Security Directory

Selbst-Bestimmt.net is a small German-based organization specializing in personal development seminars and workshops, including Heldenreise®, Family Circles, and Gestalt therapy. The website presents a clear business model focused on organizing and delivering these seminars, targeting individuals interested in self-development. Technically, the site runs on WordPress with common plugins such as Yoast SEO and Contact Form 7, hosted on a provider associated with kasserver.com. However, the site lacks HTTPS support, which is a critical security deficiency. Security posture is weak due to the absence of SSL/TLS encryption and missing security headers. Privacy compliance is also lacking, with no visible privacy or cookie policies. Overall, the website is functional and content-rich but requires urgent improvements in security and compliance to protect users and build trust.

S

Strelle Records

strelle.at

35

Strelle Records is a small Austrian media and event technology service provider specializing in audio, video, lighting, installations, and event planning since 2011. The company targets event organizers, artists, and media producers primarily in the Kärnten region. The website is built on WordPress with a modern theme and integrates Google Analytics and Jetpack for analytics and performance tracking. However, the site lacks HTTPS, which is a critical security deficiency. The cookie consent mechanism is implemented, but no privacy policy or terms of service pages are present, indicating partial GDPR compliance. Contact information is clearly provided, and social media presence is strong, enhancing business credibility. Overall, the technical infrastructure is moderate but requires urgent security improvements.

V

Virtual Minds GmbH

virtualminds.de

22

Virtual Minds GmbH is a well-established European adtech company specializing in programmatic advertising solutions for publishers, broadcasters, agencies, and advertisers. As a subsidiary of ProSiebenSat.1 Media SE, it holds a strong market position offering a modular full-stack of advertising technologies including DSP, SSP, DMP, and ad serving platforms. The company emphasizes legal compliance, quality, and customer-centric agile development. Technically, the website is built on WordPress with Elementor and uses modern PHP and nginx server technologies. However, the absence of a valid SSL certificate and HTTPS is a critical security gap that undermines trust and security posture. The company maintains ISO 27001 certification and GDPR compliance, reflecting a mature security and privacy framework. Overall, the business is credible and professional but must urgently address its SSL/TLS configuration to improve security and user trust.

G

Gofore Oyj

e-mundo.de

40

Gofore Oyj is a Finnish digital consulting company that has integrated eMundo GmbH to strengthen its presence in the DACH region, operating under the Gofore brand with a new Munich headquarters. The website content is professional, well-structured, and targets businesses seeking digital transformation services. The technical infrastructure is based on WordPress CMS hosted on AWS with modern analytics and marketing tools, but performance is currently slow and the site lacks HTTPS, which is a critical security gap. Security posture is weak due to missing SSL/TLS certificates and lack of modern protocol support, though other security best practices like SPF and vulnerability mitigations are in place. Privacy compliance is strong with comprehensive policies and consent mechanisms. Overall, the site is credible and trustworthy but urgently needs to address HTTPS and SSL issues to improve security and user trust.

I

ISG - International Service Group

isg.com

38

ISG - International Service Group is a well-established HR consulting company founded in 1999, specializing in recruiting, executive search, training, and personnel management services. With over 800 employees and more than 60 offices worldwide, ISG holds a strong market position as a leading personnel consulting provider in Europe and beyond. Their business model focuses on delivering tailored HR solutions across multiple industries including automotive, finance, technology, and healthcare. The website content is professionally presented, targeting businesses seeking comprehensive HR services internationally. Technically, the website is built on WordPress with modern plugins such as Gravity Forms and uses LiteSpeed Cache for performance optimization. However, the site currently lacks a valid SSL certificate and does not support modern TLS protocols, which significantly impacts its security posture. The site includes a cookie consent mechanism and privacy policy, indicating awareness of privacy compliance, but lacks explicit security or incident response policies. From a security perspective, the absence of HTTPS and modern encryption protocols is a critical vulnerability that exposes users to risks. While some security headers like HSTS are present, the overall SSL/TLS configuration is poor. There are no detected vulnerabilities related to common exploits, but the lack of encryption is a major concern. WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Overall, ISG's website demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include immediate installation of a valid SSL certificate, enabling modern TLS protocols, and implementing additional security headers and policies to improve the security posture and compliance.

A

Applied Chemicals International AG

acat.com

30

Applied Chemicals International AG operates as a medium-sized international chemical supplier specializing in innovative chemical products and technologies for wastewater treatment, paper production, and specialty industrial chemicals. The company maintains multiple offices across Europe and Africa, serving industrial clients with a B2B business model. Their website is professionally designed, multilingual, and optimized for SEO, reflecting a mature digital presence. However, the absence of a valid SSL certificate and HTTPS support significantly undermines their security posture. While security headers and content security policies are implemented, they are weakened by permissive settings and lack of modern TLS protocols. Privacy compliance is addressed with clear privacy and cookie policies, and contact information is readily available. Overall, the company presents a credible business front but must urgently address critical security gaps to protect user data and maintain trust.

