Security Directory

The website dieangewandte.at represents the Universität für angewandte Kunst Wien, a large educational institution specializing in applied arts. The site offers comprehensive information about academic programs, research, exhibitions, and cultural events targeting students, researchers, and the arts community. The business model is centered on education and cultural dissemination, positioning the university as a key player in Austria's higher education sector for arts. Technically, the site uses a custom CMS with Apache hosting, integrates Matomo analytics, Google Fonts, and jQuery-based UI components. However, the site lacks HTTPS, which is a critical security deficiency. Security posture is weak due to missing SSL/TLS, lack of security headers, and no incident response or vulnerability disclosure policies. Privacy compliance is minimal with no cookie consent mechanism, though Matomo usage suggests some privacy awareness. Overall, the site is professionally designed and content-rich but requires urgent security upgrades to protect users and data.

S

SUPER

super-web.es

17

SUPER is a small Spanish technology company specializing in virtual and digital ecosystem solutions targeted at European markets. Their website offers multilingual content and services including virtual expert consultations and technology-related blog posts. The technical infrastructure is based on WordPress with common plugins such as WooCommerce and LayerSlider, supported by Apache server technology. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Privacy and cookie policies exist but lack advanced compliance features such as consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional but requires urgent security improvements to protect user data and build trust.

I

Iceberg Cultures of Inclusion

icebergci.com

23

Iceberg Cultures of Inclusion is a consulting firm specializing in strategic management of diversity, equity, and inclusion (DEI) across Latin America. The company positions itself as a leader in this niche market, offering services such as DEI strategy development, inclusive ecosystem design, training, and cultural intelligence development. Their client base includes major multinational corporations, indicating a strong market presence and trust. Technically, the website uses modern frontend technologies including Bootstrap, Alpine.js, and jQuery, hosted on Apache with October CMS as the content management system. However, the site lacks a valid SSL certificate, serving content over HTTP only, which significantly impacts security posture. No privacy or cookie policies are found, and no incident response or security policies are published, indicating gaps in compliance and security transparency. Overall, the website is professionally designed with good content quality and user experience but requires urgent improvements in security and privacy compliance to enhance trust and protect user data.

D

DFS Deutsche Flugsicherung GmbH

dfs.de

40

DFS Deutsche Flugsicherung GmbH is the official German air navigation service provider responsible for managing and controlling air traffic within German airspace. The company ensures safe, efficient, and environmentally conscious flight operations, serving millions of passengers annually. Their services include air traffic control, drone flight management, environmental initiatives, training, and research and development. The website targets aviation professionals, drone operators, and the general public interested in air traffic and environmental topics. Technically, the website employs modern JavaScript frameworks, SystemJS module loading, and the Ionas CMS platform, hosted on Azure DNS infrastructure. The site is well-structured, mobile-optimized, and provides multilingual support. However, the security posture is weakened by an invalid SSL certificate and lack of proper HTTPS enforcement, which is a critical issue. Privacy compliance is strong, with comprehensive cookie consent mechanisms and GDPR-aligned privacy policies. The site lacks explicit incident response or vulnerability disclosure information. Overall, the website is professional and trustworthy but requires urgent SSL remediation to improve security.

The domain bwwred.be is registered and resolves to an IP hosted by Neostrada in Belgium. However, the website currently serves only a default hosting placeholder page with no actual business content or metadata. There are no privacy, cookie, or terms of service policies present, nor any contact or company information. The site lacks an SSL certificate, serving content over HTTP only, which is a critical security deficiency. DNS and mail exchange records are properly configured, indicating some level of domain management, but the absence of active website content suggests the site is not operational or under development. From a technical perspective, the site uses Apache as the web server and is hosted on Neostrada's infrastructure. No modern web technologies, frameworks, or CMS platforms are detected. Performance data is unavailable due to the lack of content. Security headers are minimal and no advanced security mechanisms such as HSTS or OCSP stapling are enabled. The SSL configuration is non-existent, resulting in a low security posture. Security evaluation highlights critical issues including the absence of HTTPS, no privacy or cookie policies, and no contact or incident response information. These factors significantly reduce trust and compliance with GDPR and other regulations. The domain registration is consistent and legitimate, but the lack of active content and security measures poses a risk for users and visitors. Overall, the website is currently non-functional from a business and security perspective. Strategic recommendations include deploying a valid SSL certificate, publishing privacy and cookie policies, adding contact and incident response information, and developing actual website content to improve trust, compliance, and user experience.

imation.com represents a technology-focused business specializing in storage solutions, positioning itself as a global leader in the storage industry with a focus on SSD products. The website primarily targets Korean-speaking users with language-based redirection to Korean subdomains, indicating a regional focus within a global market. The business model appears to be product and solution sales in the technology sector, with moderate company size inferred from the domain and content. The website content is minimal and primarily serves as a redirect hub rather than a full informational site. From a technical perspective, the site is hosted on an Apache server running an outdated PHP version 5.4.16, which poses security risks. The hosting IP suggests Amazon AWS infrastructure. The site lacks HTTPS support due to an invalid SSL certificate, which severely impacts security posture and user trust. Google Analytics is implemented for user tracking, but no privacy or cookie policies are present, indicating poor privacy compliance. Performance data is unavailable, but the minimal content and redirection scripts suggest slow or moderate loading times. Security evaluation reveals critical vulnerabilities including the absence of HTTPS, no HSTS, no DNSSEC, and no security headers beyond basic server headers. The lack of a valid SSL certificate and use of outdated PHP version expose the site to potential attacks. No incident response or security policies are publicly disclosed, and no contact information is provided for security or abuse reporting. These factors contribute to a low security score and overall risk to users and business reputation. Overall, the site exhibits significant gaps in security and privacy compliance, with minimal content and poor user experience. Strategic recommendations include immediate implementation of a valid SSL certificate, upgrading server software, publishing privacy and cookie policies, and enhancing security headers and DNS configurations to improve trust and compliance.

