Security Directory

R

Rubiko Srl

rubiko.it

34

Rubiko Srl is a small technology company based in San Marino, specializing in custom digital solutions including web development, e-commerce platforms, digital marketing, and software management systems. The company targets businesses seeking digital transformation and offers tailored services to enhance online presence and operational efficiency. The website is professionally designed using Drupal 7 and integrates various JavaScript libraries and marketing tools such as Google Analytics and Facebook SDK. However, the technical infrastructure shows signs of aging, notably the use of PHP 5.6.40 and lack of a valid SSL certificate, which significantly impacts the security posture. Security headers are partially implemented, but critical HTTPS enforcement and modern TLS protocols are missing. Privacy and cookie policies are present and appear GDPR compliant, enhancing user trust. Overall, the website is functional and informative but requires urgent security upgrades to protect user data and improve trustworthiness.

KOITOTO operates as an online gambling platform specializing in toto macau lottery and slot games, targeting Indonesian-speaking bettors. The website offers various betting options, promotions, and 24/7 customer service, positioning itself as a trusted and licensed provider. Technically, the site uses a modern tech stack including jQuery, Bootstrap, and multiple analytics and marketing tools, hosted behind Cloudflare and BunnyCDN for performance and availability. Security posture is moderate with valid SSL but lacks advanced headers like HSTS and CSP. Privacy compliance is weak due to absence of privacy and cookie policies. The domain is young and uses privacy protection, which is common in gambling but reduces transparency. Overall, the site is functional and moderately trustworthy but would benefit from improved security and privacy practices.

S

Studio Leonardo snc

studioleonardo.com

35

Studio Leonardo is a small Italian web agency established in 1996, specializing in communication, marketing, web solutions, and SEO services primarily targeting small and large companies. The website is built on WordPress with a modern but somewhat dated technology stack including jQuery, Bootstrap, and various WordPress plugins. While the site has good SEO metadata, structured data, and a consistent brand presence, it lacks critical security infrastructure such as a valid SSL certificate, which severely impacts its security posture. Cookie consent is managed via Cookiebot, indicating some level of privacy compliance, but no privacy policy or terms of service pages were found. Contact information is clearly provided, including phone numbers, physical address, and contact forms.

M

MECAL MACHINERY S.r.l

mecal.com

40

Mecal Machinery S.r.l is an Italian manufacturing company specializing in the production of machines and systems for processing aluminum, PVC, and light alloys. The company targets industrial clients requiring advanced machinery solutions and maintains a multilingual website to serve an international audience. Their business model focuses on manufacturing, technical support, and product distribution. The website demonstrates a good level of professionalism and content quality, with clear navigation and multilingual support. Technically, the site is built on WordPress with modern JavaScript libraries and CSS frameworks, but lacks HTTPS, which is a critical security gap. Privacy compliance is well managed through Iubenda, including cookie consent mechanisms. Contact information is comprehensive, enhancing business credibility.

A

Aetnagroup S.p.A.

techlabtest.com

58

Techlab is a specialized packaging test laboratory focused on improving the stability of palletized loads during transportation. The company operates internationally with multiple research centers and holds accreditation from Accredia, indicating recognized quality standards. Their services include packaging testing, consulting, and load stability optimization, targeting manufacturers and businesses requiring packaging solutions. The website is professionally designed with clear navigation and multilingual support, reflecting a mature digital presence. However, the absence of a valid SSL certificate and lack of HTTPS support represent critical security vulnerabilities that undermine user trust and data protection. Privacy and cookie policies are present and GDPR compliant, and the contact form collects user data with appropriate consent mechanisms. Overall, the business credibility is strong, but the security posture requires urgent improvement to meet modern standards.

UNA is an Italian association representing communication companies, providing networking, events, training, and sector-specific hubs to its members. The website serves as a portal for members and interested parties to access services, news, and industry information. The association holds a solid market position within Italy's communication sector, targeting companies and professionals seeking collaboration and industry representation. The business model is membership-based, offering value through events, awards, and specialized hubs. Technically, the website is built on WordPress with Elementor, integrating modern marketing and analytics tools such as Google Tag Manager and Iubenda for consent management. However, the site currently lacks a valid SSL certificate and HTTPS support, which is a critical security gap. Performance data is incomplete but suggests potential slowness. Mobile optimization and SEO are adequately addressed. From a security perspective, the absence of HTTPS and modern TLS protocols severely impacts the site's security posture. No advanced security headers or incident response policies are evident. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. The domain registration data aligns well with the business claims, indicating legitimacy. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing HTTPS, enabling security headers, and establishing incident response protocols.

M

M.M.Warburg & CO Gruppe GmbH

mmwarburggruppe.com

50

The Warburg Gruppe website represents a well-established financial holding company specializing in private banking, asset management, and investment banking services. The group operates multiple subsidiaries, each with a clear market focus, serving high-net-worth individuals and institutional clients primarily in Germany. The website content is professionally presented, targeting a sophisticated audience with detailed information about the group and its subsidiaries. Technically, the site uses a Java-based CMS (OpenCms) and integrates modern marketing and analytics tools such as Usercentrics for consent management and Google Tag Manager. However, a critical security gap exists due to the absence of HTTPS/SSL, exposing users to potential risks. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site demonstrates strong business credibility but requires urgent security improvements.

