Security Directory

U

Universitat de Barcelona

ub.edu

53

The Universitat de Barcelona (UB) is a leading public academic institution in Spain, specializing in education, research, and innovation. The website serves a diverse audience including students, researchers, academic staff, alumni, companies, and media. It offers comprehensive information on academic programs, research initiatives, and institutional activities, positioning itself as a major educational entity in the region. The digital presence is supported by a mature technical infrastructure leveraging Liferay CMS and modern JavaScript frameworks, ensuring a good user experience and accessibility. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy compliance is well addressed through Cookiebot and Google Consent Mode, with clear cookie and privacy policies in place. Overall, the website is professional and content-rich but requires urgent security improvements to meet modern standards.

F

FUNDACION DEL MUSEO GUGGENHEIM BILBAO

guggenheim-bilbao.eus

31

The Museo Guggenheim Bilbao is a prominent non-profit cultural institution based in Bilbao, Spain, managed by the FUNDACION DEL MUSEO GUGGENHEIM BILBAO. The website serves as a comprehensive portal for visitors to plan their visits, explore exhibitions, and access educational resources. It targets a broad audience interested in art, culture, and museum experiences. The museum holds a strong market position as an internationally recognized art venue with strategic partnerships and sponsorships from government and corporate entities. Technically, the website leverages modern web technologies including Next.js and React, with a headless WordPress CMS backend. It integrates accessibility tools and multimedia content hosted on Vimeo. The site is mobile-optimized and SEO-friendly, providing a good user experience and navigation clarity. From a security perspective, the site currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data security. Other security headers and best practices are partially implemented, but the absence of HTTPS significantly lowers the security posture. Overall, the website is professionally designed and content-rich, but the lack of HTTPS is a major risk. Strategic recommendations include immediate SSL/TLS deployment, enabling HSTS, and improving certificate management to enhance security and user trust.

F

Fundacion Gala-Salvador Dali

salvador-dali.org

63

The Fundació Gala-Salvador Dalí is a well-established cultural foundation dedicated to preserving and promoting the legacy of the artist Salvador Dalí. Operating since 1999, it manages multiple museums and archives in Spain, offering exhibitions, educational programs, and research services. The website reflects a mature digital presence with multilingual support and clear navigation aimed at art enthusiasts, researchers, and tourists. Technically, the site uses Cloudflare for hosting and security, integrates Google Tag Manager and Metricool for analytics and tracking, and employs standard web technologies. Security posture is solid with HTTPS and several security headers, though improvements such as DNSSEC and enhanced HSTS settings are recommended. Privacy compliance is well addressed with clear cookie and privacy policies and a consent mechanism. Overall, the site demonstrates high business credibility and trustworthiness with consistent WHOIS data and a long domain history.

E

Evolution Consulting Kft.

hrmaster.hu

40

HRmaster.hu is the online presence of Evolution Consulting Kft., a mature Hungarian company founded in 2012, offering modular HR software solutions tailored for small to large enterprises. The website presents a comprehensive portfolio of HR management modules and payroll services, positioning itself as a top European HR Tech provider. The technical infrastructure is based on Joomla CMS, PHP, ASP.NET, and Microsoft IIS, with modern JavaScript frameworks enhancing user experience. However, the site lacks a valid SSL certificate, exposing it to security risks and reducing trustworthiness. Contact information and business credibility are well established with testimonials and certifications. Overall, the website is professional and content-rich but requires urgent security improvements to enable HTTPS and enhance privacy compliance.

M

Magyar Rádió Művészeti Együttesei

radiomusic.hu

40

radiomusic.hu is the official website for the Hungarian Radio's Artistic Ensembles, providing information about their symphonic orchestra, choir, children's choir, and related cultural events. The site serves a Hungarian-speaking audience interested in classical music and concert attendance, offering ticket sales, event calendars, galleries, and news updates. The organization is well-established with a history of over 80 years, supported by the parent media entity MTVA. Technically, the site is built on WordPress with a variety of plugins and JavaScript libraries to enhance user experience and functionality. However, the absence of a valid SSL/TLS certificate is a critical security shortfall, exposing users to potential risks and reducing trust. The site implements cookie consent mechanisms and links to legal and privacy pages, but lacks explicit security or incident response policies. Overall, the website is content-rich and professionally maintained but requires urgent security improvements to meet modern standards.

K

Közszolgálati Médiaakadémia Alapítvány

media-akademia.hu

40

The Média Akadémia website represents a Hungarian non-profit foundation dedicated to media education and talent development, primarily targeting future television and radio professionals. The site is well-structured with rich content including news articles, event information, and educational program details. It leverages WordPress CMS with a variety of plugins to deliver multimedia content and interactive features. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site implements a cookie consent mechanism but lacks comprehensive privacy and security policies. The domain registration is consistent and aligns with the organization's public media affiliations, indicating legitimacy. Strategic improvements in security posture and privacy compliance are necessary to enhance overall trustworthiness and compliance.

