Security Directory

I

iEarth

iearth.no

40

iEarth is a Norwegian educational center focused on integrated earth science education, fostering innovative and student-centered learning environments. It collaborates with major Norwegian universities and research centers to provide educational resources, events, and research support for future earth scientists. The website reflects a well-structured and professionally branded platform targeting students and educators in the geosciences sector. Technically, the site is built on Webflow with modern technologies including jQuery, Google Analytics, and Weglot for multilingual support. Performance is moderate with some room for optimization. Security posture is basic with HTTPS enabled but lacking advanced features such as HSTS and OCSP stapling, and the SSL certificate is close to expiry. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the domain registration is consistent and mature, supporting the legitimacy of the site.

A

ASDASD srl

fibersurf.it

34

FiberSurf is a small regional Italian ISP specializing in FTTH fiber optic internet services, offering multiple subscription plans with unlimited data and telephone services. The company targets residential and small business customers primarily in the Veneto region. The website provides comprehensive service details, customer testimonials, and contact information, reflecting a professional and customer-focused business model. Technically, the site uses common web technologies such as Bootstrap, jQuery, and tracking tools like Google Analytics and Facebook Pixel, but suffers from slow load times and lacks modern security configurations. Critically, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture and user trust. Privacy and cookie policies are present and appear GDPR compliant, though no explicit security or incident response policies are found. Overall, FiberSurf presents as a legitimate, small ISP with room for technical and security improvements.

A

ASDASD srl

popwifi.it

38

PopWiFi is a small Italian telecommunications company specializing in wireless internet connectivity and fiber optic services targeted at residential and business customers in select provinces of Italy. The company offers various internet plans with promotional pricing and includes VoIP telephone services as an experimental feature. The website demonstrates a consistent brand presence with customer testimonials and active social media links. Technically, the site uses a modern front-end stack including Bootstrap and jQuery, but suffers from slow load times and lacks a valid SSL certificate, exposing users to security risks. Privacy and cookie policies are present and appear GDPR compliant, though no explicit consent mechanism is implemented. Overall, the business appears legitimate and regionally focused, but the lack of HTTPS and security headers significantly impacts its security posture.

P

Pontifical North American College

pnac.org

37

The Pontifical North American College is a well-established non-profit educational institution focused on priestly formation and continuing theological education in Rome. The website reflects a mature organization with a clear mission and target audience of American seminarians and priests. The institution maintains a professional online presence with consistent branding and active social media channels. Technically, the website is built on WordPress with common plugins and frameworks such as Bootstrap and WooCommerce, hosted on Amazon AWS infrastructure. However, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts its security posture. No privacy or cookie policies are present, indicating gaps in compliance with modern privacy standards. Security headers and advanced protections are absent, increasing risk exposure. Overall, while the business credibility and content quality are good, the security and privacy compliance require urgent improvements to protect users and enhance trust.

S

SUPER

super-web.es

17

SUPER is a small Spanish technology company specializing in virtual and digital ecosystem solutions targeted at European markets. Their website offers multilingual content and services including virtual expert consultations and technology-related blog posts. The technical infrastructure is based on WordPress with common plugins such as WooCommerce and LayerSlider, supported by Apache server technology. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Privacy and cookie policies exist but lack advanced compliance features such as consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional but requires urgent security improvements to protect user data and build trust.

A

Abt Global

abtassociates.com

40

Abt Global is a well-established international consulting and social impact organization with over 60 years of history and a large workforce. The company focuses on leveraging data, innovation, and expertise across multiple sectors including health, environment, governance, and economic growth to improve lives worldwide. Their business model centers on providing consulting, technical assistance, and digital solutions to governments, organizations, and communities. The website reflects a professional and comprehensive digital presence with strong branding and relevant content targeting global development stakeholders. Technically, the website is built on Drupal 10 and uses modern JavaScript libraries and marketing/analytics tools such as Google Tag Manager, Google Analytics, LinkedIn Insight Tag, and HubSpot. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support. Mobile optimization and SEO are good, but accessibility is basic. The hosting appears to be via Fastly CDN. From a security perspective, the absence of a valid SSL certificate and HTTPS is a critical vulnerability, severely impacting the security posture. No security headers or advanced TLS configurations are present, and no incident response or security policies are published. Cookie consent mechanisms are implemented, indicating GDPR awareness, but no terms of service or vulnerability disclosure pages are found. Overall, the security maturity is low and requires urgent improvements. The overall risk assessment highlights the critical need for SSL/TLS implementation to protect user data and improve trust. Strategic recommendations include securing the site with HTTPS, enabling security headers, optimizing performance, and publishing clear security and incident response policies. The business credibility and content quality are strong, but technical and security shortcomings reduce the overall trust score.

S

Scholas Occurrentes

scholasoccurrentes.org

39

Scholas Occurrentes is an international non-profit organization founded in 2013 by Pope Francisco, focused on transforming education and promoting social inclusion through various programs involving youth, educators, and institutions worldwide. The organization operates globally with a presence in 70 countries and over 2.5 million participants, leveraging donations and volunteer support to sustain its initiatives. The website reflects a well-structured digital presence with multilingual support and integration of donation platforms, social media, and analytics tools. However, the technical infrastructure shows critical security gaps, notably the absence of a valid SSL certificate and HTTPS, lack of security headers, and no cookie consent mechanism despite active tracking. These issues expose the site to risks and reduce user trust. The domain registration is mature and privacy-protected, consistent with the organization's profile, but obscures registrant details. Strategic improvements in security posture and privacy compliance are essential to enhance trust and protect user data.

