Security Directory

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 12 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

The website libraindustriale.com currently serves as a security challenge or redirect page, likely protected by a Web Application Firewall (WAF) such as BitNinja. The domain is mature, registered since 2000 with a reputable registrar, but the website content is minimal and does not provide clear business information or services. The site uses outdated CMS versions (Joomla 1.5 and WordPress 2.5) indicated in meta tags, which are known to have security vulnerabilities. Critically, the site lacks a valid SSL certificate and HTTPS support, exposing visitors to potential security risks. DNS and WHOIS data show no domain protection locks or DNSSEC, which are recommended for domain security. Overall, the site’s security posture is weak, and privacy compliance is absent.

The website ejercito.mil.co represents the official online presence of the Colombian National Army, a government entity responsible for national defense and military operations. The domain is mature and registered consistently with the organization's identity, reflecting a legitimate and authoritative institution. However, the website content is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) challenge page that blocks access unless JavaScript and cookies are enabled. This limits the ability to analyze the actual website content and user experience. From a technical perspective, the site is hosted behind Cloudflare, which provides security and performance services. Despite the presence of multiple security headers enforcing strict cross-origin policies, the absence of a valid SSL/TLS certificate and HTTPS support is a critical security gap. The lack of HTTPS undermines secure communication and user trust. Performance metrics are unavailable due to the blocked content, but the presence of Cloudflare suggests potential for good performance once accessible. Security posture is weakened by the missing SSL certificate and disabled TLS protocols, although other security headers are well configured. No privacy, cookie, or terms of service policies are detected on the landing page, and no contact information or forms are visible, which limits transparency and user engagement. The domain WHOIS data confirms the domain's legitimacy and low expiry risk, supporting trust in the entity behind the site. Overall, the website currently presents a high risk due to inaccessibility and lack of HTTPS, which are critical for secure and trustworthy online presence. Strategic recommendations include immediate installation of a valid SSL certificate, enabling HTTPS, improving accessibility beyond the WAF challenge, and publishing essential policies and contact information to enhance compliance and user trust.

A

Address Hotels

addresshotels.com

40

Address Hotels + Resorts is a luxury hospitality brand offering five-star hotels and resorts in iconic locations, primarily in the Middle East. The website presents a comprehensive and professional digital presence with rich content, multiple language support, and integrated booking and dining reservation systems. The technical infrastructure is based on WordPress with modern web technologies such as React, jQuery, Bootstrap, and Flickity, hosted on Azure CDN. However, the absence of a valid SSL certificate and lack of modern TLS protocols represent critical security vulnerabilities that must be addressed to ensure secure user interactions and data protection. Privacy compliance is partially met with a comprehensive privacy policy and terms of service, but lacks explicit cookie consent mechanisms. Overall, the site demonstrates strong business credibility and branding consistency but requires urgent security improvements.

The domain apir.com is a mature domain registered since 1997 with a reputable registrar, Tucows Domains Inc. However, the website content is minimal, consisting solely of an immediate HTTP redirect to apir.co.uk. There is no visible business information, metadata, or content on the landing page. The technical infrastructure is basic, running on Apache 2.4.52 on Ubuntu, but lacks HTTPS support and any modern security configurations. DNS records are properly configured with MX and NS records but lack DNSSEC and domain protection locks. The SSL certificate is not configured, resulting in no HTTPS availability, which is a critical security concern. No privacy, cookie, or terms of service policies are present, and no contact information or social media links are found, limiting trust and credibility. Overall, the website appears to be a placeholder or in transition, with very limited digital maturity and security posture.

P

Petroliam Nasional Berhad (PETRONAS)

petronas.com

39

PETRONAS is a leading Malaysian national oil and gas company with a strong global presence and diversified energy portfolio. The website reflects a mature enterprise with comprehensive information on its business units, sustainability initiatives, investor relations, and corporate governance. The technical infrastructure is modern, leveraging Drupal 9 CMS, Algolia search, and Azure hosting, with good mobile optimization and SEO practices. However, the security posture is critically weakened by the absence of a valid SSL certificate and HTTPS support, which poses significant risks to user trust and data security. Privacy and cookie policies are well implemented, indicating good compliance with GDPR and related regulations. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to improve security and user confidence.

L

Libertas Srl

libertas.sm

31

Libertas.sm is a well-established online news media outlet serving the San Marino and Rimini regions, operating since 2000. It provides daily news, stories, and information with a focus on local events, politics, culture, and sports. The website leverages WordPress CMS with a range of plugins for SEO, advertising, and user engagement, including Google Tag Manager and advertising networks. Despite a rich content offering and good user experience, the site lacks HTTPS encryption, which is a critical security vulnerability. Privacy and cookie policies are implemented with GDPR compliance, and contact information is clearly provided, supporting business credibility. The domain registration data confirms the site's legitimacy and maturity, though domain protection mechanisms are absent.