Cloud Access LLC operates the domain cloudaccess.host, which appears to be a technology-focused business likely providing cloud hosting or related services. However, the website content is inaccessible, presenting a 403 Forbidden error indicating restricted access or directory protection. This limits the ability to assess the business's public-facing digital presence or service offerings. Technically, the site runs on Apache but lacks HTTPS support due to an invalid or missing SSL certificate, which is a critical security deficiency. DNS configuration is basic but lacks DNSSEC and has malformed CAA records, further reducing security posture. No privacy, cookie, or terms of service policies are present, indicating poor compliance with privacy regulations. WHOIS data shows a mature domain registered to Cloud Access LLC in the US, consistent with a legitimate business entity. Overall, the site exhibits a low security and compliance maturity level with critical issues that must be addressed to improve trust and accessibility.

The website gencat.net serves as an official domain for the Generalitat de Catalunya, the regional government of Catalonia, Spain. However, the site itself contains only a minimal HTML page that immediately redirects visitors to the main government portal at web.gencat.cat. This indicates that gencat.net functions primarily as a redirect domain rather than a content-rich site. The domain is mature, registered since 2000, and aligns with the official government entity, supporting its legitimacy. The target audience includes Catalan citizens and others seeking official government information. From a technical perspective, the site is hosted on an Apache server but lacks modern security and performance features. Critically, there is no SSL/TLS certificate configured, resulting in unencrypted HTTP traffic. The site does not implement DNSSEC, HSTS, or security headers, and no privacy or cookie policies are present. The minimal content and lack of technical sophistication suggest low digital maturity and poor user experience. Security posture is weak due to the absence of HTTPS and security best practices, exposing users to potential interception risks. The lack of privacy compliance measures and contact information further reduces trust and compliance with regulations such as GDPR. Despite these issues, the domain's WHOIS data is consistent and trustworthy, registered to a reputable registrar with no privacy protection, which is appropriate for a government domain. Overall, the website's primary function as a redirect limits its content and utility. Strategic improvements should focus on securing the domain with HTTPS, enhancing security headers, and providing clear privacy and contact information to improve trust and compliance.

The website minigolfsport.com serves as a minimal informational portal for the World Minigolf Sport Federation, primarily redirecting visitors to a subdomain (gov.minigolfsport.com) where presumably more detailed content resides. The business focus is on international minigolf sport governance and community engagement, targeting enthusiasts and stakeholders in the sport. The site lacks substantive content, business contact information, and user engagement features, indicating a small-scale, niche presence. From a technical perspective, the site is hosted on an Apache server with basic HTTP headers and no SSL/TLS encryption, resulting in an insecure connection. The absence of modern web technologies, CMS, or analytics tools suggests a low digital maturity level. Performance metrics are unavailable but inferred to be slow due to minimal optimization and lack of HTTPS. Security posture is weak, with no valid SSL certificate, no HSTS, and no advanced security headers. This exposes users to potential risks such as data interception. No privacy or cookie policies are present, indicating non-compliance with GDPR and other privacy regulations. The WHOIS data is consistent and legitimate, with no privacy protection or suspicious registration patterns. Overall, the site presents a low-risk profile due to minimal data collection but suffers from poor security and compliance practices. Strategic improvements in SSL deployment, content enrichment, and privacy compliance are recommended to enhance trust and professionalism.

I

International Beach Tennis IFBT

ifbt.eu

33

International Beach Tennis IFBT is a small, specialized sports federation focused on promoting and organizing beach tennis events globally. The organization operates a multilingual WordPress website providing comprehensive event information, player rankings, and membership services. The technical infrastructure is based on WordPress with several plugins and a custom theme, hosted by CDmon in Spain. While the website content and business information are well presented and consistent with the organization's mission, the security posture is weak due to lack of a valid SSL certificate and absence of modern TLS protocols. Privacy compliance is addressed with clear policies and consent mechanisms. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

T

The Walt Disney Company

disneyprivacycenter.com

50

The Walt Disney Company Privacy Center website serves as a comprehensive resource for privacy-related information, focusing on transparency and user control over personal data across its digital platforms. The site targets global consumers engaging with Disney's media and entertainment services, providing detailed privacy policies, cookie consent mechanisms, and information tailored for parents and children. The business is a large enterprise with a mature domain and strong brand presence, supported by multiple subsidiary brands such as ABC, ESPN, Marvel, and Hulu. Technically, the website is built on WordPress, leveraging technologies such as Apache, jQuery, Adobe Launch, and OneTrust for cookie consent management. Hosting is via Amazon CloudFront, indicating a scalable and reliable infrastructure. SEO and accessibility features are implemented at a good level, with comprehensive metadata and structured data enhancing search visibility. From a security perspective, the site suffers from a critical issue: the absence of a valid SSL certificate and lack of HTTPS support, severely impacting the security posture and user trust. While some security headers like HSTS are present, they are insufficiently configured. No explicit security policies or incident response contacts are published, and no vulnerability disclosure mechanisms are evident. Overall, the website is professionally designed and content-rich but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and compliance with modern security standards. Strategic improvements in security transparency and incident response readiness would further enhance trust and compliance.