A

Almirall, S.A.

almirall.com

40

Almirall, S.A. is a well-established pharmaceutical company focused on research and development of medicines for patients worldwide. The company has a mature online presence with a domain age of 25 years and a comprehensive website targeting patients, healthcare professionals, investors, and media professionals. The website provides extensive information about the company's purpose, expertise, sustainability efforts, and corporate governance, reflecting a strong business model and market position in the healthcare sector. Technically, the website is built on the Liferay CMS platform, hosted on Azure DNS, and utilizes modern JavaScript libraries and analytics tools such as Google Analytics, Google Tag Manager, New Relic, and OneTrust for cookie consent management. Accessibility features are implemented via EqualWeb, enhancing usability for diverse users. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL/TLS configuration to ensure secure communications.

O

Ospedale Pediatrico Bambino Gesù

ospedalebambinogesu.it

36

Ospedale Pediatrico Bambino Gesù is a leading pediatric hospital and research center in Europe, providing specialized healthcare services for children and adolescents primarily in Italy but also internationally. The website serves as a comprehensive portal offering information about the hospital, research projects, patient services including online appointment booking, and donation opportunities. The institution is well-positioned in the healthcare sector with strong trust indicators such as certifications and a professional digital presence. Technically, the website employs modern web technologies including Bootstrap, jQuery, Handlebars.js, and integrates Google Analytics and Tag Manager for tracking and marketing. Hosting is via Amazon CloudFront CDN, and authentication services use Amazon Cognito. However, the site currently lacks a valid SSL certificate and HTTPS support, which is a critical security gap. Cookie consent is managed through Cookiebot, indicating compliance with GDPR requirements. From a security perspective, the absence of HTTPS and related security headers significantly lowers the security posture. No incident response or vulnerability disclosure information is published. DNS security features like DNSSEC and DMARC are missing. Despite these issues, the site does not show signs of active vulnerabilities or malicious content. Overall, the website is professionally designed and content-rich but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include deploying a valid SSL certificate, enabling HSTS, implementing DNS security records, and publishing security policies and incident response contacts.

P

Permanent Court of Arbitration

pca-cpa.org

34

The Permanent Court of Arbitration (PCA) operates as an intergovernmental organization providing international arbitration and dispute resolution services. The website serves as a multilingual portal offering access to the PCA's resources and information primarily targeting governments, legal professionals, and international organizations. The business model is focused on facilitating arbitration services with a recognized market position in the international legal domain. Technically, the website is built on WordPress and hosted behind Cloudflare, utilizing Google Fonts and analytics services such as Google Analytics and Cloudflare Insights. However, the site suffers from significant performance issues with a very slow load time and only basic mobile optimization. The technical implementation lacks modern security protocols and optimizations. From a security perspective, the website is critically deficient due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential data interception risks. No security headers or advanced configurations are present, and privacy compliance is minimal with no visible privacy or cookie policies. Tracking scripts are used without consent mechanisms, raising privacy concerns. Overall, the website presents a moderate business credibility but is hampered by poor security posture and technical performance. Strategic improvements in security, privacy compliance, and technical optimization are essential to enhance trust and operational resilience.

imation.com represents a technology-focused business specializing in storage solutions, positioning itself as a global leader in the storage industry with a focus on SSD products. The website primarily targets Korean-speaking users with language-based redirection to Korean subdomains, indicating a regional focus within a global market. The business model appears to be product and solution sales in the technology sector, with moderate company size inferred from the domain and content. The website content is minimal and primarily serves as a redirect hub rather than a full informational site. From a technical perspective, the site is hosted on an Apache server running an outdated PHP version 5.4.16, which poses security risks. The hosting IP suggests Amazon AWS infrastructure. The site lacks HTTPS support due to an invalid SSL certificate, which severely impacts security posture and user trust. Google Analytics is implemented for user tracking, but no privacy or cookie policies are present, indicating poor privacy compliance. Performance data is unavailable, but the minimal content and redirection scripts suggest slow or moderate loading times. Security evaluation reveals critical vulnerabilities including the absence of HTTPS, no HSTS, no DNSSEC, and no security headers beyond basic server headers. The lack of a valid SSL certificate and use of outdated PHP version expose the site to potential attacks. No incident response or security policies are publicly disclosed, and no contact information is provided for security or abuse reporting. These factors contribute to a low security score and overall risk to users and business reputation. Overall, the site exhibits significant gaps in security and privacy compliance, with minimal content and poor user experience. Strategic recommendations include immediate implementation of a valid SSL certificate, upgrading server software, publishing privacy and cookie policies, and enhancing security headers and DNS configurations to improve trust and compliance.