M

M.M.Warburg & CO (AG & Co.) KGaA

mmwarburg.com

50

M.M.Warburg & CO is a well-established independent private bank in Germany with a history dating back to 1798. The bank offers a broad range of financial services including private banking, asset management, corporate and investment banking, and institutional client services. The website targets private clients, business customers, and institutional investors, emphasizing personalized service and long-term client relationships. Technically, the website uses modern web technologies such as Apache server, UserCentrics consent management, Google Analytics, and Google Tag Manager, and is built on OpenCms. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Privacy compliance is strong with a comprehensive privacy policy and cookie consent mechanism. The website is professionally designed with consistent branding and rich content, including reports and multimedia. Overall, the site reflects a reputable financial institution but urgently needs to address its SSL/TLS configuration to ensure secure communications.

O

Organizzazione Sammarinese degli Imprenditori

osla.sm

25

Organizzazione Sammarinese degli Imprenditori (OSLA) is a mature, small-sized association dedicated to supporting small and medium enterprises (SMEs) across multiple sectors in San Marino, including commerce, tourism, industry, services, craftsmanship, liberal professions, and agriculture. The website serves as an informational and service portal offering consultancy, legal advice, training, and representation for its members. The organization holds a key market position as a representative body for SMEs in San Marino. Technically, the website is built on Drupal 7 with an Apache server and PHP 5.4.16, indicating an outdated technology stack. The site includes modern web features such as responsive design and social media integration but suffers from slow performance and basic SEO and accessibility implementations. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS support, despite some security headers being present. Privacy compliance is partially addressed with visible privacy and cookie policies and a consent mechanism, but GDPR compliance is not fully evident. Contact information is limited to a physical address with no direct email or phone contacts displayed. Overall, the site is functional but requires significant improvements in security and technical modernization to enhance trust and compliance.

I

In Scientia Fides

inscientiafides.com

30

In Scientia Fides is a specialized healthcare biobank located in San Marino, offering private stem cell preservation services with international FACTNetCord accreditation. The company targets families and parents seeking biological insurance for their children through stem cell storage. The website is professionally designed, content-rich, and provides comprehensive information about services, accreditations, and procedures. Technically, the site is built on WordPress with common marketing and analytics tools integrated, but lacks HTTPS security, which is a critical vulnerability. Privacy policies and cookie consent mechanisms are well implemented, reflecting good GDPR compliance. Overall, the business presents a trustworthy and professional image but must urgently address its lack of SSL to improve security posture and user trust.

H

H.J. Opdyke Lumber Company

opdyke.com

40

H.J. Opdyke Lumber Company is a well-established regional supplier of lumber and building materials, servicing residential and multifamily properties since 1955. The company offers a broad range of products and design services including kitchens, baths, decking, doors, windows, and closets, targeting contractors, builders, and homeowners primarily in New Jersey, Pennsylvania, and New York. Their market position is solid with multiple physical locations and a medium-sized business footprint. Technically, the website is built on WordPress with modern plugins and accessibility features, but lacks a valid SSL certificate, which is a critical security shortfall. The site uses Sucuri Cloudproxy for WAF protection, Google Analytics and Tag Manager for tracking, and hCaptcha for form security. Privacy and cookie policies are present and GDPR compliant, but no terms of service or security policies are found. Overall, the website is professional and trustworthy but requires urgent improvements in SSL/TLS security to protect user data and improve trust.

E

Evolved Novelties

myevolved.com

39

Evolved Novelties operates as a niche e-commerce retailer specializing in premium adult pleasure products, featuring well-known brands such as Playboy Pleasure and Gender X. The website is built on the BigCommerce platform and leverages Cloudflare for hosting and CDN services. The site demonstrates good content quality, clear navigation, and a consistent branding approach targeting adult consumers seeking luxury sexual wellness products. However, the absence of a valid SSL certificate and HTTPS implementation significantly undermines the security posture, exposing users to potential data interception risks. Cookie consent mechanisms are present, indicating some level of privacy compliance, but no explicit GDPR or security policies are found. Overall, the business appears legitimate with consistent domain registration data, but urgent improvements in security infrastructure are recommended to protect customer data and enhance trust.

Aeffe Spa is an established Italian luxury goods group specializing in the production and distribution of high-end fashion products including ready-to-wear, footwear, leather goods, lingerie, and beachwear. The company operates internationally with proprietary brands such as Alberta Ferretti, Moschino, Pollini, and Philosophy di Lorenzo Serafini, positioning itself as a significant player in the luxury retail sector. The website reflects a professional corporate presence with comprehensive investor relations and governance information, targeting investors, partners, and luxury consumers. Technically, the website is built on WordPress with modern frameworks like Bootstrap and integrates multiple third-party services including Google Tag Manager and Google Analytics for analytics and marketing. Multilingual support is provided via WPML, enhancing accessibility for international audiences. However, the website suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS, which impacts its security posture and user trust. Security-wise, while no critical vulnerabilities or exposed sensitive data were detected, the lack of HTTPS and modern TLS protocols, absence of HSTS, and missing DMARC records represent significant risks. The site employs basic security headers but could benefit from enhanced configurations. Privacy compliance is well addressed with clear privacy and cookie policies and a consent mechanism, aligning with GDPR requirements. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust. Strategic recommendations include implementing a valid SSL certificate, enabling modern TLS protocols, and improving security headers and email authentication mechanisms.