P

Professional Provident Society Insurance Company

pps.co.za

40

PPS (Professional Provident Society Insurance Company) is a mature South African financial services provider specializing in insurance, investment, and healthcare solutions tailored for graduate professionals. The company operates on a mutuality model, allowing members to share in profits, and maintains a strong market position supported by professional associations and comprehensive service offerings. The website is built on Drupal 10 with modern frontend libraries and hosted behind Cloudflare, demonstrating a moderate level of digital maturity. However, the absence of a valid SSL/TLS certificate and lack of HTTPS significantly undermine the security posture. While security headers are partially implemented, critical vulnerabilities exist due to missing encryption and lack of advanced security features. Privacy compliance is basic, with no explicit cookie consent mechanism and limited GDPR indicators. Overall, the site presents professional content and good business credibility but requires urgent security improvements to protect user data and enhance trust.

F

Fondazione Unicampus San Pellegrino

fusp.it

40

Fondazione Unicampus San Pellegrino is a mature and established educational institution in Italy specializing in linguistic mediation, translation, and intercultural communication. It operates multiple campuses and offers a broad range of academic programs including bachelor's and master's degrees, executive masters, language certifications, and specialized courses. The foundation is accredited by the Italian Ministry of University and Research (MUR) and maintains active research centers, positioning itself as a key player in its niche educational market. The website reflects a professional and consistent brand image with comprehensive content tailored to students and professionals in the linguistic field. Technically, the website is built on a modern WordPress stack with Elementor, WooCommerce, and TutorLMS plugins, supporting e-learning and e-commerce functionalities. The site is mobile-optimized and SEO-friendly, though performance data suggests moderate speed. Security posture is currently weakened by an invalid SSL certificate and lack of support for modern TLS protocols, which undermines HTTPS effectiveness. Privacy and cookie policies are present and GDPR compliant, with clear contact information and a contact form secured by Google reCAPTCHA. Overall, the site is trustworthy and professionally maintained but requires urgent improvements in SSL/TLS configuration and security headers to enhance user trust and data protection. There is no evidence of a formal security policy or incident response contact, which could be areas for future enhancement.

San Marino is a Peruvian real estate development specializing in luxury residential properties and marina services. The website presents a well-structured and visually appealing platform targeting buyers interested in exclusive homes, apartments, marina slips, and club memberships near Lima. The technical infrastructure relies on Apache and PHP 7.3 with integration of Google Tag Manager and TikTok Analytics for marketing and tracking purposes. However, the absence of HTTPS and a valid SSL certificate significantly undermines the site's security posture. Additionally, the lack of cookie consent mechanisms and comprehensive privacy compliance measures exposes potential regulatory risks. Overall, while the business model and market positioning are clear and credible, the website requires urgent security and privacy improvements to protect user data and enhance trust.

S

SIT S.p.A.

sitspa.com

22

SIT S.p.A. is a well-established Italian manufacturing company specializing in power transmission solutions and components for industrial applications. The company positions itself as a global leader with multiple production centers and subsidiaries worldwide, offering a broad portfolio of products including timing belts, couplings, and servo reducers. The website reflects a professional business presence with detailed product information, certifications, and contact details, targeting industrial clients seeking high-quality power transmission components. Technically, the website is built on WordPress with common plugins for SEO, page building, and analytics. However, the site suffers from a critical security deficiency as it lacks HTTPS, exposing visitors to potential data interception risks. Performance is suboptimal with a high load time and large page size, though mobile optimization and SEO practices are reasonably well implemented. Security posture is weak due to the absence of SSL/TLS encryption and missing security headers. No explicit security or incident response policies are published, which could be a concern for compliance and trust. Privacy compliance is partially addressed with visible privacy and cookie policies and consent mechanisms. Overall, SIT S.p.A. demonstrates strong business credibility and content quality but must urgently address security shortcomings to protect users and improve trust. Strategic improvements in security infrastructure and performance optimization are recommended to align the digital presence with the company's market leadership.

C

CAD IT S.p.A.

caditgroup.com

33

CAD IT S.p.A. is an established Italian company specializing in software solutions for the banking, finance, public administration, and industrial sectors. Controlled by Cedacri S.p.A., a leading IT services provider for financial institutions in Italy, CAD IT holds a strong market position with a focus on financial instrument brokerage software and IT outsourcing services. The website reflects a professional business model targeting banks, financial institutions, and public entities, offering a broad portfolio of software products and services. The company is mature with over 24 years of domain registration and a large operational size.