DNS Spy is a specialized technology company offering DNS monitoring, alerting, and backup services primarily targeting organizations and individuals responsible for DNS management. The company provides a SaaS platform that enables users to monitor DNS changes, receive alerts, validate DNS configurations, and maintain DNS backups with advanced features such as AXFR zone transfer support. The website content is professionally presented with clear navigation and relevant information about the services offered. The technical infrastructure leverages modern frontend technologies including Bootstrap, Font Awesome, jQuery, and Laravel Livewire, hosted behind Cloudflare with domain registration via Amazon Registrar. However, the website currently lacks a valid SSL/TLS certificate and does not enforce HTTPS, which is a critical security vulnerability. Additionally, security headers and advanced TLS features are missing, reducing the overall security posture. Privacy compliance is partial, with a privacy policy present but no cookie policy or consent mechanism detected. Contact information is available via email and contact forms, supporting user engagement. The domain registration is mature and consistent with the business, enhancing trustworthiness. Overall, DNS Spy demonstrates a solid business and technical foundation but requires urgent improvements in security practices to protect users and data effectively.

C

CSS Tip: Learn CSS the easy way

css-tip.com

52

CSS Tip is a small, niche educational website focused on providing daily CSS tips and tricks to web developers. The site targets front-end developers seeking to improve their CSS skills and stay updated with modern web features. The business model relies primarily on content publishing supported by advertising revenue from networks such as BuySellAds and Carbon Ads. The site demonstrates good content quality, consistent branding, and clear navigation, making it a useful resource within its niche. Technically, the website is built using the Eleventy static site generator and hosted on OVH infrastructure. It integrates common web technologies including JavaScript, Google Analytics, and advertising scripts. While the site is mobile optimized and accessible, it suffers from slow load times and lacks a valid SSL/TLS certificate, which impacts security and user trust. From a security perspective, the site has significant weaknesses including no HTTPS, absence of security headers, no DNSSEC, and no privacy or cookie policies. These gaps expose the site and its users to potential risks and reduce compliance with privacy regulations such as GDPR. No contact or incident response information is provided, limiting transparency and trust. Overall, CSS Tip is a functional and content-rich site with moderate professionalism but critical security and privacy shortcomings. Addressing SSL configuration, implementing privacy policies, and improving security headers would substantially enhance its security posture and user trust.

G

Goodness, Inc.

goodness.inc

60

Goodness, Inc. is a user-first digital commerce partner specializing in helping direct-to-consumer (DTC) brands thrive in the digital economy. The company offers a comprehensive suite of services including DTC strategy, design, technology, and marketing activation, serving notable clients such as OREO, CLIF, and Papa & Barkley. Their market position is that of a specialized, boutique agency with a strong focus on delivering best-in-class digital experiences for modern brands. The business is US-based, relatively new (established in 2023), and operates with a small but professional team. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, leveraging Cloudflare for DNS and DigitalOcean for media hosting. The site integrates multiple marketing and analytics tools including Google Analytics, Google Tag Manager, HubSpot, and social media pixels. However, the site suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Mobile optimization and accessibility are good, and SEO practices are well implemented. From a security perspective, the absence of a valid SSL certificate and disabled TLS protocols significantly weaken the site's security posture. While some security headers like HSTS and SPF are present, the lack of HTTPS and modern TLS support are critical vulnerabilities. The site does not implement a cookie consent mechanism, and its DMARC policy is set to 'none', indicating limited email protection. No explicit security policies or incident response contacts are found. Overall, the website presents a professional and trustworthy business with excellent content and branding but requires urgent security improvements to protect user data and enhance trust. The domain registration details are consistent and transparent, supporting the legitimacy of the business. Strategic recommendations include obtaining a valid SSL certificate, enabling modern TLS protocols, implementing cookie consent, and enhancing email security policies.

G

Goodness, Inc.

bkwld.com

55

Goodness, Inc. is a well-established digital commerce agency specializing in user-first design and technology solutions for direct-to-consumer (DTC) brands. With over 20 years of domain maturity and a portfolio featuring prominent clients such as OREO, CLIF, and Papa & Barkley, the company positions itself as a strategic partner for modern brands seeking to thrive in the digital economy. Their services encompass DTC strategy, design, technology, and multi-brand website development, reflecting a comprehensive approach to digital commerce. Technically, the website leverages modern frameworks like Nuxt.js and Vue.js, supported by robust analytics and marketing tools including Google Analytics, HubSpot, and LinkedIn Insight. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Performance metrics indicate a slow loading time and large page size, suggesting opportunities for optimization. From a security perspective, the presence of SPF and DMARC records with a strict reject policy demonstrates good email security practices. Yet, the lack of TLS protocols, HSTS, and OCSP stapling, combined with no certificate transparency compliance, exposes the site to potential risks. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, Goodness, Inc. presents a credible and professional digital presence with excellent content quality and business credibility. The primary risk lies in its SSL/TLS configuration, which should be addressed promptly to enhance trust and security. Strategic recommendations include implementing a valid SSL certificate, enabling modern TLS protocols, and optimizing site performance to align with its high-quality brand image.

Y

Y Combinator

workatastartup.com

54

Work at a Startup is a specialized job platform operated by Y Combinator, designed to connect job seekers with startup opportunities at YC-backed companies. The platform leverages Y Combinator's strong brand and network to provide a curated job marketplace focused on engineering, product, design, and remote roles. The website offers a single-profile application system, event listings, and testimonials to enhance user trust and engagement. Technically, the site uses modern JavaScript frameworks such as React and integrates third-party services like Google Analytics and Algolia for search functionality. Hosting is provided via AWS infrastructure, ensuring scalability. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. The site lacks security headers and cookie consent mechanisms, indicating room for improvement in privacy compliance. Overall, the business credibility is strong given the association with Y Combinator, but the security posture requires urgent attention to protect user data and maintain trust.