B

Bee Social Srl

bee-social.it

28

Bee Social Srl is a small digital marketing agency based in San Marino, founded in 2012, specializing in web marketing, social media management, SEO copywriting, online advertising, and website development. The company targets businesses and freelancers seeking practical digital marketing solutions. The website is professionally designed with rich content, clear navigation, and multiple client trust indicators including case studies and partner badges. Technically, the site is built on WordPress with common plugins and integrates analytics and marketing tools. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts its security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms. Overall, the business appears legitimate and consistent with its domain registration data, but the lack of HTTPS is a major risk that should be addressed immediately.

S

SIT S.p.A.

sitspa.com

22

SIT S.p.A. is a well-established Italian manufacturing company specializing in power transmission solutions and components for industrial applications. The company positions itself as a global leader with multiple production centers and subsidiaries worldwide, offering a broad portfolio of products including timing belts, couplings, and servo reducers. The website reflects a professional business presence with detailed product information, certifications, and contact details, targeting industrial clients seeking high-quality power transmission components. Technically, the website is built on WordPress with common plugins for SEO, page building, and analytics. However, the site suffers from a critical security deficiency as it lacks HTTPS, exposing visitors to potential data interception risks. Performance is suboptimal with a high load time and large page size, though mobile optimization and SEO practices are reasonably well implemented. Security posture is weak due to the absence of SSL/TLS encryption and missing security headers. No explicit security or incident response policies are published, which could be a concern for compliance and trust. Privacy compliance is partially addressed with visible privacy and cookie policies and consent mechanisms. Overall, SIT S.p.A. demonstrates strong business credibility and content quality but must urgently address security shortcomings to protect users and improve trust. Strategic improvements in security infrastructure and performance optimization are recommended to align the digital presence with the company's market leadership.

C

Cotes

cotes.com

40

Cotes is a Denmark-based company specializing in tailor-made adsorption dehumidifiers and humidity management solutions primarily for industrial sectors such as wind energy, battery manufacturing, building drying, and food & beverage production. The company holds a strong market position with significant global offshore wind turbine market share and partnerships including UNICEF. Their website is professionally designed, leveraging HubSpot CMS and modern marketing tools, with clear navigation and multilingual support. However, the security posture is weak due to the absence of a valid SSL certificate and lack of HTTPS support, which is a critical issue that undermines user trust and data security. Privacy compliance is well addressed with a cookie consent mechanism and a comprehensive privacy policy. Contact information and social media presence are clearly provided, enhancing business credibility.

TITANKA! Spa is a specialized digital marketing and technology solutions provider focused on the tourism and hospitality sector, serving hotels, camping villages, and destinations primarily in Italy and San Marino. With over 25 years of experience, the company offers tailored services including web marketing, chatbot AI, performance hubs, and hospitality marketing mix solutions. The website reflects a mature business with a consistent brand and a clear target audience. Technically, the site uses a proprietary CMS and integrates multiple analytics and marketing tools, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with a comprehensive GDPR policy and cookie consent mechanism. The security posture is weak due to missing HTTPS and security headers, exposing the site to potential risks. Overall, the business appears legitimate and established, but urgent improvements in security infrastructure are recommended to protect user data and enhance trust.

O

Orienta S.r.l.

orienta.sm

26

Orienta S.r.l. is a San Marino based software house specializing in ERP and integrated business software solutions, targeting enterprises seeking to optimize organizational processes and resource management. The company offers a range of services including Business Analytics, Sales Automation, Manufacturing and Industry 4.0 solutions, Workflow management, and Project Management software. Founded in 2013, Orienta positions itself as a young and dynamic player in the local technology market, providing tailored software and consultancy services to businesses. Technically, the website is built on WordPress using the Divi theme and leverages modern PHP 8.1.32 and nginx server infrastructure. It integrates Google Analytics for tracking and Google reCAPTCHA v3 for form security. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security shortfall. Performance data is limited but indicates slow loading times. The site is mobile optimized and SEO friendly with Yoast SEO plugin usage. From a security perspective, the absence of HTTPS, HSTS, DNSSEC, and security headers significantly weakens the site's security posture. While no vulnerable libraries or known exploits are detected, the lack of encryption and security best practices exposes the site and its users to potential risks. Privacy and cookie policies are present but basic, with no explicit GDPR compliance indicators or incident response policies. Overall, the website demonstrates a professional business presence with good content quality and clear contact information. However, critical security improvements are necessary to protect user data and enhance trust. Strategic recommendations include immediate SSL certificate installation, enabling security headers, and improving privacy compliance measures to align with regulatory standards.