T

Today - Branding Agency

clorofilla.com

24

Today - Branding Agency is an established Italian branding and creative agency with a mature online presence dating back over 22 years. The company offers branding services, creative projects, and showreel production targeting businesses seeking professional brand development. The website presents a professional design with portfolio highlights and clear contact information, including email, phone, and physical address in Vicenza, Italy. Social media presence on LinkedIn and Instagram supports their market engagement. Technically, the site uses common JavaScript libraries such as jQuery and Flickity and is hosted behind Cloudflare, but lacks a valid SSL certificate, resulting in HTTP delivery which is a critical security shortfall. The site is mobile optimized with good user experience but has basic SEO and accessibility features.

E

esploratori dello spazio

esploratoridellospazio.com

20

Esploratori dello Spazio is a mature and established design studio specializing in visual communication and creative services such as art direction, branding, web design, and advertising. The company targets corporate and institutional clients, including notable names like Nike and Expo Milano, positioning itself as a reputable player in the media and design sector. The website reflects a professional portfolio with excellent content quality and consistent branding, supporting the company's market presence. Technically, the website runs on an Apache server with PHP 7.3.33 and is hosted by Media Temple. While the site is mobile-optimized and well-structured with good SEO practices, it lacks modern security implementations such as HTTPS, security headers, and DNSSEC. Performance metrics are unavailable, but the site appears visually rich and responsive. From a security standpoint, the absence of an SSL/TLS certificate is a critical vulnerability, exposing users to potential data interception risks. Additionally, the lack of privacy and cookie policies indicates non-compliance with GDPR and other data protection regulations. No incident response or security policies are published, and no vulnerability disclosure mechanisms are in place. These gaps reduce the overall security posture and trustworthiness. Overall, the website demonstrates strong business credibility and content quality but suffers from significant security and privacy compliance deficiencies. Strategic improvements in SSL implementation, security headers, and policy disclosures are essential to enhance trust and protect both the business and its clients.

C

Cotes

cotes.com

40

Cotes is a Denmark-based company specializing in tailor-made adsorption dehumidifiers and humidity management solutions primarily for industrial sectors such as wind energy, battery manufacturing, building drying, and food & beverage production. The company holds a strong market position with significant global offshore wind turbine market share and partnerships including UNICEF. Their website is professionally designed, leveraging HubSpot CMS and modern marketing tools, with clear navigation and multilingual support. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue that undermines user trust and data security. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Contact information and social media presence are clearly provided, enhancing business credibility.

TITANKA! Spa is a specialized digital marketing and technology solutions provider focused on the tourism and hospitality sector, serving hotels, camping villages, and destinations primarily in Italy and San Marino. With over 25 years of experience, the company offers tailored services including web marketing, chatbot AI, performance hubs, and hospitality marketing mix solutions. The website reflects a mature business with a consistent brand and a clear target audience. Technically, the site uses a proprietary CMS and integrates multiple analytics and marketing tools, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a comprehensive GDPR policy and cookie consent mechanism. The security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Overall, the business appears legitimate and established, but urgent improvements in security infrastructure are recommended to protect user data and enhance trust.

The website melonistore.it is currently inaccessible due to a DNS resolution error as indicated by the Cloudflare error 1001 page. This prevents any meaningful content or business information from being accessed or analyzed. The domain itself is mature, registered since 2005, and protected by DNSSEC, which suggests legitimacy. However, the absence of a valid SSL certificate and the failure to resolve DNS records result in a poor security posture and user experience. No privacy, cookie, or terms of service policies are present, and no contact information or business details are available on the page. The site relies on Cloudflare for DNS and security services but is currently misconfigured or experiencing DNS issues that block access.

O

Orienta S.r.l.

orienta.sm

26

Orienta S.r.l. is a San Marino based software house specializing in ERP and integrated business software solutions, targeting enterprises seeking to optimize organizational processes and resource management. The company offers a range of services including Business Analytics, Sales Automation, Manufacturing and Industry 4.0 solutions, Workflow management, and Project Management software. Founded in 2013, Orienta positions itself as a young and dynamic player in the local technology market, providing tailored software and consultancy services to businesses. Technically, the website is built on WordPress using the Divi theme and leverages modern PHP 8.1.32 and nginx server infrastructure. It integrates Google Analytics for tracking and Google reCAPTCHA v3 for form security. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Performance data is limited but indicates slow loading times. The site is mobile optimized and SEO friendly with Yoast SEO plugin usage. From a security perspective, the absence of HTTPS, HSTS, DNSSEC, and security headers significantly weakens the site's security posture. While no vulnerable libraries or known exploits are detected, the lack of encryption and security best practices exposes the site and its users to potential risks. Privacy and cookie policies are present but basic, with no explicit GDPR compliance indicators or incident response policies. Overall, the website demonstrates a professional business presence with good content quality and clear contact information. However, critical security improvements are necessary to protect user data and enhance trust. Strategic recommendations include immediate SSL certificate installation, enabling security headers, and improving privacy compliance measures to align with regulatory standards.