D

Duna Médiaszolgáltató Nonprofit Zrt.

dunamsz.hu

40

Duna Médiaszolgáltató Nonprofit Zrt. operates as a Hungarian public media service provider delivering television, radio, and online content primarily targeting Hungarian-speaking audiences. The website serves as a portal for accessing media services and related information, reflecting a nonprofit business model with a strong public service orientation. The company is positioned as a key player in Hungary's media landscape, supported by partnerships with official entities such as MTVA. Technically, the website is built on WordPress with a modern set of JavaScript libraries and plugins to support multimedia content delivery and user interaction. However, the absence of a valid SSL certificate and HTTPS support represents a critical security gap, exposing users to potential risks. The site includes a cookie consent mechanism but lacks explicit privacy, security, and incident response policies, which may affect compliance with GDPR and other regulations. Overall, the site is functional and professionally designed but requires urgent security enhancements to protect user data and improve trust.

A

AJUNTAMENT DE LLEIDA

paeria.cat

72

The website paeria.cat is the official digital presence of the Ajuntament de Lleida, the municipal government of Lleida, Spain. It serves as a comprehensive portal for residents and visitors to access city information, municipal services, online procedures, news, events, and citizen participation platforms. The site is well-positioned as a trusted government resource with a broad range of public services and cultural content. Technically, the website is built on the Plone CMS platform, leveraging modern web technologies such as jQuery, Owl Carousel, and Google Fonts, hosted on Microsoft Azure infrastructure. While the site offers good accessibility and SEO features, its performance is somewhat slow due to a large page size and high resource count. Security posture is solid with HTTPS enforced using TLS 1.3 and 1.2, OCSP stapling, and valid SPF and DMARC DNS records. However, improvements are recommended in enabling HSTS, DNSSEC, domain protection locks, and additional security headers. Privacy compliance is strong with clear privacy and cookie policies and GDPR adherence. Contact information is readily available, including phone numbers, physical address, and online forms, complemented by active social media channels. Overall, the website demonstrates a mature, professional, and trustworthy government digital service with room for technical and security enhancements.

T

The Lovie Awards

lovieawards.com

65

The Lovie Awards website represents a mature and well-established European internet awards organization with over 14 years of history. The site effectively showcases its business focus on recognizing excellence in digital culture, technology, and business through awards, features, and partnerships. The technical infrastructure is modern, leveraging WordPress CMS, WP Engine hosting, Cloudflare CDN, and multiple analytics and marketing tools such as Google Analytics, Segment, and Facebook Pixel. The site is well-structured with comprehensive metadata, Open Graph tags, and JSON-LD structured data, supporting SEO and social sharing. Security posture is good with HTTPS enforced, TLS 1.3 support, and no known SSL vulnerabilities, though improvements like HSTS and DNSSEC are recommended. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Business credibility is supported by consistent branding, social media presence, and trust signals such as sponsorships and media partnerships. Overall, the website is professional, secure, and compliant, suitable for its audience and business model.

Security assessment completed with an overall score of 0/100 (unknown risk). 1 critical issues require immediate attention. Total of 25 security findings identified across all modules.

M

Mail Baby

mailbaby.net

60

Mail Baby operates as a specialized email smart host service focusing on outbound email security and delivery. The company provides SMTP services with integrated spam and virus filtering, IP reputation management, and a simple pay-per-use pricing model. Their target audience includes organizations seeking to secure their outbound email traffic and ensure reliable delivery. The website content is professional and clearly communicates the business offerings, pricing, and FAQ information, supporting a small but focused business model. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Visual Composer, hosted behind Cloudflare CDN for performance and security benefits. The SSL certificate is valid, and the site uses LiteSpeed caching for improved load times. However, performance metrics are moderate, and accessibility features are basic. SEO optimization is good with proper meta tags and structured data. From a security perspective, the site benefits from HTTPS and Cloudflare protection but lacks advanced security headers like HSTS and Content-Security-Policy. No vulnerabilities or exposed sensitive data were detected. The absence of a privacy policy, cookie consent mechanism, and security policy reduces privacy compliance scores. Contact information is limited to a contact form, with no direct emails or phone numbers provided. Overall, the website presents a moderate risk profile with good business credibility but room for improvement in privacy compliance and security best practices. Strategic recommendations include implementing comprehensive privacy and cookie policies, enhancing security headers, publishing incident response contacts, and improving transparency with direct contact details.

S

San Marino Welcome

sanmarinowelcome.com

47

San Marino Welcome is a small Destination Management Company specializing in organizing events, meetings, and customized experiences in San Marino. The company collaborates with local hospitality, catering, and leisure providers to deliver exclusive and memorable events. The website is built on WordPress using Elementor and Yoast SEO, indicating a moderate level of digital maturity. However, the site suffers from a lack of HTTPS support, which significantly impacts its security posture. Cookie consent is implemented, but no privacy policy or terms of service pages were found, indicating gaps in compliance. Contact information and social media presence are clearly provided, supporting business credibility. Overall, the website provides good content and user experience but requires urgent security improvements.

M

MAD S.r.l.

sanmarinoexperience.com

54

San Marino Experience, operated by MAD S.r.l., is a specialized tourism service provider offering outdoor activities such as guided tours, trekking, eBike excursions, and local product tastings in the Republic of San Marino. The company targets tourists seeking authentic and active experiences in a culturally rich environment. The website is built on WordPress with WooCommerce for e-commerce capabilities and uses multiple plugins to enhance user experience and multilingual support. While the site demonstrates good content quality, SEO, and user engagement through testimonials and social media integration, it currently lacks a valid SSL certificate, which is a critical security vulnerability. This absence of HTTPS undermines user trust and exposes visitors to potential data interception risks. The site has implemented GDPR-compliant privacy and cookie policies, indicating awareness of data protection regulations. Overall, the business appears legitimate and well-positioned in its niche, but urgent security improvements are necessary to safeguard user data and enhance credibility.