S

San Marino Rtv

sanmarinortv.sm

37

San Marino RTV operates as the official radio and television broadcaster for the Republic of San Marino, providing live streaming services, news, sports, cultural programming, and event coverage. The website serves a diverse audience interested in local and international news, sports updates, and entertainment, positioning itself as a key media outlet within the country. The business model relies on public broadcasting complemented by advertising revenue streams. Technically, the site employs modern web technologies including nginx, Varnish caching, Fluid Player for video streaming, and integrates with major advertising and analytics platforms such as Google Analytics and Facebook Pixel. However, the absence of a valid SSL certificate and HTTPS support represents a significant security vulnerability, exposing users to potential data interception and undermining trust. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good compliance with GDPR requirements. Overall, the website demonstrates strong content quality and business credibility but requires urgent security improvements to protect user data and enhance trust.

M

M.M.Warburg & CO (AG & Co.) KGaA

bankhaus-plump.de

34

M.M.Warburg & CO is an established independent private bank in Germany, founded in 1798, offering a broad range of financial services including private banking, asset management, corporate finance, and institutional client services. The website reflects a mature digital presence with professional design, comprehensive content, and strong branding consistency. Technically, the site uses Apache server, OpenCms CMS, and integrates modern marketing and analytics tools with user consent management. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. The security posture is weak due to lack of TLS protocols and incomplete security headers. Privacy compliance is well addressed through UserCentrics CMP and a comprehensive privacy policy. Overall, the site is credible and professional but requires urgent security improvements.

The website at bsm.sm currently functions as a security gateway page implementing a CAPTCHA challenge to prevent automated or malicious access. It is not a traditional business website but a protective layer powered by BitNinja technology. The site uses outdated CMS platforms (Joomla 1.5 and WordPress 2.5) and lacks a valid SSL certificate, serving content over HTTP only. Google reCAPTCHA and Google Analytics are integrated for bot mitigation and visitor tracking. The absence of privacy, cookie, and terms of service policies, as well as contact information, limits the site's compliance and business credibility. DNS configuration lacks modern security features such as DNSSEC and CAA records. Overall, the site is slow to load and provides minimal content focused solely on CAPTCHA validation.

P

Persado

persado.com

40

Persado is an enterprise AI marketing platform specializing in generating, optimizing, and personalizing marketing language at scale, primarily targeting banks and financial institutions. The company positions itself as a market leader with strong endorsements from major U.S. banks and credit card issuers. Their platform integrates compliance, performance, and personalization features, supported by multi-agent AI workflows and domain-specific models tailored for the financial sector. The website reflects a mature digital presence with comprehensive content, strong branding, and customer testimonials. Technically, the site is built on WordPress with modern themes and plugins, leveraging WP Engine hosting and Cloudflare CDN. It employs standard marketing and analytics tools such as Google Analytics, Google Tag Manager, Drift, Pardot, and Zapier. SEO and accessibility practices are well implemented, and the site is mobile optimized. However, a critical security shortfall is the absence of a valid SSL/TLS certificate, resulting in no HTTPS encryption, which severely impacts the security posture. Security headers are properly configured, and the company demonstrates adherence to recognized security frameworks including ISO 27001 and SOC II type 2. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Despite the strong compliance and governance messaging, the lack of HTTPS is a major vulnerability that undermines user trust and data protection. Overall, Persado presents a professional and credible business with advanced AI-driven marketing solutions for finance, but must urgently address its SSL/TLS certificate issues to ensure secure communications and maintain enterprise-grade security standards.

W

Wise

transferwise.com

60

Wise is a leading global fintech company specializing in international money transfers, multi-currency accounts, and investment services. The company operates with a strong regulatory framework across multiple jurisdictions including Belgium, Estonia, Singapore, Australia, Canada, Malaysia, Japan, and Hong Kong. Its platform supports a wide range of currencies and payment methods, serving both personal and business customers worldwide. The website reflects a mature digital presence with comprehensive content, clear navigation, and extensive use of modern web technologies. However, a critical security issue is present due to an invalid SSL certificate and lack of modern TLS protocols, which significantly impacts the security posture. Despite this, the company demonstrates strong compliance with privacy regulations and maintains transparent advertising and analytics practices.

C

Copernica BV

copernica.nl

40

Copernica BV operates a sophisticated online multichannel marketing automation platform targeting technical teams, marketing professionals, and agencies. Their product suite includes the Marketing Suite platform, MailerQ mail transfer agent, and SMTPeter cloud email system, positioning them as a versatile provider in the marketing technology sector. The company maintains a consistent brand presence with comprehensive product information and a partner program, serving primarily the Netherlands market. Technically, the website employs modern JavaScript libraries such as jQuery, Google Tag Manager, and Google reCAPTCHA, alongside a custom SDK. While the site is mobile-optimized and SEO-friendly, performance is hindered by a slow load time and large page size. The absence of a valid SSL certificate critically impacts the security posture, despite no detected vulnerabilities in protocols or libraries. Security-wise, the site lacks key security headers and a valid SSL certificate, which are fundamental for protecting user data and ensuring trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. However, no explicit security or incident response policies are publicly available, which could be a gap in transparency and readiness. Overall, Copernica BV presents a professional and trustworthy business with strong marketing technology offerings but must urgently address SSL certificate issues and enhance security policies to improve its security posture and user trust.