U

Ufficio del Turismo

visitsanmarino.com

46

The website visitsanmarino.com serves as the official tourism portal for the Republic of San Marino, providing comprehensive information on events, travel planning, cultural experiences, shopping, and outdoor activities. It targets tourists and visitors interested in exploring San Marino, positioning itself as the authoritative source for tourism-related content in the country. The business model is government-driven, focusing on promoting tourism and cultural heritage. Technically, the site is built on Magnolia CMS and served via Apache, utilizing JavaScript libraries including jQuery and Google Tag Manager for analytics and marketing. The site is multilingual and mobile-optimized, though performance data suggests potential slowness. Accessibility and SEO are basic but functional. From a security perspective, the site lacks a valid SSL certificate and HTTPS support, which is a critical vulnerability. Security headers are minimal, and no advanced security policies or incident response information are published. Cookie consent mechanisms are absent despite the use of tracking tools, indicating privacy compliance gaps. Overall, the site is legitimate and trustworthy as an official government tourism resource but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

I

Interferenza s.r.l.

offertissime.shop

35

Offertissime.shop is an Italian e-commerce price comparison platform operated by Interferenza s.r.l., founded in 2016. The website offers a product search engine aggregating offers from multiple e-shops, targeting Italian online shoppers seeking the best prices. The business model focuses on guiding users to convenient purchases through comparison and curated e-shop listings. The site is positioned as a niche player in the Italian e-commerce market with a small company size and consistent branding. Technically, the website uses a traditional Apache server with Bootstrap and jQuery for frontend components. DNS is managed via Cloudflare, but only for DNS services, not for security or CDN. The site lacks HTTPS encryption, which is a critical security shortfall. Performance data is missing, but the site appears to have basic mobile optimization and SEO practices. The cookie consent mechanism and privacy policy indicate some GDPR compliance awareness. From a security perspective, the absence of SSL/TLS is a major vulnerability, exposing users to data interception risks. No advanced security headers or modern TLS protocols are implemented. DNSSEC and CAA records are missing, reducing domain security. No incident response or vulnerability disclosure policies are published. The security posture is weak and requires urgent improvements to protect user data and enhance trust. Overall, the website is functional and provides relevant content for its target audience but suffers from critical security deficiencies. Strategic recommendations include immediate deployment of HTTPS, enhancement of security headers, enabling DNSSEC, and publishing security policies. These steps will improve user trust, compliance, and reduce risk exposure.

I

Interferenza s.r.l.

newcart.it

30

Newcart.it is a professional Italian e-commerce platform operated by Interferenza s.r.l., offering turnkey online store solutions including domain, hosting, payment integration, and marketing support. The platform targets small to medium businesses seeking easy and rapid e-commerce deployment with additional features like dropshipping and marketplace synchronization. Technically, the site uses a custom PHP-based platform with Apache server, Bootstrap, jQuery, and FontAwesome, but suffers from outdated libraries and lacks a valid SSL certificate, which critically impacts security. Privacy and cookie policies are well implemented and GDPR compliant, with active user consent mechanisms. The site demonstrates good content quality, clear navigation, and mobile optimization, supported by customer testimonials and a visible company address enhancing trust. However, the absence of HTTPS and modern security headers significantly lowers the security posture, requiring urgent remediation. Overall, the site is functional and credible but needs critical security improvements to ensure safe user interactions and compliance with best practices.

C

CEATL

ceatl.eu

33

CEATL is a well-established international non-profit association based in Belgium, serving as a platform for literary translators’ associations across Europe. Founded in 1993, it provides advocacy, resources, and information exchange to improve the status and working conditions of literary translators. The website targets translators, associations, publishers, and other stakeholders interested in literary translation and European cultural policies. Technically, the site is built on WordPress with a modern theme and plugins, but it suffers from a critical security issue due to the absence of a valid SSL certificate, resulting in no HTTPS support. This significantly impacts the security posture and user trust. The site includes rich content, structured data, and active social media integration, reflecting good digital maturity. However, privacy compliance is partial, with no cookie consent mechanism despite the use of tracking tools like Google Analytics and StatCounter. Overall, the site is professional and credible but requires urgent security improvements to protect user data and enhance trust.

T

Treviweb SAS di Spolitu Francesco & C.

treviweb.it

38

Treviweb is a small Italian technology company specializing in website creation, software development, mobile app development, web marketing, and hosting services. Established since 2005, it has a mature domain and a clear market presence targeting businesses and private clients seeking digital solutions. The website is professionally designed with good content relevance and clear navigation, supporting a positive user experience. Technically, the site uses a WordPress CMS with modern frameworks like Bootstrap and integrates analytics and marketing tools such as Google Analytics, Facebook Pixel, and Google Tag Manager. However, the absence of a valid SSL certificate and HTTPS is a critical security shortfall, exposing users to risks and impacting trust. Privacy compliance is well addressed through Iubenda policies and consent management. Overall, the business credibility is moderate, supported by clear contact information and social media presence.

R

Rubiko Srl

rubiko.it

34

Rubiko Srl is a small technology company based in San Marino, specializing in custom digital solutions including web development, e-commerce platforms, digital marketing, and software management systems. The company targets businesses seeking digital transformation and offers tailored services to enhance online presence and operational efficiency. The website is professionally designed using Drupal 7 and integrates various JavaScript libraries and marketing tools such as Google Analytics and Facebook SDK. However, the technical infrastructure shows signs of aging, notably the use of PHP 5.6.40 and lack of a valid SSL certificate, which significantly impacts the security posture. Security headers are partially implemented, but critical HTTPS enforcement and modern TLS protocols are missing. Privacy and cookie policies are present and appear GDPR compliant, enhancing user trust. Overall, the website is functional and informative but requires urgent security upgrades to protect user data and improve trustworthiness.