E

Erne Fittings GmbH

ernefittings.com

40

Erne Fittings GmbH is a well-established manufacturer of premium quality pipe fittings with over 100 years of experience, serving a global industrial clientele primarily in the manufacturing and energy sectors. The company offers a comprehensive range of products including stock and production programs as well as special-purpose solutions, supported by quality certifications and a dedicated test laboratory. Their website reflects a professional and consistent brand image with clear navigation and multilingual support, targeting industrial distributors and project businesses worldwide. Technically, the site is built on WordPress with modern plugins and hosted behind Cloudflare CDN, but suffers from critical SSL/TLS misconfigurations that undermine secure communications. Security headers are partially implemented, but the lack of a valid SSL certificate and modern TLS protocols significantly lowers the security posture. Privacy compliance is generally good with a comprehensive privacy policy and terms of service, though no cookie consent mechanism is evident. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and maintain trust.

T

The Ritz London

theritzlondon.com

35

The Ritz London is a prestigious luxury 5-star hotel located in Mayfair, London, offering premium accommodation, Michelin starred dining, and exclusive services such as chauffeur and butler service. The website reflects a high level of professionalism with rich multimedia content and clear navigation, targeting affluent travelers seeking an iconic hospitality experience. Technically, the site is built on WordPress with WooCommerce and uses common libraries like jQuery and Owl Carousel, hosted behind Cloudflare. However, a critical security issue is the absence of a valid SSL certificate and HTTPS, which significantly impacts the security posture. Privacy and terms policies are present, but no cookie consent mechanism is detected. The business information is consistent and trustworthy, supported by WHOIS data and trust indicators such as the Royal Warrant and affiliation with The Leading Hotels of the World.

L

Ludwig Boltzmann Gesellschaft

rare-diseases.at

35

The Ludwig Boltzmann Institute for Rare and Undiagnosed Diseases (LBI-RUD) is a specialized Austrian research institute focused on investigating rare diseases, particularly those affecting the immune system, blood formation, and nervous system. The institute operated for seven years until March 2023, contributing valuable scientific insights and supporting patients through its research. The website serves as an informational platform targeting researchers, medical professionals, and affected patients, providing news, research areas, and organizational information. The business model is non-profit, funded by grants and public sources, and it operates under the Ludwig Boltzmann Gesellschaft umbrella. Technically, the website is built on WordPress and hosted on servers associated with domaindiscount24.net. While the site has a professional design with good navigation and mobile optimization, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support. This exposes visitors to potential risks and undermines trust. The site uses Matomo analytics for user tracking and includes a cookie consent banner, indicating some level of privacy compliance, though GDPR compliance is not fully evident. Security posture is weak due to missing HTTPS, lack of security headers, and outdated SSL/TLS configurations. No incident response or security policies are publicly disclosed. Contact information is clearly provided, including phone, address, and an obfuscated email address. Social media presence is active across major platforms, enhancing outreach and trust. Overall, the website is functional and informative but requires urgent security improvements to protect users and enhance credibility. Strategic recommendations include implementing HTTPS, improving security headers, and enhancing privacy compliance documentation.

V

VAMED WWH

vamed.com

37

VAMED WWH is a globally recognized provider of modern hospital solutions, specializing in turnkey projects that encompass design, construction, medical equipment supply, and operational support for healthcare facilities. The company has a strong international presence with a portfolio of approximately 1,000 projects across more than 98 countries, serving government health ministries and healthcare providers. The website reflects a professional and comprehensive presentation of their services and project achievements, targeting healthcare infrastructure stakeholders worldwide. Technically, the site is built on WordPress with Elementor and related plugins, offering good mobile optimization and accessibility but suffers from the critical absence of a valid SSL certificate, resulting in no HTTPS support. This significantly impacts the site's security posture and user trust. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the business credibility and content quality are high, but the lack of HTTPS is a major security concern that needs immediate remediation.

R

Regionalmedien Austria AG

regionalmedien.at

32

Regionalmedien Austria AG is a leading Austrian regional media company with a broad portfolio of digital and print products, including well-known brands such as MeinBezirk.at and BezirksBlätter. The company focuses on local and regional news coverage, serving communities across all Austrian states. Their business model centers on media publishing and advertising services, positioning themselves as innovation drivers in the regional media market. The website reflects a mature digital presence with professional design, structured data, and comprehensive content tailored to their target audience of regional readers and businesses. Technically, the site is built on WordPress with modern plugins like Yoast SEO and Cookiebot, but lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Security posture is basic with no advanced headers or incident response information. Privacy compliance is good, with clear privacy and cookie policies and consent mechanisms. Overall, the site is trustworthy and professional but requires urgent security improvements to meet modern standards.

D

delfortgroup AG

delfortgroup.com

40

delfortgroup AG is a mature, enterprise-level global manufacturer specializing in specialty and functional papers, serving industries such as packaging, tobacco, battery separators, and more. The company emphasizes sustainability and innovation, supported by a comprehensive digital presence including detailed product catalogs, sustainability reports, and career opportunities. Technically, the website is built on a modern WordPress CMS with Elementor and Yoast SEO, leveraging various JavaScript libraries and Google Tag Manager for analytics. However, the absence of a valid SSL certificate and lack of HTTPS enforcement represent critical security weaknesses. Security headers are present but insufficient without proper TLS configuration. The domain is well-established with consistent WHOIS data, supporting business legitimacy. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

R

redmail Logistik & Zustellservice GmbH

redmail.at

36

redmail Logistik & Zustellservice GmbH is an established Austrian media distribution and logistics service provider specializing in the delivery of print advertising such as flyers and brochures. The company operates multiple offices across Austria and offers an online booking platform for print and delivery services. Their market position is supported by recognized certifications and a professional web presence. Technically, the website is built on WordPress with common plugins and modern design elements, but suffers from a critical lack of HTTPS and proper SSL/TLS configuration, exposing users to security risks. Privacy policies and cookie consent mechanisms are in place, reflecting GDPR compliance. Overall, while the business is credible and well-presented, the security posture requires urgent improvement to protect customer data and maintain trust.