E

Scopri la Repubblica di San Marino con le attività outdoor

ebikexperience.it

61

Security assessment completed with an overall score of 0/100 (unknown risk). 8 high-priority issues should be addressed promptly. Total of 26 security findings identified across all modules.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 7 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

C

Consorzio Terra di San Marino

terradisanmarino.com

49

Consorzio Terra di San Marino is a small-sized cooperative consortium focused on protecting and promoting typical agro-food products from the Republic of San Marino. The website serves as a platform to showcase their products, events, and cultural heritage, targeting local consumers and enthusiasts of traditional food and rural culture. Technically, the site is built on Drupal 7 with common web libraries and Google Analytics for tracking. However, the site suffers from critical security shortcomings, notably the absence of HTTPS and a valid SSL certificate, which exposes users to risks and undermines trust. Privacy compliance is basic, with a cookie policy and consent mechanism but no explicit privacy or security policies. The domain is mature and consistent with the business claims, enhancing credibility. Overall, the site provides good content and user experience but requires urgent security improvements to protect visitors and enhance trust.

24xtra.hu is a user authentication portal associated with the Hungarian media brand 24.hu, providing login and registration services including social login options via Facebook, Apple, and Google. The site targets Hungarian-speaking users of 24.hu services and acts as a gateway for accessing content or services requiring user authentication. The business model centers on user identity management for a media platform. Technically, the site is hosted on Amazon AWS infrastructure using CloudFront CDN and employs Keycloak for single sign-on capabilities. The technology stack includes modern JavaScript modules and standard web technologies, but performance metrics are unavailable or minimal, indicating potential areas for improvement. Mobile optimization and accessibility are basic but functional. From a security perspective, the site implements several important HTTP security headers and enforces HSTS with preload. However, the absence of a valid SSL certificate and lack of HTTPS support critically undermine the security posture. No OCSP stapling or session resumption is configured, and no privacy or cookie policies are published, indicating compliance gaps. No contact or business information is provided on the site, limiting transparency. Overall, the site is functional as a login portal but requires urgent improvements in SSL/TLS configuration and privacy compliance to enhance trust and security. The domain registration is consistent with the 24.hu brand, supporting legitimacy. Strategic recommendations include obtaining a valid SSL certificate, publishing privacy and cookie policies, and improving performance and accessibility.

M

Médiaszolgáltatás-támogató és Vagyonkezelő Alap (MTVA)

mtva.hu

40

MTVA.hu is the official website of the Hungarian public media organization Médiaszolgáltatás-támogató és Vagyonkezelő Alap (MTVA), providing a wide range of media services including television, radio, and online content. The site is well-structured, content-rich, and targets the Hungarian public with news, press releases, and organizational information. The business model is public service media, supported by government funding, positioning MTVA as a leading media broadcaster in Hungary. Technically, the site is built on WordPress with modern JavaScript libraries and accessibility features, hosted on Telekom.hu infrastructure. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. The site implements proper email security with SPF and DMARC records and includes a cookie consent mechanism compliant with GDPR. Overall, the website demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

T

The Walt Disney Company

disneyprivacycenter.com

50

The Walt Disney Company Privacy Center website serves as a comprehensive resource for privacy-related information, focusing on transparency and user control over personal data across its digital platforms. The site targets global consumers engaging with Disney's media and entertainment services, providing detailed privacy policies, cookie consent mechanisms, and information tailored for parents and children. The business is a large enterprise with a mature domain and strong brand presence, supported by multiple subsidiary brands such as ABC, ESPN, Marvel, and Hulu. Technically, the website is built on WordPress, leveraging technologies such as Apache, jQuery, Adobe Launch, and OneTrust for cookie consent management. Hosting is via Amazon CloudFront, indicating a scalable and reliable infrastructure. SEO and accessibility features are implemented at a good level, with comprehensive metadata and structured data enhancing search visibility. From a security perspective, the site suffers from a critical issue: the absence of a valid SSL certificate and lack of HTTPS support, severely impacting the security posture and user trust. While some security headers like HSTS are present, they are insufficiently configured. No explicit security policies or incident response contacts are published, and no vulnerability disclosure mechanisms are evident. Overall, the website is professionally designed and content-rich but requires urgent remediation of its SSL/TLS configuration to ensure secure communications and compliance with modern security standards. Strategic improvements in security transparency and incident response readiness would further enhance trust and compliance.