B

BAUER Group

bauer.de

40

The BAUER Group is a globally recognized enterprise specializing in specialist foundation engineering, manufacturing, and environmental services. With a history spanning over two centuries, the company maintains a strong market position as a leader in construction and mechanical engineering sectors. Their business model integrates manufacturing of specialized equipment and provision of geotechnical and resource-related services, targeting construction professionals, investors, and job seekers worldwide. Technically, the website is built on Drupal 10 with modern web technologies and demonstrates good mobile optimization, accessibility, and SEO practices. However, the absence of a valid SSL/TLS certificate and HTTPS support significantly undermines the security posture. Security headers and policies are well implemented, but the lack of encryption exposes users to risks. Privacy compliance is robust, with clear privacy and cookie policies and consent mechanisms in place. Overall, the site reflects a professional and trustworthy business presence but requires urgent security improvements to protect user data and maintain trust.

I

Interferenza s.r.l.

interferenza.net

39

Interferenza s.r.l. is a small, established Italian web hosting provider with nearly three decades of experience offering services including shared hosting, VPS, dedicated servers, domain registration, and e-commerce hosting solutions. The company targets businesses and individuals seeking professional yet affordable hosting services. Their market position is supported by customer testimonials and partnerships with recognized technology brands such as Dell, MySQL, Apache, and Fedora. Technically, the website runs on an Apache server with PHP and uses legacy technologies like Flash for some interactive content. However, the site lacks modern performance optimizations and mobile responsiveness is basic. Security posture is weak due to the absence of a valid SSL certificate and HTTPS support, no HSTS, and missing DNS security features. Privacy compliance is partially addressed with cookie and privacy policies, but GDPR compliance indicators are minimal. Overall, the site demonstrates moderate business credibility but requires significant improvements in security and technical modernization to enhance trust and user experience.

P

PPS Professionals Connect

professionalsconnect.co.za

51

ProfessionalsConnect.co.za presents a minimal web presence with very limited content and no visible business descriptions or contact information. The website title suggests a professional networking or connection platform, but no further details are provided to clarify the business model, services, or target audience. Technically, the site uses the Angular framework and common icon libraries but lacks performance data and SEO optimizations. Critically, the site does not have a valid SSL certificate, does not support HTTPS, and lacks essential security headers, exposing it to potential security risks. There are no privacy or cookie policies, and no contact or business information is available, which significantly reduces trust and compliance posture. Overall, the site appears incomplete or underdeveloped, with a low security and privacy maturity level.

F

Fondazione Unicampus San Pellegrino

ssmlitalia.it

36

Fondazione Unicampus San Pellegrino is an educational and research institution accredited by the Italian Ministry of University and Research (MUR), specializing in linguistic mediation, translation, and intercultural communication. The foundation operates multiple campuses in Italy and offers a range of academic programs including bachelor's degrees, master's degrees, executive masters, and certification courses. The website reflects a well-structured and professionally designed platform targeting students and professionals in the linguistic and translation fields. Technically, the site is built on WordPress with modern plugins and LMS integration, but it lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the business credibility is strong, but the security posture requires urgent improvement to protect user data and enhance trust.

D

DENVER USA Inc.

denverusamachinery.com

35

DENVER USA Inc. operates as the U.S. subsidiary of DENVER S.p.A., specializing in manufacturing and selling advanced CNC machinery for stone and glass processing. The company positions itself as a technologically innovative provider with a strong service and support presence in the U.S., including a parts warehouse and technicians. Their product range includes CNC routers, bridge saws, polishing machines, and vertical/horizontal CNC glass machines, supported by flexible financing options. The website is built on WordPress with common plugins and libraries, presenting professional content and clear contact information. However, the site lacks critical security configurations such as a valid SSL certificate and HTTPS, which significantly impacts its security posture. No privacy or cookie policies are present, indicating compliance gaps. Social media and contact channels are well established, supporting business credibility.

S

Studio Leonardo snc

studioleonardo.com

35

Studio Leonardo is a small Italian web agency established in 1996, specializing in communication, marketing, web solutions, and SEO services primarily targeting small and large companies. The website is built on WordPress with a modern but somewhat dated technology stack including jQuery, Bootstrap, and various WordPress plugins. While the site has good SEO metadata, structured data, and a consistent brand presence, it lacks critical security infrastructure such as a valid SSL certificate, which severely impacts its security posture. Cookie consent is managed via Cookiebot, indicating some level of privacy compliance, but no privacy policy or terms of service pages were found. Contact information is clearly provided, including phone numbers, physical address, and contact forms.

M

MECAL MACHINERY S.r.l

mecal.com

40

Mecal Machinery S.r.l is an Italian manufacturing company specializing in the production of machines and systems for processing aluminum, PVC, and light alloys. The company targets industrial clients requiring advanced machinery solutions and maintains a multilingual website to serve an international audience. Their business model focuses on manufacturing, technical support, and product distribution. The website demonstrates a good level of professionalism and content quality, with clear navigation and multilingual support. Technically, the site is built on WordPress with modern JavaScript libraries and CSS frameworks, but lacks HTTPS, which is a critical security gap. Privacy compliance is well managed through Iubenda, including cookie consent mechanisms. Contact information is comprehensive, enhancing business credibility.