I

International Commission on Missing Persons

icmp.int

40

The International Commission on Missing Persons (ICMP) is a globally recognized non-profit organization dedicated to addressing the issue of missing persons resulting from conflicts, disasters, and other causes. The organization collaborates with governments, civil society, and international bodies to provide expertise, data systems, and forensic services. Their website reflects a mature digital presence with comprehensive content, multilingual support, and clear navigation tailored to a diverse audience including families of missing persons and governmental agencies. Technically, the site is built on WordPress with modern plugins and Cloudflare CDN protection, but it suffers from a critical lack of a valid SSL certificate and proper TLS configuration, which significantly impacts its security posture. Privacy compliance is well addressed with GDPR-aligned cookie and privacy policies. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent improvements in SSL/TLS security to protect user data and maintain credibility.

M

Mubea Carbo Tech GmbH

carbon.at

26

Mubea Carbo Tech GmbH is a medium-sized Austrian company specializing in the design, development, and manufacturing of fiber composite components primarily for the automotive, motorsport, aeronautics, and industrial sectors. As part of the global Mubea Group, it holds a leading market position as a pioneer in lightweight construction technology since its founding in 1993. The company offers full-service solutions from design to series production, targeting automotive manufacturers and other high-tech industries. The website reflects a professional and comprehensive digital presence with multilingual support and detailed business information. Technically, the site is built on WordPress with Elementor and includes modern web technologies, though performance is hampered by the lack of a valid SSL certificate and HTTPS support, which is a critical security concern. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. However, explicit security policies and incident response information are absent. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

MOTIONDATA VECTOR Gruppe is a well-established Austrian software and IT solutions provider specializing in Dealer Management Systems and related automotive industry services. With over 40 years of experience and a strong presence in the D-A-CH region and other European markets, the company offers a comprehensive portfolio including cloud-based DMS, sales management tools, web portfolios, mobile apps, and IT infrastructure services. The website reflects a mature digital presence with professional design, multilingual support, and clear navigation. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which undermines user trust and data security. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Social media integration and brand certifications further enhance credibility.

V

Vizrt

vizrt.com

40

Vizrt is a leading media technology company specializing in live broadcast and video storytelling solutions. Their website showcases a comprehensive portfolio of products and services designed to empower content creators across various sectors including broadcasting, sports, corporate, government, education, and house of worship. The company positions itself as a pioneer in real-time graphics, virtual sets, production automation, and cloud-based production workflows, reaching a global audience of over 4.5 billion people daily. Technically, the website is built on WordPress with modern frameworks and technologies such as Kadence Blocks, Gravity Forms, and Slider Revolution. It leverages Cloudflare for CDN and security, integrates Vimeo for video content, and uses advanced analytics and marketing tools like Google Tag Manager and Facebook Pixel. The site is well-optimized for SEO, accessibility, and mobile responsiveness, providing a professional and engaging user experience. From a security perspective, the site implements several important HTTP security headers and restricts permissions for sensitive APIs. However, the SSL certificate is currently invalid or missing, and TLS 1.2 or higher is not enabled, which are critical issues that reduce the overall security posture. Privacy compliance is strong with clear privacy and cookie policies, including consent mechanisms, aligning with GDPR requirements. Overall, Vizrt's website reflects a mature and professional digital presence with strong business credibility and technical implementation. Addressing the SSL and TLS issues would significantly enhance their security posture and trustworthiness. Strategic recommendations include updating SSL certificates, increasing HSTS duration, enabling modern TLS protocols, and maintaining rigorous security best practices.

S

Sekoia

sekoia.dk

33

Sekoia is a Danish healthcare software company providing a specialized app for care centers and social service providers to improve planning, documentation, and communication. The company is well-established with a mature domain and a clear market position supported by integrations with KMD Nexus and usage by multiple municipalities. The website is built on WordPress with modern marketing and analytics tools integrated, including consent management for GDPR compliance. However, the site currently lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability that undermines user trust and data protection. Privacy policies and cookie consent mechanisms are well implemented, and contact information is clearly presented. Overall, the business demonstrates good digital maturity but requires urgent security improvements to meet modern standards.

R

Rhubarb Tech Inc.

wprediscache.com

65

Object Cache Pro is a specialized technology company offering a premium Redis object cache backend plugin for WordPress. The company positions itself as a high-performance, reliable, and customizable solution with dedicated engineering support, targeting WordPress site owners and hosting providers. The website demonstrates strong branding, detailed product features, and endorsements from reputable partners, indicating a solid market presence in the WordPress caching niche. Technically, the site is built on WordPress 6.8.1, uses Cloudflare DNS, and integrates modern tools like Intercom and Google Analytics. However, the website suffers from a critical security misconfiguration with an invalid or missing SSL certificate, resulting in no HTTPS support despite HSTS being enabled. This significantly impacts the security posture and user trust. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or terms of service found. Contact information is not directly available, which may affect user confidence. Overall, the site is professional and content-rich but requires urgent security improvements to meet modern standards.