D

Dial 9 Communications Limited

dial9.co.uk

54

Dial 9 Communications Limited is a UK-based telecommunications company specializing in VoIP telephone services tailored for businesses of all sizes, including home offices, traditional offices, and mobile workers. The company offers a range of services such as business phone systems, call forwarding, SIP trunks, and VoIP hardware sales. With a domain age of 13 years and a mature online presence, Dial 9 positions itself as a reliable and flexible VoIP provider supported by a UK-based customer service team. The website content is professional, well-structured, and targets business customers seeking affordable and dependable communication solutions. The company is partnered with Krystal Hosting Ltd, which also acts as its registrar and hosting provider, reinforcing its UK business identity.

S

Superwall

superwall.com

59

Superwall is a technology company specializing in providing a SaaS platform that enables app developers and businesses to quickly build, test, and deploy paywalls without the need for shipping app updates. The platform supports A/B testing, remote control of paywall triggers, and offers a rich set of templates and analytics to optimize monetization strategies. The company is positioned as a trusted solution with backing from notable investors and a strong customer base. Technically, the website is built using modern frameworks such as Next.js and React, with integrations for analytics and marketing tools like Google Analytics, Google Tag Manager, Twitter Ads, and Koala SDK. However, the website suffers from a critical security issue due to the lack of a valid SSL certificate and HTTPS configuration, which significantly impacts its security posture. Privacy policies and terms of service are present and comprehensive, but no cookie consent mechanism is detected. Overall, the website demonstrates strong business credibility and professional design but requires urgent security improvements to protect user data and maintain trust.

V

VeraSafe, LLC

verasafe.com

61

VeraSafe, LLC is a mature and reputable company specializing in data protection, privacy compliance, and cybersecurity services. Operating since 2011, it offers a broad range of services including GDPR consulting, Data Protection Officer programs, data breach response, and privacy training. The company targets organizations requiring expert guidance to navigate complex privacy laws globally, positioning itself as a leader in the privacy and cybersecurity consulting market. Technically, the website is built on WordPress with integrations of HubSpot for marketing and analytics, and Cloudflare for DNS and CDN services. While the site is well-designed, mobile-optimized, and SEO-friendly, it suffers from a critical security shortfall due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is strong, with comprehensive privacy and cookie policies and a robust cookie consent mechanism. Business credibility is high, supported by certifications and clear contact information. Overall, VeraSafe presents a professional and trustworthy digital presence but must urgently address its SSL/TLS configuration to ensure secure communications and maintain trust.

M

Maksekeskus AS

makecommerce.net

47

MakeCommerce is a leading payment solutions provider focused on the Baltic e-commerce market, serving over 6,000 merchants with a comprehensive suite of payment and delivery integration services. The company offers a broad range of payment methods including bank payments, card payments, buy now pay later options, and POS terminals, positioning itself as a key player in the regional e-commerce ecosystem. The website reflects a mature digital presence with professional design, multilingual support, and developer resources facilitating integration with popular e-commerce platforms. However, the absence of a valid SSL certificate and HTTPS support represents a critical security vulnerability that undermines user trust and data protection. While privacy compliance is well addressed through cookie consent mechanisms and a comprehensive privacy policy, the technical security posture requires urgent improvement. Overall, the business appears legitimate and well-established, but the security shortcomings pose a significant risk that should be remediated promptly.

F

Flirtic Llc

face.lv

40

Face.lv is a Latvian language social networking platform operated by Flirtic Llc, based in Estonia. The platform focuses on photo rating and social interaction, boasting a large user base exceeding 687,000 users and over 1.2 million images. It offers features such as user profiles, messaging, photo rating, horoscopes, and quizzes, targeting social network users interested in interactive photo-based engagement. The business model centers on user-generated content and social connectivity within a regional market. Technically, the website employs common web technologies including Bootstrap, jQuery, Google Analytics, Facebook SDK, and third-party marketing tools. Hosting is provided by ratesolutions.eu, and payment processing is handled by Maksekeskus, a trusted partner. Performance is moderate with a page load time of approximately 5 seconds and a page size of about 577 KB. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no modern TLS protocols enabled. Privacy compliance is partial with a privacy policy and terms of service present but no cookie consent mechanism despite active tracking scripts. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

C

Cryptex

cryptex.com

58

Cryptex is a cryptocurrency exchange platform offering secure and user-friendly services for buying, selling, and exchanging popular cryptocurrencies such as Bitcoin, Ethereum, and Ripple. The platform targets both beginners and professional traders, providing an intuitive interface and immediate account funding options. The website demonstrates a consistent branding approach and basic content quality, though it lacks comprehensive privacy and cookie policies. Technically, the site is built on modern technologies like React and uses Google Analytics for tracking, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The absence of essential security headers and incomplete privacy compliance further impact its security posture. Overall, while the business model and market positioning are clear, the platform requires significant improvements in security and privacy to enhance trust and compliance.

J

Joomla Foundation, Inc.

joomlafoundation.org

64

Joomla Foundation, Inc. is a small nonprofit organization focused on providing web technology education to underserved groups including colleges, vocational programs, and prisoners. Their mission centers on online instruction and developing educational resources to support remote learning. The website is built on Joomla CMS and uses common web technologies such as jQuery, Bootstrap, and Google Analytics. While the site content is clear and professionally presented, technical infrastructure shows moderate performance and basic mobile optimization. Security posture is weak due to lack of a valid SSL certificate and missing modern TLS protocols, which exposes users to risks and undermines trust. Privacy compliance is minimal with no visible privacy or cookie policies, and no contact information is provided, limiting transparency. WHOIS data indicates domain privacy protection consistent with nonprofit usage and a mature domain age aligned with the organization's founding date. Overall, the site is functional and informative but requires significant improvements in security and privacy compliance to enhance trust and protect users.