S

Searchanise

searchanise.io

59

Searchanise is a specialized SaaS provider offering advanced site search, filtering, merchandising, and analytics solutions for ecommerce stores. The company targets ecommerce platforms such as Shopify, WooCommerce, BigCommerce, Magento, CS-Cart, and Wix, serving over 14,800 customers globally. Their market position is strengthened by multiple Gartner Digital Markets awards and strong customer testimonials. Technically, the website is built on the Tilda CMS platform with integrations of popular libraries and marketing tools like Google Analytics, Facebook Pixel, and Freshchat. However, the site suffers from a critical security shortfall due to the absence of a valid SSL/TLS certificate, resulting in no HTTPS support and lack of security headers. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms and GDPR compliance. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

I

IDIMweb

idimweb.com

40

IDIMweb is a small, specialized web agency operating primarily in France and the Caribbean, with over 15 years of experience in custom website creation, development, SEO, and digital marketing. The company targets professionals, institutions, and individuals seeking tailored web solutions, leveraging Joomla CMS and modern frontend technologies. The website reflects a professional and consistent brand image with clear contact channels and a portfolio of client references. Technically, the site uses Joomla with Bootstrap and jQuery, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security shortfall. Privacy compliance is well addressed with comprehensive cookie and privacy policies and a consent mechanism. Social media integration and analytics usage are moderate and transparent.

T

TEMPESTA MEDIA, S.L.

latempesta.cc

40

La Tempesta is a small Spanish company specializing in digital transformation and consulting services for cultural heritage and social innovation organizations. Founded in 2019, it offers a range of services including digital storytelling, web development, 3D virtualisation of heritage, knowledge management, and digital strategy. The company has a strong market position within its niche, supported by reputable clients and industry awards. Technically, the website is built on WordPress with modern plugins and frameworks, optimized for SEO and multilingual support. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with comprehensive cookie and privacy policies and consent mechanisms. Overall, the business presents a professional and trustworthy image but must urgently address its SSL/TLS configuration to improve security and user trust.

L

Log In ‹ CEATL members — WordPress

ceatl-members.eu

32

The website ceatl-members.eu serves as a WordPress-based login portal for CEATL members, indicating a restricted access platform likely intended for a specific user group. The site lacks publicly accessible business descriptions, contact information, or policy documents, which limits transparency and user trust. Technically, the site runs on WordPress with jQuery libraries and is hosted by Budget Webhosting. However, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which exposes users to potential data interception risks. The security posture is weak, with minimal security headers and no modern TLS protocols enabled. Privacy compliance is also lacking, with no visible privacy or cookie policies or GDPR indicators. Overall, the site appears to be a basic, small-scale member login portal with limited public-facing content and significant security and compliance gaps.

S

Searchanise

searchanise.com

53

Searchanise is a mature SaaS company founded in 2011, specializing in smart site search, filtering, merchandising, and analytics solutions for eCommerce stores. It serves a broad range of eCommerce platforms including Shopify, WooCommerce, BigCommerce, Magento, CS-Cart, and Wix, positioning itself as a trusted partner for over 14,800 companies worldwide. The company offers a comprehensive suite of services designed to enhance customer search experience, increase conversions, and provide actionable analytics. Technically, the website is built on the Tilda CMS platform, utilizing modern JavaScript libraries and integrations such as Google Tag Manager and Facebook Pixel, indicating a moderate level of digital maturity. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS, which is a critical vulnerability that undermines user trust and data protection. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, while the business and content quality are excellent, the security deficiencies present a significant risk that should be addressed promptly.

T

TIM San Marino S.p.A.

telecomitalia.sm

56

TIM San Marino S.p.A. is a telecommunications company operating in the Republic of San Marino, providing fiber internet, mobile, and fixed telephony services primarily targeting residential and business customers. The website presents a professional and well-structured digital presence, leveraging WordPress CMS and common web technologies to deliver content and service information effectively. The company maintains clear contact channels and legal compliance with privacy and cookie policies, reflecting a mature approach to customer engagement and regulatory adherence. However, the website's security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines secure communications and user trust. Despite this, the presence of security headers and a vulnerability disclosure page indicates some level of security awareness. Overall, the site is functional and credible but requires urgent improvements in SSL/TLS configuration to enhance security and user confidence.

R

Repubblica di San Marino

gov.sm

47

The website gov.sm serves as the official digital portal for the Republic of San Marino, providing citizens and public administration users with access to government services, news, and administrative information. It is positioned as the primary government interface for public sector communication and service delivery. The site targets residents, businesses, and government employees within San Marino. Technically, the website uses older but stable technologies such as jQuery 1.12.4 and Bootstrap, with a custom or unknown CMS. However, performance is slow with a load time exceeding 12 seconds, and SEO and accessibility features are basic. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no DNSSEC or CAA records, exposing the site to potential risks. Privacy compliance is minimal, with no cookie consent mechanism and only a basic privacy policy present. Business credibility is moderate given the official government branding and domain, but the lack of contact information and security best practices reduces trust. Overall, the site requires urgent security improvements and enhanced privacy compliance to meet modern standards.