N

NORIN

norin.no

53

NORIN is a Norwegian research alliance comprising three prominent institutes: IFE, NIVA, and NILU. The alliance focuses on advancing research in energy, environment, climate, digitalization, and societal security. The website presents a professional and consistent brand image, targeting stakeholders in research, policy, and environmental sectors. Technically, the site is built on WordPress with Elementor and several plugins, hosted likely by ProISP. However, the site lacks a valid SSL certificate, resulting in HTTP-only access, which is a significant security concern. The cookie consent mechanism is implemented and appears GDPR compliant, but no privacy policy or terms of service are found, which may affect compliance and user trust. Security headers are missing, and performance is slow with a high load time and large page size. Overall, the site is functional and informative but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

N

Norsk institutt for luftforskning

nilu.no

54

NILU (Norsk institutt for luftforskning) is a well-established Norwegian non-profit research institute specializing in climate and environmental research. Founded in 1969, it holds a strong market position as an internationally leading institute in its field. The website reflects a professional and content-rich platform targeting researchers, policymakers, and environmental stakeholders. NILU offers a range of services including atmospheric research, urban air quality studies, environmental toxin analysis, and laboratory services. The organization is ISO 9001 and ISO 14001 certified, reinforcing its credibility and commitment to quality and environmental management. Technically, the website is built on WordPress with modern libraries such as jQuery, Bootstrap, and Select2, hosted behind Cloudflare. The site demonstrates good mobile optimization, accessibility, and SEO practices. However, performance metrics are unavailable, and some technical debt exists in the form of missing or invalid SSL/TLS configuration, which is a critical security concern. Security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, exposing users to potential risks. While security headers are present, the lack of HTTPS and HSTS reduces overall security. Privacy compliance is good with a comprehensive GDPR-compliant privacy policy, but the absence of a cookie consent mechanism is a gap. Contact information is complete and transparent, including email, phone, and physical addresses, alongside active social media channels. Overall, NILU's website is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern TLS protocols, and adding cookie consent mechanisms to enhance privacy compliance.

N

Nansensenteret

nersc.no

56

Nansensenteret (NERSC) is a Norwegian government-affiliated research center specializing in climate, ocean, sea ice, and atmospheric studies in the North Atlantic and Arctic regions. The website presents comprehensive information about ongoing research projects, publications, and organizational structure, targeting researchers, students, and stakeholders interested in climate and environmental sciences. The business model focuses on scientific research, data provision, and collaboration within the climate science community. Technically, the website is built on WordPress with modern plugins for SEO and multilingual support, delivering a moderate performance and good mobile optimization. However, the site lacks a valid SSL certificate, which critically impacts its security posture. The absence of HTTPS and security headers exposes the site to potential risks. Privacy compliance is weak due to missing privacy and cookie policies. Security evaluation reveals significant vulnerabilities, including invalid SSL, disabled TLS protocols, and missing security headers. These issues reduce trust and expose users to risks. The domain is mature and consistent with the organization's profile, enhancing business credibility despite technical shortcomings. Overall, the site is professionally designed with good content quality but requires urgent security improvements to protect users and comply with privacy regulations. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, implementing security headers, and publishing privacy and cookie policies.

C

Catholic Foundation of Southwest Iowa

catholicfoundationiowa.org

50

The Catholic Foundation of Southwest Iowa is a mature, regionally focused non-profit organization dedicated to faith-based investing and planned giving within the Diocese of Des Moines. The foundation supports individuals, parishes, schools, and Catholic organizations by managing endowment funds, distributing grants, and providing philanthropic resources. The website reflects a well-structured and content-rich platform with clear navigation and active social media engagement. However, the technical infrastructure shows gaps in security, notably the absence of a valid SSL certificate and HTTPS enforcement, which poses significant risks to user trust and data protection. The foundation uses a WordPress CMS with multiple plugins and integrates Google Analytics and Stripe for payments, indicating a moderate level of digital maturity. Despite the lack of explicit privacy and security policies, the organization demonstrates transparency through annual reports and board information. Overall, the site is functional and professional but requires urgent security improvements to align with best practices and regulatory expectations.

P

Programme AL-INVEST Verde

alinvest-verde.de

32

The AL-INVEST Verde website represents a European Union funded program aimed at fostering sustainable growth and job creation in Latin America through support for green innovation, public sector assistance, and intellectual property rights. The program operates across 12 countries and collaborates with multiple partner organizations, positioning itself as a key player in sustainable development initiatives in the region. Technically, the website is built on a modern WordPress stack with Elementor and several plugins supporting events, multilingual content, and user engagement. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS, which undermines user trust and data security. Privacy compliance is well addressed with comprehensive policies and consent mechanisms, reflecting adherence to GDPR standards. Overall, while the content and business positioning are strong, the security posture requires urgent improvement to safeguard users and enhance credibility.