D

Denver S.p.A.

denver.sm

25

Denver S.p.A. is a medium-sized manufacturing company based in San Marino, specializing in the production of machines for stone and glass processing. Established in 1984, it has a strong market position with a global presence including a US subsidiary. The website is professionally designed using WordPress and WooCommerce, offering rich content, clear navigation, and multiple customer engagement channels including live demos and training centers. Technically, the site uses modern plugins and marketing tools but suffers from critical security issues due to lack of valid SSL/TLS certificates and missing HTTPS, which exposes visitors to risks. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business is credible and trustworthy, but urgent security improvements are needed to protect users and enhance trust.

D

Detas SpA

detas.com

35

Detas SpA is a mature Italian manufacturing company specializing in electronic devices for industrial automation, LED lighting, traffic signaling, and electric mobility solutions. The company operates multiple specialized divisions and subsidiaries, serving a broad industrial client base. Their website reflects a professional and consistent brand presence with clear business information and certifications such as ISO9001 and ISO14001. Technically, the website is built on modern web technologies including Webflow CMS, jQuery, and uses analytics tools like Hotjar and Plausible Analytics. However, the site suffers from slow load times and lacks a valid SSL certificate, exposing users to security risks. Security posture is weak with no HTTPS, no security headers, and no domain protection locks. Privacy compliance is minimal, with no cookie consent mechanism despite GDPR applicability. Overall, the website is functional and credible but requires urgent security and privacy improvements to protect users and enhance trust.

The website creditosammarinese.sm is currently inaccessible, serving a 403 Forbidden error page with minimal HTML content. The domain is registered and uses Cloudflare DNS services, but no valid SSL certificate is installed, resulting in no HTTPS support. The site lacks any visible content, metadata, or business information, making it impossible to assess the company's services or market position. Technically, the site performs poorly with slow load times and minimal resources. Security posture is weak due to missing SSL, lack of security headers, and no HSTS enforcement. No privacy or cookie policies are present, and no contact information is available. Overall, the site appears non-functional or restricted, significantly limiting trust and usability.

N

NatWest Group

rbs.com

40

NatWest Group is a mature, UK-focused banking institution serving over 19 million customers across retail, commercial, and private banking sectors. The website reflects a strong commitment to sustainability, governance, and investor transparency, positioning the group as a trusted financial partner. The digital infrastructure is built on Adobe Experience Manager with integrations for cookie consent and Adobe Launch for analytics, indicating a modern and enterprise-grade platform. However, the website's security posture is significantly weakened by an invalid SSL certificate and lack of enabled TLS protocols, which poses a critical risk to user data and trust. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site is professional and content-rich but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

A

ASA Group

gruppoasa.com

30

ASA Group is a well-established manufacturer specializing in metal packaging for the food and chemical sectors, holding a strong market position as the largest independent group in Italy and the fourth largest in Europe. The company operates multiple production plants and subsidiaries across Italy, Switzerland, and the UK, with headquarters in San Marino. Their website reflects a professional business presence with clear branding and relevant content targeting industrial clients requiring metal packaging solutions. Technically, the website is built on Pimcore CMS with modern frontend technologies and integrates privacy management tools like Iubenda and Google Tag Manager for analytics and compliance. However, the absence of HTTPS and a valid SSL certificate represents a critical security gap, exposing users and business operations to potential risks. Security headers are minimal, and no advanced security policies are implemented, indicating room for significant improvement in security posture. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the website demonstrates good business credibility and content quality but requires urgent security enhancements to protect data and build user trust.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 8 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

S

San Marino Rtv

sanmarinortv.sm

37

San Marino RTV operates as the official radio and television broadcaster for the Republic of San Marino, providing live streaming services, news, sports, cultural programming, and event coverage. The website serves a diverse audience interested in local and international news, sports updates, and entertainment, positioning itself as a key media outlet within the country. The business model relies on public broadcasting complemented by advertising revenue streams. Technically, the site employs modern web technologies including nginx, Varnish caching, Fluid Player for video streaming, and integrates with major advertising and analytics platforms such as Google Analytics and Facebook Pixel. However, the absence of a valid SSL certificate and HTTPS support represents a significant security vulnerability, exposing users to potential data interception and undermining trust. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Overall, the website demonstrates strong content quality and business credibility but requires urgent security improvements to protect user data and enhance trust.