U

Ufficio del Turismo

visitsanmarino.com

46

The website visitsanmarino.com serves as the official tourism portal for the Republic of San Marino, providing comprehensive information on events, travel planning, cultural experiences, shopping, and outdoor activities. It targets tourists and visitors interested in exploring San Marino, positioning itself as the authoritative source for tourism-related content in the country. The business model is government-driven, focusing on promoting tourism and cultural heritage. Technically, the site is built on Magnolia CMS and served via Apache, utilizing JavaScript libraries including jQuery and Google Tag Manager for analytics and marketing. The site is multilingual and mobile-optimized, though performance data suggests potential slowness. Accessibility and SEO are basic but functional. From a security perspective, the site lacks a valid SSL certificate and HTTPS support, which is a critical vulnerability. Security headers are minimal, and no advanced security policies or incident response information are published. Cookie consent mechanisms are absent despite the use of tracking tools, indicating privacy compliance gaps. Overall, the site is legitimate and trustworthy as an official government tourism resource but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

The website pa.sm serves as the official government portal for the Republic of San Marino, providing citizens and businesses with access to public administration services, news, and information. It targets local users and offers key services such as online public services, recruitment notices, and departmental information. The site is branded consistently with government logos and domain usage, reinforcing its official status. Technically, the website employs older but widely used technologies like jQuery 1.12.4 and Bootstrap, with some external libraries loaded from CDNs. However, the site suffers from slow performance with a load time exceeding 12 seconds and lacks modern security configurations. Notably, there is no valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. The absence of security headers and cookie consent mechanisms further weakens its security and privacy posture. From a security perspective, the lack of HTTPS and security headers exposes users to potential risks, and the site does not demonstrate compliance with GDPR or other privacy regulations. No incident response or vulnerability disclosure information is provided. WHOIS data confirms the domain's legitimacy and government ownership, supporting the trustworthiness of the site despite technical shortcomings. Overall, while the website fulfills its role as a government information portal with good content quality and professional design, significant improvements in security, privacy compliance, and performance are necessary to enhance user trust and protect sensitive data.

M

MédiaKlikk

mediaklikk.hu

40

MédiaKlikk is a Hungarian media platform offering live streaming of multiple TV and radio channels, program guides, and media archives primarily targeting Hungarian-speaking audiences. It operates under the umbrella of MTVA, the Hungarian public media organization, and serves as a central hub for national media content. The platform leverages WordPress CMS with a variety of plugins and integrates social login options and user account management features. The website demonstrates a consistent brand presence and good content relevance for its target audience. Technically, the site uses a modern web stack including jQuery, jQuery UI, Video.js, and ElasticPress, hosted on Telekom Hungary infrastructure. While the site is mobile-optimized and includes accessibility features, performance metrics are not explicitly available. SEO practices are implemented with proper meta tags and structured data. However, the absence of HTTPS is a critical security gap, significantly impacting the site's security posture. From a security perspective, the site lacks a valid SSL certificate, HSTS, and other modern security headers, exposing users to potential risks. It employs reCAPTCHA for form protection and uses third-party analytics and tracking services such as Facebook Pixel, Hotjar, and Gemius, indicating extensive user tracking. Privacy compliance is basic, with a privacy policy present but no visible cookie consent mechanism. Incident response and vulnerability disclosure information are not found. Overall, while MédiaKlikk is a reputable media platform with solid business credibility and content quality, its security posture requires urgent improvement, especially regarding HTTPS implementation and enhanced privacy compliance. Strategic recommendations include securing the site with SSL, enabling security headers, and implementing a cookie consent mechanism to align with GDPR requirements.

I

Interferenza s.r.l.

offertissime.shop

35

Offertissime.shop is an Italian e-commerce price comparison platform operated by Interferenza s.r.l., founded in 2016. The website offers a product search engine aggregating offers from multiple e-shops, targeting Italian online shoppers seeking the best prices. The business model focuses on guiding users to convenient purchases through comparison and curated e-shop listings. The site is positioned as a niche player in the Italian e-commerce market with a small company size and consistent branding. Technically, the website uses a traditional Apache server with Bootstrap and jQuery for frontend components. DNS is managed via Cloudflare, but only for DNS services, not for security or CDN. The site lacks HTTPS encryption, which is a critical security shortfall. Performance data is missing, but the site appears to have basic mobile optimization and SEO practices. The cookie consent mechanism and privacy policy indicate some GDPR compliance awareness. From a security perspective, the absence of SSL/TLS is a major vulnerability, exposing users to data interception risks. No advanced security headers or modern TLS protocols are implemented. DNSSEC and CAA records are missing, reducing domain security. No incident response or vulnerability disclosure policies are published. The security posture is weak and requires urgent improvements to protect user data and enhance trust. Overall, the website is functional and provides relevant content for its target audience but suffers from critical security deficiencies. Strategic recommendations include immediate deployment of HTTPS, enhancement of security headers, enabling DNSSEC, and publishing security policies. These steps will improve user trust, compliance, and reduce risk exposure.

C

Central Médiacsoport Zrt.

24.hu

40

24.hu is a leading Hungarian news portal operated by Central Médiacsoport Zrt., offering a wide range of news content including domestic and international news, culture, sports, and lifestyle. The site features multimedia content such as videos and podcasts, and supports subscription services. Technically, the site is built on WordPress with WPBakery Page Builder and hosted on AWS infrastructure with CloudFront CDN and Redis caching for performance optimization. However, the security posture is weak due to the absence of a valid SSL certificate and lack of TLS protocol support, which poses significant risks for user data protection and trust. Privacy and cookie policies are comprehensive and GDPR compliant, supporting user consent mechanisms. Overall, the site is professionally designed and content-rich but requires urgent security improvements to protect users and maintain credibility.