P

Programme AL-INVEST Verde

alinvest-verde.eu

32

Programme AL-INVEST Verde is a European Union funded initiative aimed at fostering sustainable growth and job creation in Latin America by supporting the transition to a low-carbon, resource-efficient economy. The program operates across 12 Latin American countries, engaging both public and private sectors, with a focus on innovation, technical assistance, and intellectual property rights. The website serves as an information hub, providing news, events, and resources related to the program's activities. Technically, the site is built on WordPress with Elementor and several plugins for events and membership management. It integrates marketing and analytics tools such as Brevo and Matomo, and supports multilingual content. However, the site lacks a valid SSL certificate, which is a critical security vulnerability, exposing users to potential risks. Privacy and cookie policies are well implemented with GDPR compliance and consent mechanisms. Overall, while the content and business credibility are strong, the security posture requires urgent improvement to protect user data and enhance trust.

A

Akciju sabiedrība “Olpha”

olainfarm.com

67

Olpha is a well-established Latvian pharmaceutical company with over 50 years of experience and a strong regional presence across more than 60 markets. The company specializes in manufacturing a wide range of pharmaceutical products including active ingredients, finished dosage forms, and nutritional supplements. Their business model includes contract manufacturing and licensing, supported by a large team of specialists. The website reflects a mature digital presence with multilingual support, comprehensive accessibility features, and professional branding. Technically, the site is built on WordPress with modern plugins and integrates marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Security posture is solid with HTTPS and no critical vulnerabilities detected, though improvements in email security and SSL configurations are recommended. Overall, Olpha demonstrates a credible and professional online presence aligned with its business stature.

A

Akciju sabiedrība “Olpha”

olpha.lv

40

Olpha is a leading pharmaceutical manufacturer based in Latvia, serving over 60 markets with a broad portfolio of pharmaceutical products, active ingredients, and nutritional supplements. The company operates through multiple subsidiaries across Eastern Europe and Central Asia, emphasizing contract manufacturing and pharmaceutical co-development. Their website reflects a mature digital presence with multilingual support, professional design, and a strong focus on accessibility, ensuring compliance with WCAG 2.1 AA standards. Technically, the site is built on WordPress with modern plugins and tracking tools, although performance could be improved due to high resource count and page size. Security posture is adequate with HTTPS and modern TLS protocols, but lacks some advanced configurations such as HSTS, DNSSEC, and DMARC, which are recommended for enhanced protection. Privacy compliance is strong with clear policies and consent mechanisms. Overall, Olpha presents a trustworthy and professional online presence aligned with its business stature.

W

World Pilates Confederation

worldpilatesconfederation.com

40

The World Pilates Confederation is a European-based non-profit organization established in 2012, dedicated to promoting Pilates education and uniting Pilates practitioners worldwide. It is led by a respected Pilates expert and hosts prestigious events such as the International Pilates Heritage Congress. The website is built on WordPress with multiple plugins and page builders, offering resources, news, and educational content related to Pilates disciplines. However, the site lacks a valid SSL certificate, serving content over HTTP only, which poses security risks. No privacy or cookie policies are present, indicating compliance gaps. Contact information is available via email and contact forms, but phone numbers are not clearly provided. The technical infrastructure is moderately modern but suffers from performance and security weaknesses. Overall, the site is functional and informative but requires significant improvements in security and privacy compliance to enhance trust and protect users.

T

The Manta Resort

themantaresort.com

40

The Manta Resort is a small, niche luxury hospitality business located on Pemba Island, Tanzania, offering unique eco-luxury accommodations including the world's only Underwater Room. The website is professionally designed using WordPress and Elementor, providing rich content about rooms, activities, and the local environment. The technical infrastructure includes modern web technologies and caching mechanisms, but lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with some best practices like reCAPTCHA implemented, but missing essential HTTPS and modern TLS protocols. Privacy and cookie policies are present but basic, with no explicit security or incident response policies found. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

T

TIM San Marino S.p.A.

telecomitalia.sm

56

TIM San Marino S.p.A. is a telecommunications company operating in the Republic of San Marino, providing fiber internet, mobile, and fixed telephony services primarily targeting residential and business customers. The website presents a professional and well-structured digital presence, leveraging WordPress CMS and common web technologies to deliver content and service information effectively. The company maintains clear contact channels and legal compliance with privacy and cookie policies, reflecting a mature approach to customer engagement and regulatory adherence. However, the website's security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which undermines secure communications and user trust. Despite this, the presence of security headers and a vulnerability disclosure page indicates some level of security awareness. Overall, the site is functional and credible but requires urgent improvements in SSL/TLS configuration to enhance security and user confidence.

REO AG is a medium-sized German company specializing in the manufacturing and supply of innovative resistive and inductive electrical components, including transformers, reactors, and power controllers. The company targets industrial sectors such as energy, transportation, and medical technology, emphasizing sustainability and technological innovation. Their website is multilingual and professionally designed, supporting a global B2B audience. Technically, the website is built on WordPress with Elementor and several plugins for SEO and multilingual support, hosted on kasserver.com. However, the site lacks a valid SSL certificate and HTTPS support, representing a critical security vulnerability. While privacy and legal documents are linked, no cookie consent mechanism is present, which may affect GDPR compliance. Social media presence and clear contact information enhance business credibility. Overall, the site is functional and content-rich but requires urgent security improvements.