Social Più Srl is a specialized social media marketing agency primarily serving the hospitality, tourism, e-commerce, and corporate sectors. The company offers tailored marketing and advertising solutions designed to drive measurable business results. The website content is professionally presented in Italian, targeting businesses in San Marino and Italy, with a clear focus on hotels, camping villages, companies, and e-commerce platforms. The company is part of the TITANKA! Spa group, indicating a structured business backing. Technically, the website is built on the TITANKA! CMS platform, using Apache server technology and incorporates modern marketing tools such as Google Analytics, Google Tag Manager, and Facebook Pixel for tracking and advertising. The site uses Bootstrap for responsive design and shows good mobile optimization and SEO practices. However, performance metrics are not available, and the site reports zero load time and page size, indicating incomplete performance data. From a security perspective, the website lacks a valid SSL/TLS certificate and does not support any TLS protocols, which is a critical vulnerability exposing users to potential data interception. Security headers like X-Frame-Options and X-Content-Type-Options are present, but the absence of HTTPS severely impacts the security posture. Privacy and cookie policies are present with consent mechanisms, showing GDPR compliance awareness, but no explicit security policy or incident response information is found. Overall, while the business and content quality are good and the company appears legitimate and professional, the lack of HTTPS is a major security risk that must be addressed immediately. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, and enhancing security headers and practices to protect user data and improve trustworthiness.

S

Semplify Srl

semplify.net

54

Semplify Srl is an IT services company based in San Marino, specializing in enterprise-level IT consulting, cloud infrastructure, and outsourcing services. The company operates a datacenter in Milan and offers a range of services including cloud servers, virtual desktop infrastructure, business email, and network management. Their market position is that of a regional IT service provider with a focus on innovation and performance for business clients. Technically, the website is built on an older but functional technology stack including Apache, Bootstrap, and jQuery, managed via the TITANKA! CMS. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall. Privacy and cookie policies are present with consent mechanisms, and contact information is comprehensive and clearly presented. The security posture is weak due to lack of TLS and modern security features, which poses risks to user data and trust. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

M

M.M.Warburg & CO Gruppe GmbH

mmwarburggruppe.com

50

The Warburg Gruppe website represents a well-established financial holding company specializing in private banking, asset management, and investment banking services. The group operates multiple subsidiaries, each with a clear market focus, serving high-net-worth individuals and institutional clients primarily in Germany. The website content is professionally presented, targeting a sophisticated audience with detailed information about the group and its subsidiaries. Technically, the site uses a Java-based CMS (OpenCms) and integrates modern marketing and analytics tools such as Usercentrics for consent management and Google Tag Manager. However, a critical security gap exists due to the absence of HTTPS/SSL, exposing users to potential risks. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements.

M

M.M.Warburg & CO (AG & Co.) KGaA

mmwarburg.com

50

M.M.Warburg & CO is a well-established independent private bank in Germany with a history dating back to 1798. The bank offers a broad range of financial services including private banking, asset management, corporate and investment banking, and institutional client services. The website targets private clients, business customers, and institutional investors, emphasizing personalized service and long-term client relationships. Technically, the website uses modern web technologies such as Apache server, UserCentrics consent management, Google Analytics, and Google Tag Manager, and is built on OpenCms. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. The website is professionally designed with consistent branding and rich content, including reports and multimedia. Overall, the site reflects a reputable financial institution but urgently needs to address its SSL/TLS configuration to ensure secure communications.

L

Link

linkitaly.com

26

Link S.r.l. is a mature Italian company established in 1998 specializing in the distribution and e-commerce of cables, connectors, accessories, and sanitization products. The company operates internationally with subsidiaries in the USA, UK, and France, serving diverse sectors including entertainment, civil, military, and heavy industry. Their business model focuses on B2B distribution and online sales, supported by recognized certifications such as ISO 9001-2015 and Dante level 3. The website reflects a professional presence with good content quality and consistent branding, targeting industry professionals and corporate clients. Technically, the website uses a custom or proprietary CMS platform with modern JavaScript libraries like jQuery, Bootstrap 5, and GSAP for UI effects. However, performance is slow and SEO and accessibility are basic. The hosting is managed via Register SPA with Apache server. The site lacks a valid SSL certificate and HTTPS enforcement, which is a critical security gap. Privacy and cookie policies are present and reasonably comprehensive, indicating some GDPR compliance. Security posture is weak due to missing HTTPS, lack of HSTS, DNSSEC, and domain protection locks. No explicit security or incident response policies are published. The site uses Facebook Pixel and Google Tag Manager for analytics and marketing, with moderate user tracking. Overall, the domain registration is consistent and mature, supporting legitimacy, but security improvements are urgently needed. Strategic recommendations include implementing a valid SSL certificate, enabling HSTS and DNSSEC, publishing security and incident response policies, and enhancing performance and accessibility to improve user trust and compliance.

The website for the Segreteria di Stato per la Giustizia e la Famiglia serves as the official digital presence of San Marino's Secretariat of State for Justice and Family. It provides citizens and stakeholders with access to information on justice policies, family mediation, judicial council activities, and official communications. The site targets local citizens, legal professionals, and government officials, positioning itself as a trusted government information portal. The business model is purely informational and public service-oriented, with no commercial activities. Technically, the site runs on an Apache server with a Magnolia CMS backend, utilizing jQuery and Font Awesome for frontend functionality and styling. While the site is functional and content-rich, it suffers from slow DNS resolution and lacks HTTPS, which is a significant security and trust concern. Mobile optimization and accessibility are basic but present, and SEO practices are minimal. From a security perspective, the absence of a valid SSL certificate and HTTPS is a critical vulnerability, exposing users to potential interception risks. The site lacks modern security headers such as HSTS and does not implement DNS security extensions like DNSSEC or DMARC. No cookie consent mechanisms or privacy compliance features are evident, which may pose regulatory risks under GDPR. However, the site does not appear to collect personal data via forms on the homepage, reducing immediate privacy risks. Overall, the website is a credible and authoritative government resource but requires urgent improvements in security infrastructure and privacy compliance to protect users and maintain trust. Strategic recommendations include implementing HTTPS, enhancing DNS security, adding cookie consent mechanisms, and improving security headers to align with best practices.