REO AG is a medium-sized German company specializing in the manufacturing and supply of innovative resistive and inductive electrical components, including transformers, reactors, and power controllers. The company targets industrial sectors such as energy, transportation, and medical technology, emphasizing sustainability and technological innovation. Their website is multilingual and professionally designed, supporting a global B2B audience. Technically, the website is built on WordPress with Elementor and several plugins for SEO and multilingual support, hosted on kasserver.com. However, the site lacks a valid SSL certificate and HTTPS support, representing a critical security vulnerability. While privacy and legal documents are linked, no cookie consent mechanism is present, which may affect GDPR compliance. Social media presence and clear contact information enhance business credibility. Overall, the site is functional and content-rich but requires urgent security improvements.

REO AG is a medium-sized German company specializing in the manufacturing and supply of electromagnetic components such as EMV components, chokes, transformers, and power control devices. The company positions itself as a global supplier with a strong emphasis on innovation and sustainability, targeting industrial and technological sectors. The website is built on WordPress with Elementor and includes multilingual support, reflecting a mature digital presence. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security weakness that undermines user trust and data protection. Privacy policies and terms of service are present on the main corporate domain, indicating compliance awareness, though cookie consent mechanisms are lacking. Social media engagement and structured data usage enhance the company's online credibility. Overall, the site offers good content quality and user experience but requires urgent security improvements.

REO AG is a medium-sized German company specializing in the manufacture and supply of electromagnetic compatibility components, chokes, transformers, and resistors primarily for industrial and energy sectors. The company emphasizes innovation and sustainability in its product offerings and maintains a global presence with multiple language-specific websites. The website is built on WordPress using Elementor and Yoast SEO, indicating a modern CMS approach with SEO optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. While contact information and legal pages are well presented, the lack of cookie consent mechanisms and security policies indicates partial privacy compliance. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

REO AG is a medium-sized German company specializing in the manufacturing and supply of innovative resistive and inductive electrical components, including EMV components, transformers, power controllers, and vibratory conveyor technology. The company targets industrial clients globally, emphasizing sustainability and technological innovation. Their website is built on WordPress with Elementor and optimized for Spanish-speaking markets, reflecting a multilingual corporate presence. Technically, the site uses modern CMS and SEO tools but lacks a valid SSL certificate, resulting in an insecure HTTP-only connection. Security posture is weak due to missing HTTPS, lack of security headers, and no domain protection locks. Privacy compliance is moderate with a clear privacy policy but no cookie consent mechanism. Contact information and social media presence are well established, supporting business credibility. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

REO AG is a well-established German family-run company with a 100-year history specializing in the development and production of inductive, resistive, and electronic components for various industrial sectors including energy, transportation, and manufacturing. The company operates internationally with subsidiaries across Europe, North America, Asia, and the Middle East, maintaining production primarily in Germany with a focus on quality and innovation. Technically, the website is built on a modern WordPress CMS with Elementor and Yoast SEO, indicating a good level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that undermines user trust and data protection. The site lacks advanced security headers and cookie consent mechanisms, which are important for GDPR compliance and overall security posture. Business credibility is strong with clear contact information, social media presence, and detailed product and industry information. Strategic improvements in security and privacy compliance are recommended to enhance trust and protect user data.

H

Helló Sajtó! Üzleti Sajtószolgálat

hellosajto.hu

40

Helló Sajtó! Üzleti Sajtószolgálat is a Hungarian online media platform specializing in publishing and distributing business press releases. Established in 2022, it serves businesses, PR agencies, and institutions primarily in Hungary, offering services such as press release publication, distribution, and effectiveness measurement. The website is built on WordPress with Elementor and uses the Smart Mag theme, hosted on a server managed by Mediacenter.hu. The platform integrates Google Tag Manager and Google Ad Manager for analytics and advertising purposes. Despite a professional design and good content quality, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided, including email and phone. Social media presence is active on Facebook, LinkedIn, and Twitter. Overall, the website is functional and credible but requires urgent security improvements to protect user data and enhance trust.

The website carikita.id is currently inaccessible due to Cloudflare security mechanisms blocking direct content access. The domain is registered with a legitimate Indonesian registrar and is relatively new, created in late 2023. No meaningful business or contact information is available on the site, and no privacy or cookie policies are present. Technically, the site lacks a valid SSL certificate and does not support HTTPS, resulting in a poor security posture. The page load performance is slow, and the content quality is minimal, consisting mainly of embedded iframes and tracking pixels from suspicious external domains. Overall, the site appears to be either under development or improperly configured, limiting its trustworthiness and usability.

P

Privacy service provided by Withheld for Privacy ehf

linkjago.me

58

Link Jago is a small, technology-focused business offering a free and open source URL shortening service with features such as custom domains, link management, statistics, and API access. The service targets users and developers seeking an alternative to proprietary URL shorteners, positioning itself as a niche open source solution. The website is built using modern web technologies including Next.js and React, hosted behind Cloudflare DNS, and integrates Google reCAPTCHA for bot protection. However, the site suffers from slow load times and lacks a valid SSL/TLS certificate, resulting in no HTTPS support which is a critical security concern. Security headers are minimal, with only HSTS enabled, and no DMARC or DNSSEC records are present. Privacy compliance is weak, with no privacy or cookie policies found, and no contact or incident response information provided. The domain is registered with privacy protection, which is reasonable for a small open source project but reduces transparency. Overall, the site demonstrates moderate professionalism and technical maturity but requires significant improvements in security and privacy compliance to enhance trust and protect users.