S

SCM Group

scmgroup.com

40

SCM Group is a well-established global leader in manufacturing woodworking and industrial machinery, with a strong presence in multiple material processing sectors. The company operates through a network of specialized subsidiaries and partners, serving diverse industries such as furniture, automotive, aerospace, and construction. Their website reflects a mature business with consistent branding and good content quality. Technically, the site uses a Pimcore CMS on a CentOS Apache server with modern analytics tools, but suffers from a critical lack of valid SSL/TLS configuration, exposing it to security risks. Privacy compliance is well addressed through Iubenda policies and GDPR scripts. Overall, the business credibility is strong, but the security posture requires urgent improvement to protect users and maintain trust.

I

Idexa web s.r.l.

idexaweb.com

28

Idexa Web is a professional web agency specializing in e-commerce, marketplace development, SEO, and web marketing services primarily targeting businesses in Rimini and San Marino. The company presents itself as experienced with 25 years in the industry and offers a comprehensive portfolio of projects and services. Technically, the website is built on WordPress with popular plugins and marketing integrations, but it lacks a valid SSL certificate, which is a critical security flaw. The absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy and cookie policies are present and GDPR compliant, with active consent mechanisms. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

B

Bioscience institute spa

bioinst.com

39

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 21 security findings identified across all modules.

I

ISS

issworld.com

40

ISS is a global leader in workplace experience and facility management services, operating in over 30 countries with more than 325,000 employees and 40,000 customers. The company offers integrated services including cleaning, food, technical, workplace, and facility management solutions designed to improve business performance and employee wellbeing. The website reflects a mature digital presence with multi-language support, comprehensive corporate and investor information, and active social media engagement. Technically, the site is built on modern frameworks such as Next.js and hosted on Vercel, with Sitecore as the CMS, indicating a robust and scalable infrastructure. However, the security posture is weakened by the absence of a valid SSL certificate and incomplete HSTS implementation, which are critical issues that need immediate remediation to protect user data and maintain trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

Energreen is a mature Belgian company specializing in high-quality, sustainable energy solutions including solar panels, home batteries, electric vehicle charging stations, heat pumps, and intelligent energy management systems. The company positions itself as a comprehensive provider for both residential and commercial customers, emphasizing energy independence and cost reduction. The website is built on modern technologies such as Next.js and React, hosted on AWS Cloudfront, and integrates multiple analytics and marketing tools with user consent mechanisms. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, which significantly impacts the security posture. The company provides clear contact information and maintains comprehensive privacy and cookie policies, supporting GDPR compliance. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

M

Mission 21

mission-21.org

22

Mission 21 is a well-established Swiss non-profit organization dedicated to sustainable development and humanitarian aid across 18 countries in Africa, Asia, and Latin America. Their work focuses on peace promotion, education, health, food sovereignty, and combating violence against vulnerable groups. The organization is supported by church bodies, foundations, government agencies, and private donors, reflecting a robust and diverse funding model. The website presents comprehensive content in multiple languages, demonstrating a strong commitment to accessibility and outreach. Technically, the website is built on WordPress using the Astra theme and integrates various plugins for forms, e-commerce, and multimedia content. While the site is mobile-optimized and SEO-friendly, performance metrics are not available, indicating potential areas for improvement. The security posture is currently weak due to the absence of a valid SSL certificate and modern TLS protocols, which poses significant risks to user data and trust. Privacy compliance is well addressed with clear privacy and cookie policies, including a consent mechanism, aligning with GDPR requirements. However, the site lacks explicit security policies and incident response information, which are important for transparency and user confidence. Overall, the domain registration data aligns well with the organization's identity, supporting legitimacy. Strategically, Mission 21 should prioritize securing their website with valid SSL/TLS certificates and updating their security configurations to protect user data and enhance trust. Enhancing transparency around security policies and incident response would further strengthen their credibility. Continuous monitoring and performance optimization will also benefit user experience and engagement.