W

Whirlpool Corporation

whirlpoolcorp.com

38

Whirlpool Corporation is a leading global manufacturer of home appliances with a rich history spanning over 110 years. The company operates multiple well-known brands and focuses on innovation, sustainability, and social responsibility to improve life at home. Their website reflects a mature enterprise with comprehensive corporate information, investor relations, and brand portfolios targeting consumers, investors, and trade partners worldwide. Technically, the website is built on Adobe Experience Manager and delivered via Akamai CDN, using modern JavaScript libraries and cookie consent mechanisms. However, a critical security gap exists as the site lacks HTTPS support, exposing users to potential risks. Security headers are partially implemented, but the absence of SSL/TLS significantly lowers the security posture. Privacy compliance is well addressed with cookie consent and privacy policies, and business credibility is high given the consistent branding and WHOIS data. Overall, the site is professional and trustworthy but urgently requires SSL implementation to meet modern security standards.

L

Lepida S.c.p.A.

cup2000.it

39

Lepida S.c.p.A. is a well-established regional ICT consortium founded in 1997, serving the Emilia-Romagna region in Italy. It provides a broad range of digital infrastructure and software services primarily targeting public administration, healthcare, and social assistance sectors. The company holds multiple ISO certifications, indicating a strong commitment to quality, security, and environmental standards. The website reflects a mature digital presence with comprehensive content, clear navigation, and good user experience. However, the lack of a valid SSL certificate and HTTPS implementation is a significant security gap that undermines the overall security posture. Privacy and cookie policies are well implemented with consent mechanisms, and the use of Matomo analytics shows a privacy-conscious approach to user tracking. The domain is mature and consistent with the business claims, enhancing trustworthiness. Strategic improvements in SSL/TLS deployment and enhanced security configurations are recommended to elevate the security and trust levels.

T

TITANKA! Spa

mvmedicalsolutions.com

37

The website mvmedicalsolutions.com currently serves as a minimal placeholder page indicating that TITANKA! Spa is preparing a new website. There is no substantive business content, contact information, or user engagement features present. The technical infrastructure is basic, with Apache server hosting and no SSL/TLS certificate, resulting in an insecure HTTP-only connection. The site uses Google Fonts for typography but lacks modern frameworks or CMS indications. Security posture is weak due to the absence of HTTPS, security headers, and privacy policies. No analytics or tracking mechanisms are detected, indicating minimal data collection. Overall, the site is not yet operational as a business platform and lacks essential compliance and security features.

O

Organizzazione Sammarinese degli Imprenditori

osla.sm

25

Organizzazione Sammarinese degli Imprenditori (OSLA) is a mature, small-sized association dedicated to supporting small and medium enterprises (SMEs) across multiple sectors in San Marino, including commerce, tourism, industry, services, craftsmanship, liberal professions, and agriculture. The website serves as an informational and service portal offering consultancy, legal advice, training, and representation for its members. The organization holds a key market position as a representative body for SMEs in San Marino. Technically, the website is built on Drupal 7 with an Apache server and PHP 5.4.16, indicating an outdated technology stack. The site includes modern web features such as responsive design and social media integration but suffers from slow performance and basic SEO and accessibility implementations. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS support, despite some security headers being present. Privacy compliance is partially addressed with visible privacy and cookie policies and a consent mechanism, but GDPR compliance is not fully evident. Contact information is limited to a physical address with no direct email or phone contacts displayed. Overall, the site is functional but requires significant improvements in security and technical modernization to enhance trust and compliance.

I

In Scientia Fides

inscientiafides.com

30

In Scientia Fides is a specialized healthcare biobank located in San Marino, offering private stem cell preservation services with international FACTNetCord accreditation. The company targets families and parents seeking biological insurance for their children through stem cell storage. The website is professionally designed, content-rich, and provides comprehensive information about services, accreditations, and procedures. Technically, the site is built on WordPress with common marketing and analytics tools integrated, but lacks HTTPS security, which is a critical vulnerability. Privacy policies and cookie consent mechanisms are well implemented, reflecting good GDPR compliance. Overall, the business presents a trustworthy and professional image but must urgently address its lack of SSL to improve security posture and user trust.

The website imready.it currently serves only a minimal HTML page that immediately redirects visitors to an external domain (ingenio-web.it). There is no substantive content, metadata, or business information present on the landing page. The domain is mature, registered since 2007, and located in Italy, but the website itself lacks visible business presence or contact details. The technical infrastructure is basic, running on Apache with no SSL/TLS certificate installed, resulting in an insecure HTTP-only connection. DNS records are configured with mail servers and SPF/DKIM-like TXT records, but no DNSSEC validation or domain protection locks are enabled. Security posture is weak, with no security headers, no HTTPS, and imminent domain expiry increasing risk. Overall, the site appears inactive or under maintenance, redirecting users elsewhere rather than providing direct content or services.

Aeffe Spa is an established Italian luxury goods group specializing in the production and distribution of high-end fashion products including ready-to-wear, footwear, leather goods, lingerie, and beachwear. The company operates internationally with proprietary brands such as Alberta Ferretti, Moschino, Pollini, and Philosophy di Lorenzo Serafini, positioning itself as a significant player in the luxury retail sector. The website reflects a professional corporate presence with comprehensive investor relations and governance information, targeting investors, partners, and luxury consumers. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates multiple third-party services including Google Tag Manager and Google Analytics for analytics and marketing. Multilingual support is provided via WPML, enhancing accessibility for international audiences. However, the website suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS, which impacts its security posture and user trust. Security-wise, while no critical vulnerabilities or exposed sensitive data were detected, the lack of HTTPS and modern TLS protocols, absence of HSTS, and missing DMARC records represent significant risks. The site employs basic security headers but could benefit from enhanced configurations. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism, aligning with GDPR requirements. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern TLS protocols, and improving security headers and email authentication mechanisms.

