT GmbH

zenit.de

0

ZENIT GmbH is a regional innovation and technology center based in North Rhine-Westphalia, Germany, focused on transforming the Mittelstand (SMEs) through services in innovation, technology transfer, digitalization, funding, and internationalization. The company holds a strong market position as a key facilitator and network coordinator for SMEs and research institutions in NRW, leveraging partnerships with European and regional stakeholders. The website reflects a mature digital presence with comprehensive content, event management, and community testimonials. Technically, the site is built on WordPress with modern JavaScript libraries and SEO optimizations, but suffers from a critical lack of a valid SSL certificate and modern security configurations, exposing it to significant security risks. Privacy compliance is partially met with a detailed privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

L

Lekkerland SE

lekkerland.de

0

Lekkerland SE is a leading convenience wholesaler and logistics provider in Germany, serving approximately 40,000 retail points with a broad product assortment and tailored services. The company is part of the REWE Group, a major European retail conglomerate. The website reflects a mature digital presence with comprehensive business information, structured data, and multi-language support. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL certificate and HTTPS support, which exposes users to risks and undermines trust. Privacy compliance is well managed with cookie consent via Usercentrics and a comprehensive privacy policy. The site uses modern marketing and analytics tools but suffers from slow load times and lacks advanced security headers. Strategic improvements in SSL deployment and security hardening are essential to elevate the security posture and user trust.

E

E.ON Energie Österreich GmbH

eon-energie.at

0

E.ON Energie Österreich GmbH is a leading energy provider in Austria, offering reliable electricity and natural gas supply with a strong emphasis on renewable energy, particularly 100% green electricity from Austrian hydropower. The company also provides e-mobility solutions and comprehensive customer service including online portals and live chat support. Their market position is reinforced by multiple industry awards and certifications, reflecting a commitment to quality and sustainability. Technically, the website is built on Adobe Experience Manager with modern web components and integrates various third-party services such as Google Tag Manager for analytics and Usercentrics for consent management. The site is hosted via Cloudflare and uses a valid DigiCert SSL certificate, though some security enhancements like HSTS and DNSSEC are not yet implemented. Performance is moderate with room for improvement. Security posture is solid with no critical vulnerabilities detected, proper use of HTTPS, and SPF records for email protection. Privacy compliance is strong with clear privacy and cookie policies and a consent mechanism in place. Contact information is readily available, enhancing business credibility. Overall, the website demonstrates a mature digital presence with good content quality, technical implementation, and security practices, positioning E.ON as a trustworthy and professional energy provider in the Austrian market.

G

Grazer Wechselseitige Versicherung AG

grawe.at

0

Grazer Wechselseitige Versicherung AG (GRAWE) is a well-established Austrian insurance company founded in 1828, offering a broad range of insurance products including private, business, and agricultural insurance, alongside financial services. The company maintains a strong market position in Austria with a large customer base and extensive service network. Their website reflects a mature digital presence with comprehensive content, clear navigation, and multi-language support. Technically, the site is built on TYPO3 CMS, uses modern JavaScript and CDN services, but suffers from slow load times due to high resource count and page size. Security posture is good with valid SSL, strong cipher suites, and proper DNS security records like SPF and DMARC, though improvements such as enabling HSTS and OCSP stapling are recommended. Privacy compliance is robust with clear cookie consent mechanisms and GDPR-aligned policies. Overall, the site demonstrates high professionalism and trustworthiness, suitable for its large enterprise status.

F

Firstlead GmbH

firstlead-server.de

0

Firstlead GmbH operates the website firstlead-server.de as a service platform in partnership with the affiliate network ADCELL. The site primarily serves as an informational landing page providing company contact details and links to the ADCELL affiliate network. The business model focuses on affiliate marketing services targeting advertisers and affiliates in Germany. The website content is minimal and presented in both German and English, reflecting a small-sized technology sector company with a basic online presence. Technically, the website uses Cloudflare for DNS hosting but lacks a valid SSL certificate, resulting in no HTTPS support. The site includes Google Analytics and Google Tag Manager scripts for tracking but does not implement cookie consent mechanisms or advanced SEO features. Performance is moderate with basic mobile optimization and accessibility. The meta robots tag is set to noindex, indicating the site is not intended for public search engine indexing. From a security perspective, the absence of a valid SSL certificate is a critical vulnerability, exposing users to potential data interception risks. No security headers or advanced security policies are implemented. Privacy compliance is partial, with a privacy policy and terms of service linked externally on the ADCELL domain but no cookie consent or explicit GDPR compliance indicators on the site itself. Overall, the website presents a low-risk profile due to its limited functionality and content but requires urgent improvements in SSL configuration and privacy compliance to enhance trustworthiness and security posture.