L

Linekit

linekit.com

40

Linekit is an established Italian company specializing in the production and online sale of office furniture and furnishings. With over 25 years of experience, the company targets businesses and professionals seeking high-quality, ergonomic, and design-oriented office solutions. Their business model focuses on direct manufacturer sales, supported by consultancy, design services, and a partner reseller program. The website is professionally designed with rich content, including product portfolios, videos, and customer testimonials, enhancing user engagement and trust. Technically, the site is built on WordPress with WooCommerce and Elementor, hosted behind Cloudflare, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. Social media presence and marketing tools like Google Tag Manager and Facebook Pixel are actively used. Overall, the site demonstrates good business credibility but requires urgent security improvements to enable HTTPS and strengthen its security posture.

M

M.M.Warburg & CO (AG & Co.) KGaA

bankhaus-plump.de

34

M.M.Warburg & CO is an established independent private bank in Germany, founded in 1798, offering a broad range of financial services including private banking, asset management, corporate finance, and institutional client services. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding consistency. Technically, the site uses Apache server, OpenCms CMS, and integrates modern marketing and analytics tools with user consent management. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. The security posture is weak due to lack of TLS protocols and incomplete security headers. Privacy compliance is well addressed through UserCentrics CMP and a comprehensive privacy policy. Overall, the site is credible and professional but requires urgent security improvements.

B

Biemme Srl

biemmebiagiotti.com

26

Biemme Srl is an established Italian manufacturing company specializing in innovative construction and industrial products, serving both national and international markets since 1983. The company offers a broad portfolio of products including structural reinforcements, insulation materials, and technical support services, supported by a professional and content-rich website. Technically, the website is built on WordPress with WooCommerce and Oxygen Builder, leveraging modern JavaScript libraries and SEO plugins, but suffers from performance issues and lacks a valid SSL certificate, impacting security and user trust. The security posture is weak due to missing HTTPS and security headers, although privacy compliance is well addressed through Iubenda policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance credibility.

Network & Knowledge is a professional services firm based in Brescia, Italy, specializing in accounting, legal, and business consultancy services. Established in 2000, the company has grown to a medium-sized firm with over 70 professionals across 7 offices serving more than 1,200 clients. Their service portfolio includes traditional accounting, legal consultancy, labor consultancy, and specialized training through their Academy. The website reflects a mature and professional business with consistent branding and comprehensive service descriptions targeting businesses in the Brescia province. Technically, the site uses Joomla CMS with modern frontend libraries and frameworks, but lacks HTTPS support, which is a critical security gap. Security headers are present but the absence of SSL/TLS significantly reduces the security posture. Privacy and cookie policies are implemented with GDPR compliance. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

The website at bsm.sm currently functions as a security gateway page implementing a CAPTCHA challenge to prevent automated or malicious access. It is not a traditional business website but a protective layer powered by BitNinja technology. The site uses outdated CMS platforms (Joomla 1.5 and WordPress 2.5) and lacks a valid SSL certificate, serving content over HTTP only. Google reCAPTCHA and Google Analytics are integrated for bot mitigation and visitor tracking. The absence of privacy, cookie, and terms of service policies, as well as contact information, limits the site's compliance and business credibility. DNS configuration lacks modern security features such as DNSSEC and CAA records. Overall, the site is slow to load and provides minimal content focused solely on CAPTCHA validation.

U

Università degli Studi di Ferrara

unife.it

40

The Università degli Studi di Ferrara is a well-established public university in Italy, providing a broad range of academic courses, research opportunities, and community engagement initiatives. The website targets students, researchers, and the general public, offering clear navigation and comprehensive institutional information. The university maintains an active presence on major social media platforms and provides transparent contact details and legal notices, enhancing trust and credibility. Technically, the website is built on the Plone CMS platform using Python and Zope technologies. While the site demonstrates good design, accessibility, and SEO practices, performance data is lacking, and the SSL/TLS configuration is critically deficient, with no valid certificate or HTTPS support detected. This significantly impacts the security posture and user trust. Security-wise, the site includes some security headers but lacks a valid SSL certificate, modern TLS protocols, and incident response contact information. Privacy and cookie policies are present and appear GDPR compliant, reflecting good privacy practices. Overall, the site is functional and professional but requires urgent improvements in SSL/TLS security to protect users and data. The domain registration data aligns well with the university's identity, showing consistency and legitimacy. No suspicious patterns or privacy protection on WHOIS are present, supporting the trustworthiness of the domain.