D

Dauphin Telecom Business

dauphintelecompro.com

37

Dauphin Telecom Business is a regional telecommunications and digital solutions provider focused on serving businesses in French overseas territories such as Guadeloupe, Martinique, Guyane, and the Northern Islands. The company offers a range of services including fiber internet (FTTH, FTTO), unified communication solutions, mobile plans, cloud and data center services, and VPN interconnection. Their website reflects a professional digital presence with clear navigation and relevant content tailored to their target audience. Technically, the website is built on Joomla CMS using the Helix Ultimate framework and Bootstrap 5, incorporating modern libraries like jQuery and Awesomplete. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Cookie consent and privacy policies are implemented, showing good GDPR compliance, and Google Analytics is used with appropriate data retention policies. From a security perspective, the absence of HTTPS and security headers significantly lowers the security posture. While Google reCAPTCHA is used to protect forms, the lack of SSL/TLS encryption exposes users to risks. The WHOIS data confirms the domain is mature and registered transparently, consistent with the business claims. Overall, the website is functional and informative but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling security headers, and optimizing performance to improve user experience and security compliance.

D

dauphintelecom-entreprise.com

dauphintelecom-entreprise.com

48

The website dauphintelecom-entreprise.com currently presents as a minimal placeholder or parked page with no substantive content or business information. The domain is very young, registered in mid-2024, and is close to expiry, which raises concerns about the legitimacy and stability of the business presence. There is no SSL certificate installed, resulting in no HTTPS support, which severely impacts the security posture and user trust. No privacy, cookie, or terms of service policies are present, and no contact information or business details are provided on the site. Technically, the site lacks modern web technologies, performance optimizations, and accessibility features, indicating a low level of digital maturity.

D

Dauphin Telecom

dauphintelecom.com

40

Dauphin Telecom is a regional telecommunications provider serving the French Antilles, Saint Martin, and Saint Barthélemy. The company offers a variety of services including mobile plans, fiber internet, TV packages, and bundled offers, targeting both residential and business customers. With a local presence supported by multiple agencies and a customer service center based in Guadeloupe, Dauphin Telecom positions itself as a trusted and accessible operator in its market. Technically, the website is built on WordPress using the Elementor page builder and several Jet plugins, indicating a modern and flexible digital infrastructure. However, the site suffers from slow performance and lacks a valid SSL certificate, which impacts both user experience and security. The site is mobile-optimized and includes basic accessibility features, but there is room for improvement in performance and security hardening. From a security perspective, the absence of HTTPS and modern TLS protocols is a critical vulnerability. While the site implements cookie consent mechanisms and appears GDPR compliant, it lacks explicit security policies and incident response information. The use of SPF records for email authentication is a positive indicator, but the overall security posture is weak and requires urgent attention. Overall, Dauphin Telecom's website reflects a legitimate and established business with good content quality and business credibility. However, significant security improvements are necessary to protect user data and enhance trust. Addressing these issues will strengthen the company's digital presence and compliance standing.

M

MIGASTONE INTERNATIONAL SRL

migastoneacademy.com

33

Migastone Academy operates as a specialized educational platform focused on mobile marketing and app creation, leveraging proprietary methods such as the ASP© method and the Siberian platform. The company positions itself as a leader in Europe with over 1055 applications sold and strong partnerships with major Italian trade associations. The website is built on the Kartra platform, integrating multiple marketing and analytics tools including Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. Despite a professional design and good content quality, the site suffers from critical security issues, notably the lack of a valid SSL certificate and HTTPS, which significantly impacts its security posture. Privacy and cookie policies are present and GDPR compliant, with clear contact information including phone numbers and a physical address in San Marino. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

S

Studio Azione S.r.l.

studioazione.it

65

Studio Azione S.r.l. is a mature Italian web agency specializing in WordPress-based digital projects, emphasizing timely delivery, problem-solving, and exceeding client expectations. The company serves a diverse client base, including notable brands, and offers services such as custom software development, SEO-driven content, and design thinking methodologies. The website reflects a professional and consistent brand image with comprehensive privacy and cookie policies, indicating strong compliance with GDPR requirements. Technically, the site leverages a modern WordPress stack with various JavaScript libraries for enhanced user experience, though performance optimization could be improved due to slow load times. Security posture is adequate with valid SSL and SPF records but lacks advanced HTTP security headers and HSTS enforcement. Overall, the domain registration is consistent with the business profile, enhancing trustworthiness. Strategic recommendations include enhancing security headers, enabling domain protection locks, and improving site performance.