A

Achmea Personenschade

achmeapersonenschade.nl

40

Achmea Personenschade is a Dutch insurance-related service specializing in personal injury claims and compensation for insured individuals under Achmea brands such as Interpolis, Centraal Beheer, FBTO, and Avéro Achmea. The website presents a professional and consistent brand image with clear service offerings focused on helping accident victims regain control and receive rightful compensation. Technically, the site uses modern JavaScript libraries and tracking tools but suffers from a critical security flaw due to the absence of a valid SSL certificate, resulting in no HTTPS support and weak security posture. Privacy compliance is well addressed with cookie consent mechanisms and a comprehensive privacy policy. Overall, the business credibility is high given its affiliation with the reputable Achmea group, but the security shortcomings pose a risk to user trust and data protection.

A

Achmea

achmeainnovationfund.nl

40

Achmea Innovation Fund is a corporate investment initiative focused on supporting startups and scale-ups with proven product-market fit and innovative business models in strategic sectors such as health, mobility, sustainability, and income security. The fund provides capital, access to Achmea's extensive network, and knowledge sharing to accelerate growth and innovation. The website presents a professional and consistent brand image aligned with Achmea, a major Dutch insurance and financial services group. Technically, the website uses modern front-end technologies including Bootstrap and integrates Google Analytics and Tag Manager for tracking. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a significant security and trust concern. The DNS configuration shows some misconfigurations, particularly in CAA and MX records, which could affect email delivery and certificate issuance. From a security perspective, while some security headers like Content-Security-Policy and Permissions-Policy are implemented, the absence of HTTPS and modern TLS protocols severely weakens the security posture. No incident response or security policy pages were found, though a responsible disclosure page is linked. Privacy and cookie policies are present on the parent Achmea domain, indicating GDPR compliance. Contact information is limited to an email address and physical address, with no phone numbers or social media links provided. Overall, the website is functional and professional but requires urgent improvements in SSL/TLS deployment and DNS configuration to enhance security and trustworthiness. Strategic recommendations include obtaining and maintaining a valid SSL certificate, enabling HTTPS, fixing DNS records, and enhancing security headers and incident response information.

A

Avéro Achmea

averoachmea.nl

40

Avéro Achmea is a well-established Dutch insurance provider specializing in offering insurance solutions through independent advisors to entrepreneurs, employers, and self-employed individuals. As a subsidiary of Achmea, it holds a strong market position in the finance sector, providing a broad range of insurance products including damage, income, and agricultural insurances, complemented by prevention services and direct customer support portals. The website reflects a professional and consistent brand image with comprehensive content tailored to its target audience in the Netherlands. Technically, the site employs a modern technology stack with extensive use of third-party analytics and marketing tools, though it lacks a valid SSL certificate which is a critical security concern. Security headers and policies are well implemented, but the absence of proper HTTPS undermines the overall security posture. Privacy and cookie policies are present and GDPR compliant, enhancing user trust. Overall, the site is functional and credible but requires urgent remediation of SSL issues to improve security and user confidence.

F

FBTO

fbto.nl

40

FBTO is a Dutch insurance provider offering a wide range of customizable insurance products including auto, health, travel, home, and legal assistance insurance. The company operates under the Achmea group umbrella, which strengthens its market position and trustworthiness. The website is professionally designed with clear navigation and good content quality, targeting Dutch consumers seeking flexible insurance solutions. Technically, the site uses a modern tech stack including Sitecore CMS, Azure hosting, and integrates multiple marketing and analytics tools. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which are critical issues that must be addressed immediately to protect user data and maintain trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is functional and credible but requires urgent security improvements.

I

Interpolis

interpolis.nl

40

Interpolis is a large Dutch insurance company offering a wide range of insurance products and damage prevention solutions targeted at private individuals, businesses, and agricultural customers. The company operates under the parent company Achmea and collaborates with partners such as Rabobank. The website is professionally designed with excellent content quality, clear navigation, and strong branding consistency. It leverages a modern technology stack including Sitecore CMS, Microsoft Azure hosting, and multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and disabled TLS protocols, which are critical issues for an insurance provider handling sensitive customer data. Privacy and cookie policies are present and GDPR compliant, but no explicit terms of service or security policies are found. Overall, the website is trustworthy and credible but requires urgent improvements in SSL/TLS configuration to enhance security.

C

Centraal Beheer

centraalbeheer.nl

40

Centraal Beheer is a well-established Dutch insurance and financial services provider with over 115 years of history, operating under the parent company Achmea. The website offers a comprehensive range of services including insurance products, investment options, savings accounts, pensions, and mortgages, targeting both private individuals and businesses. The site is professionally designed with excellent content quality, clear navigation, and strong branding consistency. Technically, the website uses a modern tech stack including Sitecore CMS, Azure hosting, and various marketing and analytics tools, though performance metrics are not available. Security posture is moderate; while several security headers are implemented, the SSL certificate is invalid or missing, and no modern TLS protocols are enabled, which poses a significant risk. Privacy compliance is good with clear privacy and cookie policies and GDPR adherence. Overall, the domain registration and WHOIS data align well with the business claims, indicating legitimacy and trustworthiness.