S.M.Service is a small, local business based in Serravalle, San Marino, providing intelligent services as suggested by its name and website title. The website content is minimal, primarily offering contact details without detailed descriptions of services or business operations. The domain is mature, registered since 2003, indicating a longstanding presence, but the online footprint is limited. Technically, the website runs on an Apache server with basic JavaScript usage but lacks modern web technologies, mobile optimization, and SEO best practices. Critically, the site does not use HTTPS, exposing visitors to security risks. There are no security headers or advanced TLS protocols enabled, and no evidence of security or privacy policies, which indicates a low level of digital maturity. From a security perspective, the absence of SSL/TLS, security headers, and privacy compliance mechanisms are significant vulnerabilities. The domain registration data is consistent and legitimate, but the website itself does not reflect strong security or privacy practices. There is no evidence of incident response or vulnerability disclosure policies. Overall, the website poses moderate risk due to lack of encryption and privacy controls. Strategic recommendations include immediate implementation of HTTPS, addition of privacy and cookie policies, and enhancement of security headers and protocols to improve trust and compliance.

F

Fondazione Unicampus San Pellegrino

fusp.it

40

Fondazione Unicampus San Pellegrino is a mature and established educational institution in Italy specializing in linguistic mediation, translation, and intercultural communication. It operates multiple campuses and offers a broad range of academic programs including bachelor's and master's degrees, executive masters, language certifications, and specialized courses. The foundation is accredited by the Italian Ministry of University and Research (MUR) and maintains active research centers, positioning itself as a key player in its niche educational market. The website reflects a professional and consistent brand image with comprehensive content tailored to students and professionals in the linguistic field. Technically, the website is built on a modern WordPress stack with Elementor, WooCommerce, and TutorLMS plugins, supporting e-learning and e-commerce functionalities. The site is mobile-optimized and SEO-friendly, though performance data suggests moderate speed. Security posture is currently weakened by an invalid SSL certificate and lack of support for modern TLS protocols, which undermines HTTPS effectiveness. Privacy and cookie policies are present and GDPR compliant, with clear contact information and a contact form secured by Google reCAPTCHA. Overall, the site is trustworthy and professionally maintained but requires urgent improvements in SSL/TLS configuration and security headers to enhance user trust and data protection. There is no evidence of a formal security policy or incident response contact, which could be areas for future enhancement.

San Marino is a Peruvian real estate development specializing in luxury residential properties and marina services. The website presents a well-structured and visually appealing platform targeting buyers interested in exclusive homes, apartments, marina slips, and club memberships near Lima. The technical infrastructure relies on Apache and PHP 7.3 with integration of Google Tag Manager and TikTok Analytics for marketing and tracking purposes. However, the absence of HTTPS and a valid SSL certificate significantly undermines the site's security posture. Additionally, the lack of cookie consent mechanisms and comprehensive privacy compliance measures exposes potential regulatory risks. Overall, while the business model and market positioning are clear and credible, the website requires urgent security and privacy improvements to protect user data and enhance trust.

E

esploratori dello spazio

esploratoridellospazio.com

20

Esploratori dello Spazio is a mature and established design studio specializing in visual communication and creative services such as art direction, branding, web design, and advertising. The company targets corporate and institutional clients, including notable names like Nike and Expo Milano, positioning itself as a reputable player in the media and design sector. The website reflects a professional portfolio with excellent content quality and consistent branding, supporting the company's market presence. Technically, the website runs on an Apache server with PHP 7.3.33 and is hosted by Media Temple. While the site is mobile-optimized and well-structured with good SEO practices, it lacks modern security implementations such as HTTPS, security headers, and DNSSEC. Performance metrics are unavailable, but the site appears visually rich and responsive. From a security standpoint, the absence of an SSL/TLS certificate is a critical vulnerability, exposing users to potential data interception risks. Additionally, the lack of privacy and cookie policies indicates non-compliance with GDPR and other data protection regulations. No incident response or security policies are published, and no vulnerability disclosure mechanisms are in place. These gaps reduce the overall security posture and trustworthiness. Overall, the website demonstrates strong business credibility and content quality but suffers from significant security and privacy compliance deficiencies. Strategic improvements in SSL implementation, security headers, and policy disclosures are essential to enhance trust and protect both the business and its clients.

D

Denver S.p.A.

denver.sm

25

Denver S.p.A. is a medium-sized manufacturing company based in San Marino, specializing in the production of machines for stone and glass processing. Established in 1984, it has a strong market position with a global presence including a US subsidiary. The website is professionally designed using WordPress and WooCommerce, offering rich content, clear navigation, and multiple customer engagement channels including live demos and training centers. Technically, the site uses modern plugins and marketing tools but suffers from critical security issues due to lack of valid SSL/TLS certificates and missing HTTPS, which exposes visitors to risks. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business is credible and trustworthy, but urgent security improvements are needed to protect users and enhance trust.