S

San Marino Open Innovation Institute

sanmarinoinnovation.com

49

San Marino Innovation is the official digital technology and blockchain innovation hub of the Republic of San Marino, established in 2017. It serves as a government-supported institute promoting high technology enterprises, startups, and entrepreneurs with tax benefits and certification programs. The website presents a professional and consistent brand image, targeting technology-focused businesses and investors interested in blockchain and digital transformation. The company maintains active social media channels and offers newsletter subscriptions to engage its audience. Technically, the website is built on the Squarespace platform using standard scripts and Typekit fonts. However, it suffers from poor performance with a very slow load time and a large page size. Mobile optimization and SEO are adequate, but accessibility is basic. Critically, the site lacks a valid SSL certificate, resulting in no HTTPS support, which severely impacts security posture. Security-wise, the absence of HTTPS, security headers, and DNSSEC are significant vulnerabilities. While cookie consent mechanisms are in place, GDPR compliance is only basic. The WHOIS data confirms a mature and consistent domain registration without privacy protection, aligning with the business claims. Overall, the website is functional and credible but requires urgent security improvements, especially SSL/TLS implementation, to protect user data and enhance trust. Performance optimization and enhanced security headers would further strengthen the site’s posture.

R

Rete di Top Segnalatori Business Certificati

retesegnalatori.com

31

The website 'retesegnalatori.com' serves as a platform for individuals and businesses interested in becoming certified business referrers and growing within a referral network. It positions itself as a niche network focused on business introductions and certification in the Italian-speaking market. The content is minimal and primarily marketing-oriented, with limited business or legal information provided. Technically, the site is built on the Kartra platform, utilizing common web fonts and CDNs, but suffers from slow load times and lacks modern performance optimizations. Security posture is weak, with no valid SSL certificate or HTTPS support, absence of security headers, and no privacy or cookie policies, exposing users to potential risks. Overall, the site demonstrates low trustworthiness and poor compliance with privacy regulations. Strategic improvements in security, privacy compliance, and content richness are recommended to enhance credibility and user trust.

The San Marino Card website serves as the official portal for the government-backed SMaC program, offering discount cards and electronic wallet services to residents and businesses within San Marino. The site provides comprehensive information about card benefits, partner merchants, and access to a private client area for transaction tracking. The business model is centered on facilitating government-supported financial incentives and electronic payments, positioning itself as a key public service in the local market. Technically, the website is hosted on an nginx server with a legacy charset and uses jQuery libraries alongside Google Analytics for tracking. While the site includes several security headers and a strict transport security policy, it lacks a valid SSL certificate and does not support HTTPS, which is a critical security gap. Performance metrics are unavailable, and mobile optimization is basic, indicating room for technical modernization. From a security perspective, the absence of HTTPS and modern TLS protocols significantly reduces the site's security posture. Although some security headers are present, the lack of vulnerability disclosure policies, cookie consent mechanisms, and comprehensive privacy compliance measures highlight compliance gaps. The site does provide clear contact information and links to privacy and terms documents, but GDPR compliance is not fully evident. Overall, the website is functional and credible as a government service but requires urgent improvements in SSL deployment, privacy compliance, and security best practices to enhance trust and protect user data. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS versions, implementing cookie consent, and publishing a vulnerability disclosure policy.

B

BKN301 S.p.A.

bkn301.sm

53

BKN301 S.p.A. is a fintech company based in San Marino, offering a range of digital payment services including payment accounts, POS solutions, credit and prepaid cards, and e-commerce payment acceptance. The company targets private individuals, businesses, and merchants, positioning itself as an innovative payment institute with international reach. The website is professionally designed using WordPress and Elementor, with good SEO and mobile optimization. However, the technical security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which poses risks to secure communications. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Contact information and company registration details are clearly presented, enhancing business credibility.

B

Banca Agricola Commerciale

baclife.sm

39

Banca Agricola Commerciale (BAC) is a well-established financial institution based in San Marino, providing a broad range of banking, investment, and insurance services to both private individuals and businesses. The website reflects a mature and professional presence with comprehensive business information, news updates, and customer resources. The company operates subsidiaries such as BAC Life S.p.A. and BAC Investments, indicating a diversified financial services group. The target audience is primarily local customers in San Marino, with services tailored to their needs including online and mobile banking solutions. Technically, the website is built on WordPress with modern plugins like Yoast SEO and Cookiebot for compliance and marketing. It integrates Google Tag Manager and Google Maps API, showing a moderate level of digital maturity. However, performance metrics are missing, and some technical debt is evident, especially in the SSL/TLS configuration. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability exposing users to potential data interception. While some security headers are present, the absence of HTTPS and DNSSEC reduces the overall security posture significantly. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is credible and professional but requires urgent improvements in SSL/TLS security to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing DNS and domain protections.

I

Interferenza s.r.l.

newcart.it

30

Newcart.it is a professional Italian e-commerce platform operated by Interferenza s.r.l., offering turnkey online store solutions including domain, hosting, payment integration, and marketing support. The platform targets small to medium businesses seeking easy and rapid e-commerce deployment with additional features like dropshipping and marketplace synchronization. Technically, the site uses a custom PHP-based platform with Apache server, Bootstrap, jQuery, and FontAwesome, but suffers from outdated libraries and lacks a valid SSL certificate, which critically impacts security. Privacy and cookie policies are well implemented and GDPR compliant, with active user consent mechanisms. The site demonstrates good content quality, clear navigation, and mobile optimization, supported by customer testimonials and a visible company address enhancing trust. However, the absence of HTTPS and modern security headers significantly lowers the security posture, requiring urgent remediation. Overall, the site is functional and credible but needs critical security improvements to ensure safe user interactions and compliance with best practices.