C

Copernica BV

mailerq.com

55

MailerQ is a specialized high-performance Mail Transfer Agent (MTA) developed by Copernica BV, a technology company based in the Netherlands. The product targets organizations requiring fast, reliable, and scalable email delivery solutions, including Email Service Providers, e-commerce platforms, banks, and government institutions. The website presents detailed product features, customer testimonials, and industry memberships, positioning MailerQ as a trusted and professional solution in the email delivery market. The business model focuses on software licensing and support services for high-volume email senders. Technically, the website employs modern JavaScript libraries such as jQuery and D3.js, alongside a proprietary PxFramework. The hosting infrastructure appears stable with Apache servers and DNS managed by Proxi.nl. However, the absence of a valid SSL certificate and HTTPS support is a critical shortfall, impacting security and user trust. The site includes Google Analytics and Leadinfo tracking scripts, but lacks a cookie consent mechanism, which may raise privacy compliance concerns. From a security perspective, the site implements several HTTP security headers but fails to provide a valid SSL/TLS configuration, leaving communications unencrypted. No explicit security policies, incident response contacts, or vulnerability disclosure mechanisms are publicly available. These gaps represent significant risks, especially given the nature of the business handling email delivery and potentially sensitive customer data. Overall, while the business and website demonstrate professionalism and market relevance, urgent improvements in security posture and privacy compliance are recommended to mitigate risks and enhance trustworthiness.

Y

Yelp Inc.

yelp-support.com

55

Yelp Inc. operates a leading online platform that connects consumers with local businesses through user-generated reviews, photos, and business information. The support center website provides resources for both consumers and business owners, including FAQs, business page management, advertising, and reservation services. The site targets a broad audience of consumers seeking local business information and business owners managing their Yelp presence. Technically, the site leverages Salesforce Visualforce technology, Amazon AWS hosting, and integrates Google Analytics and Tag Manager for tracking. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate and lack of HTTPS support, which significantly impacts its security posture. Privacy policies and terms of service are well documented and linked to official Yelp domains, indicating good compliance practices. Contact information is provided primarily via phone numbers and a search form, but no direct email contacts or incident response channels are visible.

S

SailPoint Technologies, Inc.

sailpoint.com

71

SailPoint Technologies, Inc. is a leading enterprise software company specializing in identity security solutions that help organizations manage and protect all types of enterprise identities. The company holds a strong market position with recognition from Gartner, KuppingerCole, and Frost & Sullivan, serving a global enterprise audience including many Fortune 500 companies. Their core offerings include Identity Security Cloud, IdentityIQ software, and advanced capabilities such as machine identity security and AI-driven automation through Harbor Pilot. The website reflects a mature digital presence with comprehensive content, multilingual support, and a professional design that targets security leaders and IT professionals. Technically, the website is built on modern frameworks such as Next.js and React, hosted on Vercel with Cloudflare CDN integration. It employs a variety of third-party marketing, analytics, and security tools including Google Analytics, Hotjar, Marketo, and Bugcrowd. While the site is mobile optimized and accessible, performance is moderate and could benefit from further optimization. The SSL configuration is currently invalid or missing, which is a critical security concern that impacts the overall security posture. From a security perspective, the site implements a robust Content Security Policy and several security headers but lacks full HSTS enforcement and OCSP stapling. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR compliance indicators. Contact information is primarily provided via forms and external portals, with security-related contact emails identified. Overall, the website demonstrates a high level of professionalism and trustworthiness, supported by strong business credibility and industry recognition. However, the invalid SSL certificate is a significant risk that should be addressed promptly to maintain user trust and security integrity.

1

1Password

1password.com

71

1Password is a mature and industry-leading technology company specializing in password management and extended access management solutions for individuals, families, and enterprises. The company offers a comprehensive suite of products including enterprise password management, device trust, and access governance, positioning itself strongly in the cybersecurity market. Their website reflects a professional and well-branded digital presence with clear messaging and extensive resources. Technically, the site leverages modern frameworks like Next.js and React, hosted on Cloudflare and Netlify, ensuring fast performance and good mobile optimization. However, critical security issues exist due to an invalid SSL certificate and lack of modern TLS protocol support, which significantly impact the security posture. Privacy and compliance documentation is comprehensive and GDPR compliant. Overall, 1Password demonstrates strong business credibility and digital maturity but must urgently address SSL and TLS issues to maintain trust and security.

C

Cursor Inc.

cursor.io

53

Cursor Inc. is a Canadian-based web design and development company founded in 2018, specializing in delivering comprehensive digital services including strategy, design, development, marketing, and analytics. The company targets future-focused brands seeking innovative and transformative technology solutions. Their market position is that of a full-service digital agency with a focus on modern web technologies and user experience. The website content reflects a professional and consistent brand image with clear service offerings and a moderate social media presence. Technically, the site is built on modern frameworks such as React and Next.js, hosted on DigitalOcean, and uses Builder.io as a CMS. However, the website suffers from slow load times and lacks some accessibility features. From a security perspective, the site has critical issues including the absence of a valid SSL certificate, no HTTPS enforcement, and missing security headers, which significantly lowers its security posture. Privacy compliance is poor, with no visible privacy or cookie policies and no GDPR indicators. Contact information is limited to a contact form with no explicit emails or phone numbers. Overall, the site is functional and professional but requires urgent security and privacy improvements to enhance trust and compliance.