I

Idexa web s.r.l.

idexaweb.com

28

Idexa Web is a professional web agency specializing in e-commerce, marketplace development, SEO, and web marketing services primarily targeting businesses in Rimini and San Marino. The company presents itself as experienced with 25 years in the industry and offers a comprehensive portfolio of projects and services. Technically, the website is built on WordPress with popular plugins and marketing integrations, but it lacks a valid SSL certificate, which is a critical security flaw. The absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy and cookie policies are present and GDPR compliant, with active consent mechanisms. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

M

M.M.Warburg & CO (AG & Co.) KGaA

bankhaus-plump.de

34

M.M.Warburg & CO is an established independent private bank in Germany, founded in 1798, offering a broad range of financial services including private banking, asset management, corporate finance, and institutional client services. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding consistency. Technically, the site uses Apache server, OpenCms CMS, and integrates modern marketing and analytics tools with user consent management. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. The security posture is weak due to lack of TLS protocols and incomplete security headers. Privacy compliance is well addressed through UserCentrics CMP and a comprehensive privacy policy. Overall, the site is credible and professional but requires urgent security improvements.

B

Biemme Srl

biemmebiagiotti.com

26

Biemme Srl is an established Italian manufacturing company specializing in innovative construction and industrial products, serving both national and international markets since 1983. The company offers a broad portfolio of products including structural reinforcements, insulation materials, and technical support services, supported by a professional and content-rich website. Technically, the website is built on WordPress with WooCommerce and Oxygen Builder, leveraging modern JavaScript libraries and SEO plugins, but suffers from performance issues and lacks a valid SSL certificate, impacting security and user trust. The security posture is weak due to missing HTTPS and security headers, although privacy compliance is well addressed through Iubenda policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance credibility.

T

Tecnoplay S.r.l.

tecnoplay.com

39

Tecnoplay S.r.l. is a mature and established company specializing in the distribution and sale of entertainment machines for gaming halls and public venues, with a strong presence in Italy and San Marino. The company positions itself as a leader with over 28 years of experience, offering products from internationally recognized brands such as Sega. Their business model focuses on providing high-quality amusement equipment and technical support services to family and gaming enthusiasts. The website reflects this positioning with clear branding, product categories, and contact information, targeting local businesses and consumers interested in amusement technology. From a technical perspective, the website is built on an older but functional technology stack including Apache server, jQuery, Bootstrap, and a proprietary CMS (TITANKA!). While the site is content-rich and well-structured with multilingual support, it suffers from performance issues and lacks modern optimization features. Mobile optimization and accessibility are basic but present. SEO practices are adequately implemented with proper meta tags and structured data. Security posture is a significant concern as the site does not implement HTTPS, exposing users to potential data interception risks. Security headers are partially implemented but insufficient without SSL/TLS. No advanced security policies or incident response information is publicly available. The absence of vulnerability disclosure or security.txt files further limits transparency. Privacy compliance is basic, with a privacy policy and cookie consent mechanism present, but GDPR compliance details are minimal. Overall, the website and business demonstrate moderate trustworthiness and professionalism but require urgent security improvements, especially the implementation of HTTPS. Strategic recommendations include upgrading security infrastructure, modernizing the technology stack, enhancing privacy compliance, and publishing clear security policies to improve user trust and regulatory adherence.

The website pingvp.com currently serves minimal content consisting solely of a JavaScript redirect to https://www.pingvp.com/web/. There is no visible metadata, business information, or user-facing content on the landing page. The domain has valid DNS records including A, MX, and SPF records, indicating basic email and domain configuration. However, the absence of an SSL certificate and HTTPS support is a critical security deficiency. The site lacks privacy, cookie, and terms of service policies, as well as any contact or security-related information. This severely limits trust and compliance posture. Technically, the site runs on an Apache server but does not implement modern security headers or TLS protocols. Overall, the website is in an early or placeholder state with significant gaps in security, privacy, and content quality.

I

InShared

inshared.nl

40

InShared is a Dutch insurance company specializing in online insurance products such as auto, home, travel, and personal insurances. The company emphasizes transparency, low premiums, and customer-centric digital services. It operates under the parent company Achmea and has a mature market presence since 2009. The website is professionally designed with excellent content quality and clear navigation, targeting Dutch consumers seeking convenient insurance solutions. Technically, the site uses modern web components and tracking tools but suffers from a critical lack of SSL/TLS security, exposing users to potential risks. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies. However, the absence of a valid HTTPS certificate significantly undermines the security posture. Overall, the business credibility is high, supported by certifications and positive customer testimonials.

S

Sky Internet Marketing

skyinternetmarketing.nl

40

Sky Internet Marketing is a mature, small-sized Dutch internet marketing bureau specializing in SEO, SEA (Google Ads), and website development services. Established in 2012, the company positions itself as a leading SEO expert in its region, supported by a team of seven specialists and strong client testimonials. The website is professionally designed, mobile-optimized, and rich in relevant content, reflecting a high level of digital maturity. Technically, the site runs on WordPress with modern frameworks and integrates marketing and analytics tools such as Google Tag Manager and Ahrefs. Security posture is good with HTTPS enforced, SPF and DMARC policies configured, but there are minor gaps such as missing OCSP stapling and malformed CAA records. Privacy and terms policies are comprehensive and GDPR compliant, with clear contact channels provided. Overall, the site demonstrates strong business credibility and technical implementation, with room for security enhancements.

T

TennisClub

tennisclub.fi

40

TennisClub.fi is a Finnish tennis club management platform owned by the Finnish Tennis Association, providing services for players, coaches, and clubs to manage memberships and coaching applications. The website is minimalistic, focusing on user role selection and basic information about the platform. Technically, the site uses common web technologies such as the Yii framework, Bootstrap, and jQuery, but lacks modern security implementations such as HTTPS. The absence of SSL/TLS significantly impacts the security posture and trustworthiness of the site. No privacy, cookie, or terms of service policies are present, and no contact information is provided, which limits user trust and compliance with data protection regulations. Overall, the site is functional but basic, with significant room for improvement in security and compliance.