F

Fincom Teh Ltd.

digiseller.com

57

Digiseller is an e-commerce platform specializing in the sale of digital goods such as video games, activation codes, files, and ebooks. The platform targets digital goods sellers and buyers, offering a marketplace with multiple payment options, an affiliate program, and automation tools for sellers. The business operates under Fincom Teh Ltd., based in Bulgaria, and is powered by Sellane Limited. The website presents a professional design with good content relevance and user experience, supported by a moderate-sized user base and partner ecosystem.

E

EUROsociAL

eurosocial.eu

32

EUROsociAL is a European Union program dedicated to promoting social cohesion in Latin America through technical assistance, policy design, and knowledge management. The website serves as a comprehensive portal offering news, seminars, reports, and resources targeted at government agencies and social organizations across 19 Latin American countries. The program has a strong market position with over 15 years of operation and is supported by reputable international partners. Technically, the site is built on WordPress with a variety of plugins and integrations, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, lack of modern TLS support, and minimal security headers. Privacy compliance is basic with presence of privacy and cookie policies but no explicit consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

A

ANOLF - Associazione Nazionale Oltre Le Frontiere ETS

anolf.it

40

ANOLF is a well-established Italian non-profit organization dedicated to supporting immigrants and refugees through advocacy, education, and community services. The website reflects a mature digital presence with comprehensive content targeting immigrants, social activists, and the general public interested in immigration and social justice. The organization maintains active social media channels and provides multiple engagement points including newsletters and multimedia content. Technically, the site is built on WordPress with a range of plugins and integrations such as Google Analytics and Facebook SDK, hosted likely on Aruba infrastructure. While the site is mobile-optimized and professionally designed, performance is hindered by a large page size and high resource count. Security posture is moderate with HTTPS enabled and no critical vulnerabilities detected, but lacks advanced security headers and HSTS enforcement. Privacy and cookie policies are present and GDPR compliant, enhancing trust and compliance. Overall, the site is credible and trustworthy but could benefit from technical and security improvements.

E

Eurochambres, BEUC and SMEunited

consumerlawready.eu

38

ConsumerLawReady.eu is an EU-backed educational platform focused on providing consumer law training for Small and Medium Enterprises (SMEs) and consumer law trainers across the European Union. The website offers dedicated portals for each EU country, supporting multilingual content and localized training resources. The project is implemented by reputable organizations including Eurochambres, BEUC, and SMEunited on behalf of the European Commission, establishing strong trust and legitimacy in the market. The platform targets legal experts, SME owners, and employees seeking to enhance their knowledge of consumer law.

C

Cambra de Terrassa

garantiajuvenil.cat

38

Garantiajuvenil.cat is a government-backed youth employment program website managed by Cambra de Terrassa, targeting young people aged 16 to 29 who are not currently working or studying, as well as companies interested in hiring youth with incentives. The program is promoted by the Ministry of Labour and Social Economy and co-financed by the European Social Fund. The website provides information, orientation, and support services to its target audience. Technically, the site is built on WordPress using Elementor and Yoast SEO plugins, with integration of Google Analytics and social media links. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Privacy compliance is basic but present, with cookie consent and privacy policies linked. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

Ს

სს “საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო”

mycreditinfo.ge

61

Mycreditinfo.ge is a Georgian finance sector website operated by სს “საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო”, providing credit information services including free and premium credit reports, credit score monitoring, and educational content. The site targets individuals and legal entities in Georgia seeking to manage and improve their credit profiles. The business model includes both free access and paid premium services, positioning it as a key player in the local credit information market. Technically, the website is built on Angular 13 and integrates common analytics and marketing tools such as Google Analytics and Facebook Pixel. It is hosted on Microsoft Azure, indicating a modern cloud infrastructure. However, the site suffers from slow performance due to large page size and load times, which could impact user experience. From a security perspective, the site has significant weaknesses: it lacks a valid SSL certificate and does not support any TLS protocols, severely limiting secure communications. While HSTS is enabled, its benefits are negated by the missing SSL. The site implements SPF and DMARC for email security and has basic security headers, but lacks advanced features like OCSP stapling and session resumption. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is not clearly demonstrated. Overall, the site is functional and content-rich but requires urgent improvements in SSL/TLS configuration to ensure user data protection and trust. Performance optimization and enhanced privacy compliance would further strengthen its digital maturity and security posture.