S

SIA SkanaGaisma.lv

skanagaisma.lv

40

SkanaGaisma.lv is a Latvian company specializing in the rental of sound and lighting equipment, stages, tents, and event furniture, providing full technical support for events across Latvia since 2012. The company targets event organizers, private individuals, and businesses, offering a comprehensive range of services from sound and lighting to live streaming and stage setups. Their market position is strong within the local event rental sector, supported by a professional website and active social media presence. Technically, the website is built on OpenCart with a modern theme and integrates popular analytics and marketing tools, though performance is somewhat slow. Security is adequate with HTTPS and strong cipher suites but lacks advanced configurations like HSTS and DMARC, which are recommended for improvement. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Overall, the website is professional and trustworthy, with clear contact information and positive customer testimonials.

S

Spacelift, Inc.

spacelift.io

62

Spacelift, Inc. operates a mature and reputable infrastructure orchestration platform that integrates with popular infrastructure as code tools such as Terraform, OpenTofu, Ansible, and others. The company targets DevOps and platform engineering teams, offering a SaaS and self-hosted solution to streamline infrastructure provisioning, configuration, governance, and collaboration. The website reflects a strong market position with endorsements from notable customers and partners, emphasizing secure, cost-effective, and high-performance infrastructure delivery. Technically, the website is built on modern frameworks including Next.js and React, hosted on Vercel, and employs a variety of analytics and marketing tools such as Segment, Google Analytics, and HubSpot. The site is well-optimized for SEO, mobile responsiveness, and accessibility, providing an excellent user experience. However, the SSL certificate is currently invalid or misconfigured, and modern TLS protocols are not enabled, which impacts the security posture. Security-wise, the site implements several best practices including strict transport security headers, content security policies, and XSS protections. Despite this, the lack of a valid SSL certificate and absence of OCSP stapling are notable weaknesses. Privacy compliance is well addressed with clear privacy and cookie policies, including consent mechanisms, and GDPR compliance indicators. Overall, Spacelift demonstrates a strong business and technical foundation with minor security and compliance gaps. Addressing SSL issues and enhancing security configurations will further strengthen trust and protect user data.

Y

Yelp

yelp.fi

70

Yelp.fi is the Finnish localized version of Yelp, a leading online platform providing user-generated reviews and business listings primarily for the Helsinki area. The website offers extensive content including business categories, user reviews, and search capabilities for local services. It targets consumers seeking trusted local business information and provides business owners with advertising and management tools. The platform is built on modern web technologies including React and is hosted on Amazon AWS infrastructure with CDN support. While the site demonstrates strong content quality, branding consistency, and good privacy compliance with GDPR, it suffers from an invalid SSL certificate and lacks support for modern TLS protocols, which impacts its security posture. Security headers and content security policies are implemented, but some CSP directives allow unsafe inline scripts, which could be improved. Overall, the site is professional and trustworthy but should address SSL and TLS issues to enhance security and user trust.

D

Davey & Krista

daveyandkrista.com

40

Davey & Krista is a specialized creative business focused on providing custom branding and website design services, along with professionally crafted Showit and WordPress website templates. Their market position is strong within the creative professional segment, supported by a decade of domain maturity and a trusted client base exceeding 8,000. The business model combines e-commerce sales of digital products and educational courses, targeting photographers, designers, and other creative entrepreneurs. Technically, the website is built on WordPress integrated with Showit and WooCommerce, hosted by BigScoots. It leverages modern marketing and analytics tools such as Google Analytics, Facebook Pixel, Pinterest Pixel, and affiliate tracking. However, performance metrics are not available, and the site shows signs of slow loading. Mobile optimization and SEO are well addressed, but accessibility is basic. Security posture is weak due to the absence of a valid SSL certificate and lack of modern TLS protocols, which critically impacts user trust and data protection. Security headers are present but insufficient without HTTPS. Privacy compliance is minimal, with no cookie consent mechanism and a basic privacy policy. Business credibility is high, supported by consistent branding, testimonials, and social proof. Overall, the site presents a professional and trustworthy business front but requires urgent security improvements, especially SSL implementation, to protect users and enhance compliance. Strategic recommendations include securing HTTPS, enabling cookie consent, and enhancing privacy and security policies.

S

Shralpin

shralpin.com

40

Shralpin is a specialized media platform focused on skateboarding culture, providing news, videos, pictures, and event coverage targeted at skateboarders and enthusiasts. The website operates primarily as a content publisher and community hub, leveraging WordPress CMS and common digital marketing tools such as Google Analytics and Facebook Pixel. The business is positioned as a niche media outlet within the skateboarding industry, serving a small but engaged audience primarily in the United States. Technically, the website is built on WordPress hosted by SiteGround, using standard plugins and scripts for analytics and advertising. However, the site suffers from slow performance and lacks a valid SSL certificate, which critically impacts security and user trust. Mobile optimization and SEO are reasonably well implemented, but accessibility features are basic. From a security perspective, the absence of HTTPS and security headers exposes the site to risks and undermines user data protection. No advanced security policies or incident response contacts are evident. Privacy compliance is minimal, with a privacy policy present but no cookie consent mechanism or GDPR compliance indicators. Overall, the site is functional and professionally presented but requires urgent improvements in security infrastructure and privacy compliance to enhance trustworthiness and protect users. Strategic recommendations include implementing HTTPS, enabling security headers, and adding cookie consent mechanisms to align with privacy regulations.