REO AG is a medium-sized German company specializing in the manufacturing and supply of electromagnetic components such as EMV components, chokes, transformers, and power control devices. The company positions itself as a global supplier with a strong emphasis on innovation and sustainability, targeting industrial and technological sectors. The website is built on WordPress with Elementor and includes multilingual support, reflecting a mature digital presence. However, the absence of a valid SSL certificate and HTTPS implementation is a critical security weakness that undermines user trust and data protection. Privacy policies and terms of service are present on the main corporate domain, indicating compliance awareness, though cookie consent mechanisms are lacking. Social media engagement and structured data usage enhance the company's online credibility. Overall, the site offers good content quality and user experience but requires urgent security improvements.

REO AG is a medium-sized German company specializing in the manufacture and supply of electromagnetic compatibility components, chokes, transformers, and resistors primarily for industrial and energy sectors. The company emphasizes innovation and sustainability in its product offerings and maintains a global presence with multiple language-specific websites. The website is built on WordPress using Elementor and Yoast SEO, indicating a modern CMS approach with SEO optimization. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the site's security posture. While contact information and legal pages are well presented, the lack of cookie consent mechanisms and security policies indicates partial privacy compliance. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

REO AG is a well-established German family-run company with a 100-year history specializing in the development and production of inductive, resistive, and electronic components for various industrial sectors including energy, transportation, and manufacturing. The company operates internationally with subsidiaries across Europe, North America, Asia, and the Middle East, maintaining production primarily in Germany with a focus on quality and innovation. Technically, the website is built on a modern WordPress CMS with Elementor and Yoast SEO, indicating a good level of digital maturity. However, the absence of a valid SSL certificate and HTTPS support is a critical security weakness that undermines user trust and data protection. The site lacks advanced security headers and cookie consent mechanisms, which are important for GDPR compliance and overall security posture. Business credibility is strong with clear contact information, social media presence, and detailed product and industry information. Strategic improvements in security and privacy compliance are recommended to enhance trust and protect user data.

H

Helló Sajtó! Üzleti Sajtószolgálat

hellosajto.hu

40

Helló Sajtó! Üzleti Sajtószolgálat is a Hungarian online media platform specializing in publishing and distributing business press releases. Established in 2022, it serves businesses, PR agencies, and institutions primarily in Hungary, offering services such as press release publication, distribution, and effectiveness measurement. The website is built on WordPress with Elementor and uses the Smart Mag theme, hosted on a server managed by Mediacenter.hu. The platform integrates Google Tag Manager and Google Ad Manager for analytics and advertising purposes. Despite a professional design and good content quality, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided, including email and phone. Social media presence is active on Facebook, LinkedIn, and Twitter. Overall, the website is functional and credible but requires urgent security improvements to protect user data and enhance trust.

B

Banca Agricola Commerciale

baclife.sm

39

Banca Agricola Commerciale (BAC) is a well-established financial institution based in San Marino, providing a broad range of banking, investment, and insurance services to both private individuals and businesses. The website reflects a mature and professional presence with comprehensive business information, news updates, and customer resources. The company operates subsidiaries such as BAC Life S.p.A. and BAC Investments, indicating a diversified financial services group. The target audience is primarily local customers in San Marino, with services tailored to their needs including online and mobile banking solutions. Technically, the website is built on WordPress with modern plugins like Yoast SEO and Cookiebot for compliance and marketing. It integrates Google Tag Manager and Google Maps API, showing a moderate level of digital maturity. However, performance metrics are missing, and some technical debt is evident, especially in the SSL/TLS configuration. From a security perspective, the site lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability exposing users to potential data interception. While some security headers are present, the absence of HTTPS and DNSSEC reduces the overall security posture significantly. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is credible and professional but requires urgent improvements in SSL/TLS security to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, and enhancing DNS and domain protections.

REO AG is a well-established German family-owned manufacturing company specializing in inductive, resistive, and electronic components with a history dating back to 1925. The company operates internationally with subsidiaries across Europe, North America, Asia, and the Middle East, serving diverse industrial sectors including transportation, energy, medical technology, and defense. Their business model focuses on B2B supply of customized and standard components, emphasizing innovation, quality, and sustainability. Technically, the website is built on WordPress with modern plugins and SEO tools, offering a professional and content-rich user experience. However, the absence of a valid SSL certificate and HTTPS support is a significant security shortfall, exposing the site to risks and reducing trust. Privacy policies are comprehensive and GDPR compliant, but cookie consent mechanisms are missing. Overall, the company demonstrates strong business credibility but needs urgent improvements in security infrastructure to align with best practices.

M

Migastone International Srl

mobileacademy.club

36

Mobileacademy.club is a website promoting a free online workshop called Mobile Marketing Expert - AI Edition, focused on teaching app creation combined with artificial intelligence using no-code technology. The business is led by Oscar Dalvit, CEO of Migastone International Srl, a recognized leader in the Italian app development market. The website content is professionally presented with good branding and clear target audience focus on technology enthusiasts and entrepreneurs. Technically, the site is built on WordPress with Elementor and uses various marketing and tracking tools such as Kartra, Facebook Pixel, TikTok Pixel, and Google Tag Manager. However, the site suffers from critical security issues including an invalid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture and trustworthiness. Privacy and cookie policies are present and implemented via iubenda, indicating some level of GDPR compliance. The domain's DNS configuration is incomplete or misconfigured, lacking A and MX records, which raises concerns about domain management and legitimacy. Overall, the site presents a good business proposition but requires urgent technical and security improvements to enhance trust and compliance.