U

Unifiedpost

rekini.lv

40

Rekini.lv operates as a Latvian digital invoicing and payment platform affiliated with Unifiedpost. It provides services for invoice receipt, payment, and invoice preparation via a partner platform Banqup. The website targets businesses and individuals in Latvia requiring invoicing solutions. Technically, the site uses a modern frontend stack including jQuery, Bootstrap, and multiple tracking and analytics services, but suffers from slow load times and lacks a valid SSL certificate, which critically impacts security. The security posture is weak due to missing HTTPS, absence of DMARC, DNSSEC, and domain protection locks. Privacy compliance is basic with a cookie consent modal and privacy policy present but no terms of service or incident response information. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

C

Creditinfo Group

creditinfosolutions.com

50

Creditinfo Group operates as a global leader in credit information and risk management solutions, providing software and credit bureau services across mature and emerging markets worldwide. The company focuses on facilitating access to finance through innovative software solutions tailored for financial institutions and lenders. Their market position is strong, supported by over 19 years of domain maturity and a presence in multiple countries, including a headquarters in the Czech Republic. The website content reflects a professional and consistent brand with clear business messaging and case studies highlighting their global impact. Technically, the website is built on WordPress and leverages common web technologies such as jQuery and Google Analytics for tracking. Hosting and CDN services are provided by Cloudflare, enhancing performance and security at the network edge. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate, serving content over unencrypted HTTP, which exposes users to potential interception risks. From a security perspective, while some security headers are present, the absence of HTTPS and modern TLS protocols significantly lowers the security posture. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Contact information is clearly provided, enhancing business credibility and user trust. Overall, the site is functional and professional but requires urgent security improvements to protect user data and maintain trust. Strategic recommendations include implementing HTTPS, enabling HSTS, and enhancing security headers to align with best practices.

C

Consorci Localret

localret.cat

40

Consorci Localret is a well-established consortium focused on supporting local governments in Catalonia, Spain, with digital transformation initiatives. Their website showcases a comprehensive range of services including advisory, procurement centralization, telecommunications infrastructure, innovation office, and digital society support. The organization targets municipalities and supramunicipal entities, positioning itself as a key player in local government digital modernization. Technically, the website is built on WordPress with a mature tech stack including SEO and multilingual plugins, accessibility tools, and analytics integrations. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no HTTPS support and exposing users to potential risks. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is content-rich and professionally presented but requires urgent security improvements to protect user data and enhance trust.

A

ADTENDE SL

adtende.es

36

ADTENDE SL is a specialized company focused on innovation and service provision for the public sector, particularly in electronic administration and citizen assistance. The company positions itself as a unique partner with a public sector DNA, offering comprehensive services such as OAC 360º, LIAM AI agent, and centralized call services. Their target audience includes public administrations and e-citizens, emphasizing effective and innovative solutions to improve public service delivery. Technically, the website is built on WordPress with Elementor and integrates modern tools like Google Analytics and reCAPTCHA, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are well implemented and GDPR compliant, with clear contact information and social media presence enhancing business credibility. Security posture is weak due to missing HTTPS and lack of security headers, exposing the site to potential risks. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

M

Moventis S.A.

moventis.es

40

Moventis S.A. is a well-established transportation company specializing in collective passenger transport by road, operating primarily in Spain with regional and European services. The company offers a broad range of services including urban and interurban transport, coach rental, and ITS solutions. The website reflects a mature digital presence with comprehensive content, consistent branding, and clear business information targeting travelers and clients seeking transport services. Technically, the site is built on Drupal 7 with a variety of modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking. However, the site suffers from slow load times and lacks some advanced security headers and mechanisms such as HSTS, DNSSEC, and OCSP stapling. Privacy policies are present and GDPR compliance is indicated, though no active cookie consent mechanism is implemented. The WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the website is professional and trustworthy but could benefit from performance and security enhancements.

JauniAuto.lv is a Latvian automotive news website providing up-to-date articles, reviews, and industry news targeted at Latvian-speaking automotive enthusiasts. The site operates primarily as an advertising-supported media platform, featuring a range of automotive content with a consistent brand presentation. Technically, the website is built on WordPress and uses common web technologies such as jQuery and Google Analytics, but suffers from slow performance and lacks modern security configurations. The absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Additionally, the site lacks privacy and cookie policies, which raises compliance concerns under GDPR regulations. Business credibility is moderate due to the lack of explicit contact information and security policies, although the domain registration data aligns well with the website's purpose and location.

A

Akciju sabiedrība “Olpha”

olainfarm.com

67

Olpha is a well-established Latvian pharmaceutical company with over 50 years of experience and a strong regional presence across more than 60 markets. The company specializes in manufacturing a wide range of pharmaceutical products including active ingredients, finished dosage forms, and nutritional supplements. Their business model includes contract manufacturing and licensing, supported by a large team of specialists. The website reflects a mature digital presence with multilingual support, comprehensive accessibility features, and professional branding. Technically, the site is built on WordPress with modern plugins and integrates marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Security posture is solid with HTTPS and no critical vulnerabilities detected, though improvements in email security and SSL configurations are recommended. Overall, Olpha demonstrates a credible and professional online presence aligned with its business stature.

I

ITTF Foundation

ittffoundation.org

40

The ITTF Foundation is a non-profit organization leveraging table tennis to promote social development, health, and peace globally. It operates multiple specialized programmes targeting disadvantaged groups, humanitarian aid, and health awareness. The foundation is linked to the ITTF Group and maintains an active online presence with social media and newsletter engagement. Technically, the website is built on the Contao CMS with modern JavaScript libraries and frameworks but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security posture. The absence of HTTPS and security headers exposes the site to risks and undermines user trust. Privacy compliance is basic with a cookie consent banner and a privacy policy, but no explicit GDPR compliance or terms of service are found. WHOIS data indicates a mature domain with privacy protection typical for non-profits. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance credibility.