W

Weiterbildungsportal Saarland

weiterbildungsdatenbank-saar.de

0

Weiterbildungsportal Saarland is a regional educational information platform focused on providing comprehensive resources about continuing education for individuals, companies, and educational providers within the Saarland region of Germany. The platform is supported by governmental and institutional partners, offering detailed course databases, funding information, and thematic content tailored to various user groups. Technically, the website is built on TYPO3 CMS with Bootstrap for responsive design, ensuring good accessibility and user experience. Security-wise, the site employs HTTPS with modern TLS protocols and a valid SPF record, though it lacks some advanced HTTP security headers such as HSTS and DMARC, which are recommended for enhanced protection. The use of Matomo analytics reflects a moderate user tracking approach with privacy compliance in mind. Overall, the site demonstrates a solid balance of content quality, technical implementation, and security posture, positioning it as a trustworthy and professional resource in its domain.

H

Handwerkskammer des Saarlandes

hwk-saarland.de

0

Handwerkskammer des Saarlandes is a regional government institution dedicated to supporting the craft and trade sector in Saarland, Germany. The organization provides comprehensive services including vocational training, further education, business start-up consulting, and operational support to handcraft businesses and individuals. The website reflects a well-established entity with a strong regional presence and a focus on quality and accessibility. Technically, the site is built on WordPress with modern JavaScript frameworks like Vue.js, ensuring a responsive and user-friendly experience. Security measures such as HTTPS, HSTS, and SPF are properly implemented, though there is room for improvement in OCSP stapling and certificate transparency. Privacy compliance is robust with a clear privacy policy and cookie consent mechanism. Overall, the site demonstrates a mature digital infrastructure aligned with its public service mission.

I

IHK Saarland

ihksaarland.de

0

IHK Saarland operates as a regional chamber of commerce and industry serving the Saarland region in Germany. The organization provides a broad range of services including business consulting, education and training, legal and regulatory guidance, and digital services to support local enterprises, founders, and various business stakeholders. The website reflects a well-structured and professional digital presence with comprehensive content tailored to its target audience of businesses and professionals in the region. Technically, the site uses a traditional JavaScript and CSS stack with jQuery libraries and is hosted via epag.net DNS infrastructure. While the site supports modern TLS protocols ensuring secure HTTPS connections, it lacks advanced security headers and DNS security features, indicating room for improvement in its security posture. Privacy compliance is well addressed with clear cookie consent mechanisms and accessible privacy policies. The website is not blocked by any WAF or security challenge, allowing full content access. Overall, the site scores well in business credibility and privacy compliance but could enhance technical and security aspects to improve performance and resilience.

V

Verband Deutscher Hidden Champions

vdhc-ev.de

0

VDHC e.V. is a German-based association representing medium-sized enterprises known as Hidden Champions. The organization focuses on networking, knowledge exchange, and advocacy for SMEs that are market leaders in niche sectors. Their business model centers on exclusive membership, offering events, webinars, and international business trips to foster collaboration and visibility. Technically, the website is built on WordPress with modern plugins and supports HTTPS with strong TLS protocols, though it lacks some advanced security headers and DMARC. The security posture is solid with no detected vulnerabilities, and privacy compliance is well implemented with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates a professional and trustworthy presence with good content quality and technical implementation.

D

Deutsche Gesellschaft für Zerstörungsfreie Prüfung e.V.

dgzfp.de

0

The Deutsche Gesellschaft für Zerstörungsfreie Prüfung e.V. (DGZfP) is a German professional association specializing in non-destructive testing (ZfP). The organization provides extensive training, certification, networking opportunities, and research support to professionals and industries such as automotive, construction, railway, and aviation. The website reflects a mature digital presence with rich content, event listings, and comprehensive privacy and cookie policies compliant with GDPR. Technically, the site is built on WordPress with modern plugins for SEO and cookie management, but suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support. This significantly impacts the security posture and user trust. The site is well-branded, professionally designed, and targets industry professionals and organizations in Germany.

W

Wuppertaler Kreis e.V.

wuppertaler-kreis.de

0

Wuppertaler Kreis e.V. is a well-established German association representing leading providers of corporate continuing education. Founded in 1955, it serves as a key voice for the industry, promoting workforce qualification, innovation, and competitiveness through quality assurance and advocacy. The website reflects a mature organization with a clear focus on education and professional development, targeting companies and training providers in Germany. Technically, the site is built on TYPO3 CMS, hosted via Deutsche Telekom infrastructure, and delivers moderate performance with good mobile optimization. Security posture is basic with a valid SSL certificate but lacks advanced security headers and email protection mechanisms like DMARC. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information and business credibility are well presented, supported by testimonials and partner logos. Overall, the site is professional and trustworthy but could improve in security and privacy practices.