Expansion Group is a San Marino-based media and communication agency established in 2011, providing advertising, digital marketing, design, and media portfolio services to a diverse client base. The company maintains a mature online presence with a well-structured website showcasing its portfolio and client successes. Technically, the website is built on WordPress with popular plugins and integrates common marketing and analytics tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. However, the site suffers from significant security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which exposes visitors to potential risks. Privacy compliance is addressed with a cookie consent banner and a privacy policy, but incident response and security policies are not publicly documented. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

C

Clementoni Spa

clementoni.com

34

Clementoni Spa operates a professional and well-branded e-commerce website focused on selling toys and educational products primarily in Italy. The website is built on the Shopify platform, leveraging modern web technologies and integrations such as Google Analytics, Facebook Pixel, and Iubenda for privacy compliance. The company demonstrates strong business credibility with clear contact information, social media presence, and comprehensive privacy and cookie policies. However, the website currently lacks a valid SSL certificate, which significantly impacts its security posture and user trust. The technical infrastructure is robust but could benefit from improved SSL/TLS implementation to ensure secure communications. Overall, the site is functional and user-friendly but requires urgent security improvements to meet industry standards.

E

Extera srl

extera.com

40

Security assessment completed with an overall score of 0/100 (unknown risk). 3 critical issues require immediate attention. Total of 23 security findings identified across all modules.

A

AC Milan

acmilan.com

28

AC Milan's official website serves as a digital platform for the football club to engage with fans by providing news, match information, and multimedia content. The site targets football enthusiasts and supporters of the club, leveraging a React-based frontend and delivery through AWS CloudFront CDN. Despite its global brand recognition, the website currently lacks a valid SSL certificate, resulting in no HTTPS support, which critically undermines its security posture. The absence of privacy and terms of service pages further impacts compliance and user trust. The cookie consent mechanism via OneTrust and integration of Google Tag Manager indicate some level of privacy and analytics maturity, but overall content quality and navigation are basic, with minimal visible business contact information.

P

Persado

persado.com

40

Persado is an enterprise AI marketing platform specializing in generating, optimizing, and personalizing marketing language at scale, primarily targeting banks and financial institutions. The company positions itself as a market leader with strong endorsements from major U.S. banks and credit card issuers. Their platform integrates compliance, performance, and personalization features, supported by multi-agent AI workflows and domain-specific models tailored for the financial sector. The website reflects a mature digital presence with comprehensive content, strong branding, and customer testimonials. Technically, the site is built on WordPress with modern themes and plugins, leveraging WP Engine hosting and Cloudflare CDN. It employs standard marketing and analytics tools such as Google Analytics, Google Tag Manager, Drift, Pardot, and Zapier. SEO and accessibility practices are well implemented, and the site is mobile optimized. However, a critical security shortfall is the absence of a valid SSL/TLS certificate, resulting in no HTTPS encryption, which severely impacts the security posture. Security headers are properly configured, and the company demonstrates adherence to recognized security frameworks including ISO 27001 and SOC II type 2. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Despite the strong compliance and governance messaging, the lack of HTTPS is a major vulnerability that undermines user trust and data protection. Overall, Persado presents a professional and credible business with advanced AI-driven marketing solutions for finance, but must urgently address its SSL/TLS certificate issues to ensure secure communications and maintain enterprise-grade security standards.

U

University of Bristol

bristol.ac.uk

39

The University of Bristol operates a comprehensive and professional website serving prospective and current students, staff, alumni, and the wider community. The site provides detailed information on undergraduate and postgraduate courses, research activities, and community engagement, positioning the university as a leading educational institution in the UK and globally. The website content is well-structured, accessible, and rich in relevant information, reflecting a strong digital presence. Technically, the website employs modern JavaScript frameworks such as StencilJS and integrates tracking and analytics tools like Google Tag Manager and TrackedWeb. However, the site suffers from significant performance issues, including a slow load time and a large page size, which could impact user experience. Mobile optimization and accessibility are well addressed, contributing positively to overall usability. From a security perspective, the website exhibits critical weaknesses, notably the absence of a valid SSL certificate and HTTPS support, exposing users to potential data interception risks. Additionally, no security headers or advanced TLS protocols are enabled, and no incident response or vulnerability disclosure policies are publicly available. Privacy compliance is strong, with comprehensive privacy and cookie policies aligned with GDPR requirements. Overall, while the University of Bristol's website excels in content quality and business credibility, urgent improvements in security infrastructure and performance optimization are necessary to enhance trust and protect users. Strategic recommendations include implementing HTTPS, enabling security headers, optimizing performance, and publishing clear security policies.