I

Interact

interact-sport.com

62

Interact is a non-profit initiative focused on promoting Sport for All by supporting international sport organizations in capacity building, certification, and community engagement. The website presents a professional and content-rich platform targeting sport organizations and grassroots participants. Technically, the site is built on WordPress with common libraries and plugins, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with HSTS enabled but no valid TLS protocols or certificate transparency compliance. Privacy compliance is well addressed with a cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site is trustworthy but requires urgent improvements in SSL/TLS configuration to ensure secure user interactions.

I

Interticket.pl

interticket.pl

40

Interticket.pl is a mature Polish e-commerce platform specializing in online ticket sales for concerts, theater, festivals, museums, and cinemas. Established in 2004, it serves primarily Polish-speaking customers with a broad offering of event tickets. The website integrates multiple marketing and analytics tools such as Google Analytics, Google Tag Manager, and Facebook Pixel, and maintains active social media profiles to engage its audience. However, the technical infrastructure shows signs of aging, with reliance on older JavaScript libraries and a custom CMS. Performance is suboptimal with slow page load times and a large page size. Critically, the site lacks a valid SSL certificate and does not enforce HTTPS, posing significant security risks.

T

The Solomon R. Guggenheim Foundation

guggenheim-venice.it

38

The Peggy Guggenheim Collection website represents a well-established cultural institution focused on modern European and American art. It serves a diverse audience including tourists, art lovers, families, and educational groups. The site offers comprehensive information about exhibitions, tours, educational programs, and membership opportunities, positioning itself as a leading museum in Venice with strong brand recognition. Technically, the site uses a modern CMS (ProcessWire) and integrates caching and analytics tools, but lacks a valid SSL certificate, which is a critical security gap. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. The security posture is weak due to missing HTTPS and modern TLS protocols, exposing the site to potential risks. Overall, the site is professional and trustworthy but requires urgent security improvements to protect visitors and maintain credibility.

N

NISZ Nemzeti Infokommunikációs Szolgáltató Zrt.

nisz.hu

40

NISZ Nemzeti Infokommunikációs Szolgáltató Zrt. is a key Hungarian government IT and telecommunications service provider, supporting digital government infrastructure and public sector digital transformation. The company offers a range of services including mobile applications, telecommunication services, managed IT services, data center and cloud services, and videoconferencing platforms. The website reflects a mature and professional organization with clear business focus on government clients and public institutions. Technically, the site uses modern frontend technologies and integrates multiple analytics and marketing tools, but suffers from a critical security flaw due to the absence of a valid SSL certificate and lack of TLS support, which severely impacts its security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and trust.

M

Meraki Marketing Kft.

meraki.hu

40

Meraki Marketing Kft. is a Hungarian digital marketing agency specializing in services such as web development, SEO, videomarketing, branding, and digital campaigns. The company targets businesses aiming for growth and international market entry, positioning itself as an innovative and fast-growing agency with a strong client portfolio and testimonials. The website is professionally designed, content-rich, and provides clear contact information and GDPR-compliant privacy policies. Technically, the site uses Joomla CMS with UIkit framework and integrates common marketing and analytics tools like Google Analytics, Facebook Pixel, and Google Tag Manager. However, the website suffers from critical security issues due to an invalid or missing SSL certificate and disabled TLS protocols, which undermines secure communications. Performance is also a concern with slow load times and large page size. Overall, the site demonstrates good privacy compliance and business credibility but requires urgent security improvements to protect user data and enhance trust.

A

AJUNTAMENT DE LLEIDA

paeria.cat

72

The website paeria.cat is the official digital presence of the Ajuntament de Lleida, the municipal government of Lleida, Spain. It serves as a comprehensive portal for residents and visitors to access city information, municipal services, online procedures, news, events, and citizen participation platforms. The site is well-positioned as a trusted government resource with a broad range of public services and cultural content. Technically, the website is built on the Plone CMS platform, leveraging modern web technologies such as jQuery, Owl Carousel, and Google Fonts, hosted on Microsoft Azure infrastructure. While the site offers good accessibility and SEO features, its performance is somewhat slow due to a large page size and high resource count. Security posture is solid with HTTPS enforced using TLS 1.3 and 1.2, OCSP stapling, and valid SPF and DMARC DNS records. However, improvements are recommended in enabling HSTS, DNSSEC, domain protection locks, and additional security headers. Privacy compliance is strong with clear privacy and cookie policies and GDPR adherence. Contact information is readily available, including phone numbers, physical address, and online forms, complemented by active social media channels. Overall, the website demonstrates a mature, professional, and trustworthy government digital service with room for technical and security enhancements.

C

Consorzio Terra di San Marino

terradisanmarino.com

49

Consorzio Terra di San Marino is a small-sized cooperative consortium focused on protecting and promoting typical agro-food products from the Republic of San Marino. The website serves as a platform to showcase their products, events, and cultural heritage, targeting local consumers and enthusiasts of traditional food and rural culture. Technically, the site is built on Drupal 7 with common web libraries and Google Analytics for tracking. However, the site suffers from critical security shortcomings, notably the absence of HTTPS and a valid SSL certificate, which exposes users to risks and undermines trust. Privacy compliance is basic, with a cookie policy and consent mechanism but no explicit privacy or security policies. The domain is mature and consistent with the business claims, enhancing credibility. Overall, the site provides good content and user experience but requires urgent security improvements to protect visitors and enhance trust.