Security assessment completed with an overall score of 50/100 (unknown risk). 1 critical issues require immediate attention. Total of 13 security findings identified across all modules.

F

Fraunhofer-Verbund Mikroelektronik in Kooperation mit den Leibniz-Instituten FBH und IHP

forschungsfabrik-mikroelektronik.de

0

The Fraunhofer-Verbund Mikroelektronik (FMD) is a leading German research consortium specializing in micro- and nanoelectronics, collaborating closely with Leibniz institutes FBH and IHP. The website serves as a comprehensive portal offering information on technology platforms, funding programs, cooperation opportunities, and current projects, targeting industry players, startups, SMEs, and academic institutions. The business model focuses on providing a one-stop-shop for microelectronics R&D, supported by strong institutional backing and federal funding. Technically, the site is built on Adobe Experience Manager with modern JavaScript libraries, delivering a moderate performance and good mobile optimization. Security posture is solid with HTTPS and strong cipher suites, though improvements like HSTS, DNSSEC, and TLS 1.3 support are recommended. Privacy compliance is good with a clear privacy policy but lacks a cookie consent mechanism. Overall, the site is professional, trustworthy, and well-positioned in its market niche.

V

Videmi GmbH & Co. KG

videmi.de

0

Videmi GmbH & Co. KG is a small, established media company based in Germany specializing in integrated communication, film production, design, and photography services. With over 10 years of experience, the company serves a diverse clientele seeking enhanced visibility and communication strategies. Their website reflects a professional and consistent brand presence with clear service offerings and active social media engagement. Technically, the site is built on WordPress using the Enfold theme and incorporates modern technologies such as TLS 1.3 and Yoast SEO for optimization. However, some security enhancements like HSTS, DNSSEC, and advanced security headers are absent, which could improve their security posture. The site includes a GDPR-compliant privacy policy and cookie consent mechanism, demonstrating good privacy compliance. Overall, the website is well-designed, user-friendly, and trustworthy, though there is room for technical and security improvements.

D

DIN

din.one

0

DIN.ONE is a German-based community platform powered by Atlassian Confluence, designed to facilitate expert collaboration on standardization and norming projects. The platform hosts thematic communities, events, and news, targeting professionals engaged in these sectors. Technically, the site leverages Confluence 8.5.21 with a Refined theme, hosted likely on Google Cloud infrastructure. While the site uses HTTPS with modern TLS protocols, it lacks advanced security headers and mechanisms such as HSTS and OCSP stapling, which could enhance its security posture. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the website provides good content quality and business credibility but suffers from slow performance and basic technical implementation.

D

DIN Solutions GmbH

dinsolutions.de

0

DIN Solutions GmbH is a medium-sized technology company operating within the DIN group, specializing in the development and operation of software, platforms, and databases for norming and standardization. The company serves DIN, DIN Media, and their customers and partners by delivering tailored technical solutions and engaging in innovative research and development, including artificial intelligence applications. Their market position is strong within the German norming ecosystem, supported by ISO 9001 certification and partnerships with recognized entities such as TÜV Rheinland. Technically, the website employs modern technologies including MarkLogic NoSQL database, X-Swift framework, and Swift programming language for transformation processes. The site is well-designed, mobile-optimized, and uses etracker for analytics. Performance is moderate with a page load time of about 3 seconds. However, the SSL certificate is nearing expiration, and security headers are minimal, indicating room for improvement in security hardening. Security posture is adequate with HTTPS, SPF, and DMARC configured, but lacks HSTS, DNSSEC, and advanced security headers. No vulnerabilities or malware were detected, but urgent SSL renewal is needed to maintain trust and secure communications. Privacy compliance is good with a comprehensive privacy policy and GDPR adherence, though no cookie consent mechanism was found. Overall, the website is professional and trustworthy with strong business credibility. Strategic recommendations include immediate SSL renewal, enhancing security headers, implementing DNSSEC and CAA, and adding cookie consent mechanisms to improve privacy compliance and security posture.