T

TFP Group Inc.

tfpgroup.com

40

TFP Group Inc. is a specialized consulting firm focused on workforce development and training grant funding, operating nationally in the United States with over 25 years of experience. The company serves businesses and organizations seeking to develop talent pipelines and secure training incentives, working closely with government agencies across multiple states. Their website reflects a professional presence with clear service descriptions and contact information, targeting clients in workforce development sectors. Technically, the website is built on a modern WordPress platform using Elementor and related plugins, hosted behind Cloudflare with caching mechanisms. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and disabled TLS protocols, which severely impact secure communications and user trust. Performance is rated slow, and SEO and accessibility features are basic. Security posture is weak due to missing HTTPS, lack of DMARC and DNSSEC, and no incident response or vulnerability disclosure information. Privacy compliance is minimal, with no privacy or cookie policies found. Business credibility is supported by clear contact details and a consistent brand message but is undermined by security and compliance gaps. Overall, the site is functional and informative but requires urgent security improvements and privacy policy implementations to enhance trust and compliance.

The website for gruppohera.it is currently inaccessible due to a CloudFront 403 error page blocking access, which prevents retrieval of any meaningful content or metadata. The domain is registered and consistent with an Italian energy sector business, but the lack of a valid SSL certificate and HTTPS support severely impacts the security posture. Additionally, a DNS subdomain takeover vulnerability was detected on the ftp subdomain, posing a risk of unauthorized control. The technical infrastructure relies on Amazon CloudFront for content delivery but is misconfigured, resulting in blocked access and poor performance. Overall, the site exhibits critical security and accessibility issues that must be addressed to restore trust and functionality.

T

Tecnoplay S.r.l.

tecnoplay.com

39

Tecnoplay S.r.l. is a mature and established company specializing in the distribution and sale of entertainment machines for gaming halls and public venues, with a strong presence in Italy and San Marino. The company positions itself as a leader with over 28 years of experience, offering products from internationally recognized brands such as Sega. Their business model focuses on providing high-quality amusement equipment and technical support services to family and gaming enthusiasts. The website reflects this positioning with clear branding, product categories, and contact information, targeting local businesses and consumers interested in amusement technology. From a technical perspective, the website is built on an older but functional technology stack including Apache server, jQuery, Bootstrap, and a proprietary CMS (TITANKA!). While the site is content-rich and well-structured with multilingual support, it suffers from performance issues and lacks modern optimization features. Mobile optimization and accessibility are basic but present. SEO practices are adequately implemented with proper meta tags and structured data. Security posture is a significant concern as the site does not implement HTTPS, exposing users to potential data interception risks. Security headers are partially implemented but insufficient without SSL/TLS. No advanced security policies or incident response information is publicly available. The absence of vulnerability disclosure or security.txt files further limits transparency. Privacy compliance is basic, with a privacy policy and cookie consent mechanism present, but GDPR compliance details are minimal. Overall, the website and business demonstrate moderate trustworthiness and professionalism but require urgent security improvements, especially the implementation of HTTPS. Strategic recommendations include upgrading security infrastructure, modernizing the technology stack, enhancing privacy compliance, and publishing clear security policies to improve user trust and regulatory adherence.

Security assessment incomplete. Successfully analyzed: emailSecurity, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2, sslTls. 9 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2, sslTls. 10 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

Security assessment incomplete. Successfully analyzed: emailSecurity, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2, sslTls. 11 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

W

Webfuse

webfuse.com

55

Webfuse is an enterprise-grade SaaS platform specializing in augmented web proxy technology that enables developers and organizations to modify and extend web applications without altering source code. The platform targets developers and enterprises seeking flexible, no-code web augmentation solutions, offering features such as virtual web sessions, automation workflows, multi-factor authentication, and real-time collaboration. The website presents a professional and consistent brand image, emphasizing compliance with major security frameworks like SOC 2, GDPR, ISO 27001, and HIPAA, and claims trust from Fortune 500 companies and global organizations. Technically, the website is built on Webflow CMS and integrates modern JavaScript libraries such as Vimeo Player API, Swiper.js, and analytics tools including Segment, Google Tag Manager, and Plausible Analytics. Hosting and CDN services are provided via Cloudflare and AWS infrastructure. While the site is mobile-optimized and accessible with good SEO practices, performance metrics indicate slow loading times, possibly due to large media assets and third-party scripts. From a security perspective, the site implements several HTTP security headers and cookie flags, but critically lacks a valid SSL certificate and proper TLS protocol support, severely undermining HTTPS security. No vulnerability disclosure or incident response contact information is provided, and privacy and cookie policies are absent, which impacts compliance posture. DNS records and WHOIS data indicate a legitimate and consistent domain registration without privacy protection, supporting the business's credibility. Overall, Webfuse demonstrates strong business credibility and technical sophistication but must urgently address SSL/TLS implementation and privacy compliance to improve security posture and user trust. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS protocols, publishing privacy and cookie policies, and adding explicit contact information for security incidents.