C

Colorificio Sammarinese SpA

samoline.com

34

Colorificio Sammarinese SpA operates the Samoline brand, specializing in manufacturing high-performance safety paints for motorsports racetracks globally. The company holds key certifications such as FIA, FIM, and ISO 9001:2015, positioning itself as a trusted supplier in the niche market of racetrack safety and marking paints. Their product portfolio includes antislip paints, low impact paints, and specialized marking solutions for starting grids and access points, targeting racetrack operators and motorsport event organizers. The website is professionally designed with good content quality and consistent branding, supporting their market position. Technically, the website runs on a modern WordPress CMS with popular plugins like Yoast SEO and Revolution Slider, hosted on SiteGround. While the site is mobile-optimized and SEO-friendly, performance is slow and accessibility is basic. Importantly, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. Security headers are minimal, and domain registration shows a high expiry risk with no domain protection locks enabled. From a security perspective, the absence of HTTPS and HSTS, combined with missing DNSSEC and CAA records, exposes the site to potential risks. However, GDPR compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is clearly provided, including a contact form with explicit consent. Overall, the site demonstrates moderate security maturity but requires urgent improvements in SSL configuration and domain management to reduce risk. Strategically, the company should prioritize securing their domain and implementing HTTPS to protect user data and enhance trust. Enhancing security headers and publishing incident response information would further strengthen their security posture. The website effectively supports their business goals but can benefit from performance optimization and accessibility improvements to enhance user experience and compliance.

F

Fondazione Unicampus San Pellegrino

ssmlitalia.it

36

Fondazione Unicampus San Pellegrino is an educational and research institution accredited by the Italian Ministry of University and Research (MUR), specializing in linguistic mediation, translation, and intercultural communication. The foundation operates multiple campuses in Italy and offers a range of academic programs including bachelor's degrees, master's degrees, executive masters, and certification courses. The website reflects a well-structured and professionally designed platform targeting students and professionals in the linguistic and translation fields. Technically, the site is built on WordPress with modern plugins and LMS integration, but it lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the business credibility is strong, but the security posture requires urgent improvement to protect user data and enhance trust.

A

ACT Alliance

actalliance.org

39

ACT Alliance is a large, global non-profit coalition comprising 152 members operating in 127 countries, focused on humanitarian aid, climate justice, gender justice, migration, peace, and advocacy. The website reflects a well-structured organization with clear thematic areas and a broad international presence. Technically, the site is built on WordPress with modern frameworks such as Bootstrap and uses various JavaScript libraries for UI and mapping functionalities. However, the security posture is weak due to the absence of a valid SSL certificate and lack of essential security headers, which exposes users to risks and undermines trust. Privacy compliance is partially met with a comprehensive privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and credible but requires urgent security improvements to protect user data and enhance trust.

J

JobForward

jobforward.org

54

JobForward is a workforce development organization formed in 2025 by the merger of the Institute for American Apprenticeships and Training Funding Partners. It provides consulting, apprenticeship program design, grant writing, and workforce planning services targeting employers, workforce boards, educators, and job seekers. The organization manages significant workforce funding and operates nationally with a focus on registered apprenticeship programs and workforce solutions. Technically, the website is built on WordPress with modern plugins and Google Tag Manager for analytics, hosted likely on GoDaddy with Cloudflare CDN. However, the site lacks a valid SSL certificate and proper HTTPS configuration, which is a critical security concern. Privacy compliance is partial with a privacy policy present but no cookie policy or terms of service. Contact information is clearly provided including phone numbers, physical addresses, and a contact form. Social media presence on LinkedIn and Facebook supports business credibility. WHOIS data aligns well with the business claims, showing a consistent and legitimate registration. Overall, the website is professional and functional but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

O

Olaf Schmidt Coaching

olafschmidt.de

23

Olaf Schmidt Coaching is a small German-based business specializing in LinkedIn lead generation coaching, targeting self-employed professionals and companies, particularly in marketing and sales. The website presents a professional coaching service with clear offerings including personalized LinkedIn strategies, workshops, and weekly support. Technically, the site is built on WordPress with Elementor and uses common web technologies such as Apache and PHP. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. The presence of LinkedIn Insight tracking and Calendly integration indicates a moderate level of digital maturity but also raises privacy considerations. Security posture is weak due to missing HTTPS and security headers, and privacy compliance is basic with only a privacy policy found but no cookie consent mechanism. Overall, the site is functional and professionally presented but requires urgent security improvements to protect user data and improve trust.