V

VCxray Inspection Services GmbH - X-ray inspection, testing services

xray-testing.com

0

The website xray-testing.com is currently inaccessible due to an HTTP 500 server error, which prevents normal content delivery. The site appears to host an offline dinosaur game script but lacks any meaningful business or contact information. The technical infrastructure supports modern TLS protocols but lacks important security features such as HSTS, OCSP stapling, and DNSSEC. No privacy, cookie, or terms of service policies are present, indicating poor compliance posture. Overall, the site is minimal, with poor content quality and limited technical maturity, resulting in a low trust and security rating.

4

404 Not Found

sigmacutt.link

0

The website sigmacutt.link currently serves only a 404 Not Found error page, indicating that the requested resource or site content is unavailable. There is no accessible business or marketing content, no metadata, no forms, and no contact information. The site is hosted behind Cloudflare with valid SSL, but the SSL certificate dates appear unusual and security headers are absent. Performance is slow with minimal resources loaded. Overall, the site lacks any visible business presence or user engagement features, making it impossible to assess business operations or market positioning. Security posture is minimal with no advanced protections enabled. Privacy and compliance policies are not present, indicating a lack of GDPR or similar regulatory adherence. The site is not blocked by a WAF or security challenge but is effectively inaccessible due to the missing content.

F

Firstlead GmbH

adcell.de

0

ADCELL, operated by Firstlead GmbH, is a well-established affiliate marketing network founded in 2003, targeting the German-speaking markets of Germany, Austria, and Switzerland. The platform connects publishers, advertisers, and agencies, offering a performance-based affiliate marketing model with no setup fees or monthly charges. The company enjoys a strong market position with over 64,000 active publishers and 2,426 partner programs, supported by multiple industry awards and certifications. The website content is rich, professionally designed, and targets a broad audience including publishers, advertisers, and agencies. Technically, the site uses common web technologies such as jQuery, Bootstrap, and slick sliders, hosted behind Cloudflare DNS services. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Privacy compliance is addressed with a consent management platform and clear privacy and cookie policies. Overall, the site demonstrates good business credibility but requires urgent security improvements.

N

news aktuell

zimpel.de

0

Zimpel.de is a German PR software and media database platform operated as a product of news aktuell, a subsidiary of the German Press Agency (dpa). The website targets PR professionals and media relations specialists by providing tools for managing journalist contacts and media distribution lists. The business model is SaaS-oriented, focusing on the media and public relations sector within Germany. The site content is minimal and primarily driven by JavaScript, with no visible contact or policy pages on the main HTML content. Technically, the site uses nginx as the web server and employs modern TLS protocols (TLS 1.2 and 1.3) with a valid SSL certificate. DNS hosting is managed by Colt, and email services are routed through news aktuell mail servers. Security headers are present but some are misconfigured or only in report-only mode, such as the Content Security Policy and X-XSS-Protection header. No DMARC record is configured, which is a gap in email security. No privacy or cookie policies are found, indicating low privacy compliance. Overall, the site demonstrates a moderate security posture but lacks transparency and completeness in privacy and contact information.

G

Grupa Pracuj

pracujwgp.pl

0

Grupa Pracuj operates as a leading HR technology platform in Europe, connecting job seekers with employers through a suite of recruitment and HR management products. The company maintains a strong market position with multiple subsidiary brands including Pracuj.pl, eRecruiter, and Softgarden. The website reflects a professional and comprehensive approach to employer branding and recruitment, targeting candidates and HR professionals primarily in Poland. Technically, the site is built on the Softgarden platform, leveraging modern JavaScript libraries and hosted via Cloudflare and Azure infrastructure. While the SSL certificate is valid and security policies such as DMARC are strictly enforced, there is room for improvement in HTTPS security by enabling HSTS and DNSSEC. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates a mature digital presence with good content quality, though performance optimization could be enhanced.

S

Sheltr

sheltr.eu

0

Sheltr is a technology company specializing in compliance solutions for privacy-focused businesses, offering leading whistleblower and data discovery platforms. Their services target HR, compliance, and GDPR teams, helping organizations comply with regulations such as GDPR and the EU Whistleblower Directive. The company positions itself as a trusted provider with a user-friendly SaaS model, including free and paid offerings. Technically, Sheltr employs a modern web stack based on the Astro framework, integrates Piwik Pro for analytics, and uses Cookie Information for consent management. The site is hosted on Azure DNS with valid TLS certificates, supporting modern protocols like TLS 1.3. Security posture is solid with SPF and DMARC records, but could be improved by enabling HSTS, DNSSEC, and additional security headers. Privacy compliance is well addressed with comprehensive privacy and cookie policies and a consent mechanism. Overall, the website is professional, well-branded, and trustworthy, with good content quality and user experience. No critical security issues or blocking mechanisms were detected.