D

Dauphin Telecom Business

dauphintelecompro.com

37

Dauphin Telecom Business is a regional telecommunications and digital solutions provider focused on serving businesses in French overseas territories such as Guadeloupe, Martinique, Guyane, and the Northern Islands. The company offers a range of services including fiber internet (FTTH, FTTO), unified communication solutions, mobile plans, cloud and data center services, and VPN interconnection. Their website reflects a professional digital presence with clear navigation and relevant content tailored to their target audience. Technically, the website is built on Joomla CMS using the Helix Ultimate framework and Bootstrap 5, incorporating modern libraries like jQuery and Awesomplete. However, the site suffers from slow load times and lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security concern. Cookie consent and privacy policies are implemented, showing good GDPR compliance, and Google Analytics is used with appropriate data retention policies. From a security perspective, the absence of HTTPS and security headers significantly lowers the security posture. While Google reCAPTCHA is used to protect forms, the lack of SSL/TLS encryption exposes users to risks. The WHOIS data confirms the domain is mature and registered transparently, consistent with the business claims. Overall, the website is functional and informative but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include obtaining a valid SSL certificate, enabling security headers, and optimizing performance to improve user experience and security compliance.

M

MIGASTONE INTERNATIONAL SRL

migastoneacademy.com

33

Migastone Academy operates as a specialized educational platform focused on mobile marketing and app creation, leveraging proprietary methods such as the ASP© method and the Siberian platform. The company positions itself as a leader in Europe with over 1055 applications sold and strong partnerships with major Italian trade associations. The website is built on the Kartra platform, integrating multiple marketing and analytics tools including Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. Despite a professional design and good content quality, the site suffers from critical security issues, notably the lack of a valid SSL certificate and HTTPS, which significantly impacts its security posture. Privacy and cookie policies are present and GDPR compliant, with clear contact information including phone numbers and a physical address in San Marino. Overall, the website demonstrates moderate digital maturity but requires urgent security improvements to protect user data and enhance trust.

The San Marino Card website serves as the official portal for the government-backed SMaC program, offering discount cards and electronic wallet services to residents and businesses within San Marino. The site provides comprehensive information about card benefits, partner merchants, and access to a private client area for transaction tracking. The business model is centered on facilitating government-supported financial incentives and electronic payments, positioning itself as a key public service in the local market. Technically, the website is hosted on an nginx server with a legacy charset and uses jQuery libraries alongside Google Analytics for tracking. While the site includes several security headers and a strict transport security policy, it lacks a valid SSL certificate and does not support HTTPS, which is a critical security gap. Performance metrics are unavailable, and mobile optimization is basic, indicating room for technical modernization. From a security perspective, the absence of HTTPS and modern TLS protocols significantly reduces the site's security posture. Although some security headers are present, the lack of vulnerability disclosure policies, cookie consent mechanisms, and comprehensive privacy compliance measures highlight compliance gaps. The site does provide clear contact information and links to privacy and terms documents, but GDPR compliance is not fully evident. Overall, the website is functional and credible as a government service but requires urgent improvements in SSL deployment, privacy compliance, and security best practices to enhance trust and protect user data. Strategic recommendations include installing a valid SSL certificate, enabling modern TLS versions, implementing cookie consent, and publishing a vulnerability disclosure policy.

B

BKN301 S.p.A.

bkn301.sm

53

BKN301 S.p.A. is a fintech company based in San Marino, offering a range of digital payment services including payment accounts, POS solutions, credit and prepaid cards, and e-commerce payment acceptance. The company targets private individuals, businesses, and merchants, positioning itself as an innovative payment institute with international reach. The website is professionally designed using WordPress and Elementor, with good SEO and mobile optimization. However, the technical security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which poses risks to secure communications. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Contact information and company registration details are clearly presented, enhancing business credibility.

T

Treviweb SAS di Spolitu Francesco & C.

treviweb.it

38

Treviweb is a small Italian technology company specializing in website creation, software development, mobile app development, web marketing, and hosting services. Established since 2005, it has a mature domain and a clear market presence targeting businesses and private clients seeking digital solutions. The website is professionally designed with good content relevance and clear navigation, supporting a positive user experience. Technically, the site uses a WordPress CMS with modern frameworks like Bootstrap and integrates analytics and marketing tools such as Google Analytics, Facebook Pixel, and Google Tag Manager. However, the absence of a valid SSL certificate and HTTPS is a critical security shortfall, exposing users to risks and impacting trust. Privacy compliance is well addressed through Iubenda policies and consent management. Overall, the business credibility is moderate, supported by clear contact information and social media presence.

M

Migastone International Srl

referraldirector.com

40

ReferralDirector.com is the online presence of Migastone International Srl's Referral Director Academy, a specialized education platform focused on relational marketing and professional training for becoming certified Referral Directors. The company positions itself as a leader in Italy's marketing relational education sector, offering comprehensive training, webinars, and proprietary software to facilitate business networking and client referrals. The website is rich in multimedia content, testimonials, and detailed GDPR-compliant privacy policies, targeting a broad audience including young professionals, women, and career changers. Technically, the site leverages the Kartra platform, Cloudflare CDN, and integrates multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is strong with clear GDPR disclosures and consent mechanisms. Overall, the site demonstrates a mature digital marketing infrastructure but requires urgent security improvements to protect user data and enhance trust.