S

Sgplus

sgplus.it

19

SG Plus is an Italian-based consultancy specializing in sports marketing and related services, with over 20 years of experience engaging various stakeholders including companies, public entities, and sports institutions. The website presents a professional image with clear descriptions of services such as marketing, event management, corporate social responsibility, and educational projects. Technically, the site is built on WordPress with modern plugins like Elementor and Jet, but lacks HTTPS, which significantly impacts security posture. The absence of SSL/TLS and security headers exposes the site to risks and lowers trustworthiness. Privacy compliance is addressed with a cookie consent mechanism and a privacy policy, reflecting GDPR awareness. Overall, the site is functional and informative but requires urgent security improvements to protect users and enhance credibility.

MRS is a French company specializing in corporate restaurant and employee catering services, operating multiple regional offices across France. The website currently displays a maintenance page indicating a site redesign to improve user experience. The business is established with a domain age of 26 years and a consistent registration history. Technically, the site runs on WordPress with Elementor and Yoast SEO plugins hosted on OVHcloud, but lacks HTTPS, which is a critical security deficiency. The security posture is weak due to absence of SSL/TLS, security headers, and privacy policies. Contact information and social media presence are available, but no forms or advanced privacy compliance mechanisms are implemented. Overall, the site is functional but requires significant improvements in security and privacy compliance to meet modern standards.

D

Dauphin Telecom

dauphintelecom.fr

26

Dauphin Telecom is a regional telecommunications provider serving the French Antilles, including Saint Martin and Saint Barthélemy. The company offers a comprehensive range of services including mobile plans (unlimited, blocked, prepaid), fiber internet, TV packages, and bundled offers. With over 26 years of market presence and multiple local agencies, Dauphin Telecom holds a strong position in its regional market. The website reflects a professional and well-branded digital presence, targeting both residential and business customers in the region. Technically, the website is built on WordPress with Elementor and various Jet plugins, indicating a modern CMS-based infrastructure. However, performance metrics suggest slow loading times, and there is no SSL/TLS certificate installed, which is a significant security concern. The site is mobile-optimized and includes SEO best practices, but accessibility features are basic. From a security perspective, the absence of HTTPS and modern TLS protocols severely impacts the security posture, exposing users to potential risks. Some security headers are present, but critical improvements are needed. Privacy compliance is well addressed with a clear privacy policy, cookie consent mechanism, and GDPR adherence. Contact information is clearly provided, enhancing business credibility. Overall, while the business and content quality are strong, the lack of HTTPS is a critical issue that must be addressed immediately to protect users and improve trust. Strategic recommendations include implementing SSL, enhancing security configurations, and maintaining compliance documentation.

H

H.J. Opdyke Lumber Company

opdyke.com

40

H.J. Opdyke Lumber Company is a well-established regional supplier of lumber and building materials, servicing residential and multifamily properties since 1955. The company offers a broad range of products and design services including kitchens, baths, decking, doors, windows, and closets, targeting contractors, builders, and homeowners primarily in New Jersey, Pennsylvania, and New York. Their market position is solid with multiple physical locations and a medium-sized business footprint. Technically, the website is built on WordPress with modern plugins and accessibility features, but lacks a valid SSL certificate, which is a critical security shortfall. The site uses Sucuri Cloudproxy for WAF protection, Google Analytics and Tag Manager for tracking, and hCaptcha for form security. Privacy and cookie policies are present and GDPR compliant, but no terms of service or security policies are found. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and improve trust.

T

TIM San Marino S.p.A.

tim.sm

31

TIM San Marino S.p.A. operates as a telecommunications provider in the Republic of San Marino, offering a range of services including fiber internet, mobile telephony, fixed telephony, and digital TV. The website targets residential and business customers within San Marino, positioning itself as a leading local telecom operator. The business model focuses on providing bundled telecom services and devices, supported by a professional online presence with clear service offerings and customer support channels. Technically, the website is built on WordPress 6.8.1, utilizing common libraries such as jQuery and Owl Carousel for UI components. SEO is enhanced via the Yoast SEO plugin, and the site includes structured data for improved search engine understanding. However, performance is suboptimal with a slow page load time of over 7 seconds, and accessibility features are basic. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. No modern TLS protocols or security headers are enabled, exposing users to potential risks. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Overall, while the business and content aspects are strong and trustworthy, the security posture is weak and requires urgent remediation to protect user data and maintain trust. Strategic improvements in SSL deployment, security headers, and performance optimization are recommended to elevate the site's security and technical maturity.

Aeffe Spa is an established Italian luxury goods group specializing in the production and distribution of high-end fashion products including ready-to-wear, footwear, leather goods, lingerie, and beachwear. The company operates internationally with proprietary brands such as Alberta Ferretti, Moschino, Pollini, and Philosophy di Lorenzo Serafini, positioning itself as a significant player in the luxury retail sector. The website reflects a professional corporate presence with comprehensive investor relations and governance information, targeting investors, partners, and luxury consumers. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates multiple third-party services including Google Tag Manager and Google Analytics for analytics and marketing. Multilingual support is provided via WPML, enhancing accessibility for international audiences. However, the website suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS, which impacts its security posture and user trust. Security-wise, while no critical vulnerabilities or exposed sensitive data were detected, the lack of HTTPS and modern TLS protocols, absence of HSTS, and missing DMARC records represent significant risks. The site employs basic security headers but could benefit from enhanced configurations. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism, aligning with GDPR requirements. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern TLS protocols, and improving security headers and email authentication mechanisms.