Amazon Leasing is a small business specializing in leasing exotic and luxury vehicles with a focus on closed end leases without prepayment penalties. The company targets individuals and businesses interested in high-end vehicle leasing. The website provides basic business information primarily through JSON-LD structured data, including a contact phone number, but lacks comprehensive contact details such as email addresses or physical addresses. The market position appears niche within the transportation sector, focusing on luxury vehicle leasing services. Technically, the website uses modern JavaScript frameworks likely including Vue.js and PrimeVue components, integrates Google Analytics for tracking, and embeds Vimeo player scripts. Hosting appears to be provided by A2 Hosting based on DNS records. However, the website suffers from slow performance with a high page load time and large page size. Mobile optimization and accessibility are basic, and SEO practices are minimal. From a security perspective, the website has critical deficiencies. It lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. No security headers are present, and advanced security features such as HSTS and OCSP stapling are missing. Privacy and cookie policies are absent, indicating poor privacy compliance. These issues significantly reduce the trustworthiness and security posture of the site. Overall, the website presents a basic online presence with significant room for improvement in security, privacy compliance, and technical performance. Strategic enhancements in SSL implementation, security headers, and privacy policies are essential to improve user trust and regulatory compliance.

OldPostcards.com is a mature, niche e-commerce retailer specializing in vintage and collectible postcards, operating since 1998. The website offers a broad catalog of postcards including US states, world countries, trade cards, and thematic categories, targeting collectors and enthusiasts. The business maintains multiple related stores and demonstrates consistent branding and trust signals such as BBB accreditation and PayPal acceptance. Technically, the site is built on the ShopSite Pro platform with a traditional Apache hosting environment and uses common web technologies like jQuery and Bootstrap. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security deficiency. Privacy compliance is minimal, with no cookie consent mechanism and only basic privacy and terms of service pages. The site employs several analytics and marketing tools including Google Analytics, Facebook Pixel, and Constant Contact, but without clear user privacy controls. Overall, the site is functional and professional but requires urgent security and privacy improvements.

F

FORMILYTICS LLC

bdow.com

65

BDOW! (formerly Sumo) is a mature SaaS company specializing in email capture and lead generation tools, offering a variety of pop-ups, forms, and targeting features to help website owners grow their email lists effectively. The platform is well-positioned in the marketing technology space, with a strong user base and integrations with popular marketing tools. The website demonstrates a high level of digital maturity, leveraging modern web technologies such as GSAP animations, jQuery, and integration with analytics and marketing platforms like Google Analytics, Facebook Pixel, and Google Tag Manager. Hosting is managed via WP Engine with Cloudflare CDN and security services, ensuring good performance and availability. Security posture is solid with HTTPS enforced and no critical vulnerabilities detected, though improvements like enabling HSTS and OCSP stapling would enhance security further. Privacy compliance is basic, with privacy and terms documents hosted externally on Google Docs, and no explicit cookie consent mechanism detected. Contact information is limited to a web form, with no direct emails or phone numbers publicly listed. Overall, BDOW! presents as a professional and trustworthy service with a strong market presence and good technical implementation.

A

Adobe XD Elements

adobexdelements.com

43

Adobe XD Elements is a niche online platform providing free Adobe XD design resources such as UI kits, templates, mockups, icons, and illustrations. The website targets designers and UI/UX professionals seeking high-quality, ready-to-use design assets to enhance their projects. The business operates primarily as a free resource aggregator with monetization through advertising partnerships. Technically, the site is built on WordPress using Elementor and Yoast SEO, indicating a modern CMS infrastructure but suffers from performance issues with a slow load time. The site is mobile optimized and SEO friendly but lacks advanced accessibility features. Security posture is weak due to the absence of a valid SSL certificate, no HTTPS enforcement, and missing security headers, exposing users to potential risks. Privacy compliance is poor with no visible privacy or cookie policies, which is a significant compliance gap. Overall, the domain is mature and consistent with the business history, but critical security and privacy improvements are necessary to enhance trust and protect users.

S

Sketch Elements

sketchelements.com

45

Sketch Elements is a niche online platform providing free Sketch design resources including UI kits, templates, icons, mockups, style guides, and illustrations targeted at UI/UX designers and digital product creators. The website leverages WordPress with Elementor and related plugins to deliver curated content and collections, positioning itself as a valuable resource within the Sketch design community. The technical infrastructure is moderately mature, hosted on DigitalOcean, but suffers from slow page load times and lacks a valid SSL certificate, which is a critical security concern. The absence of HTTPS and security headers exposes users to risks and reduces trustworthiness. Privacy compliance is weak, with no visible privacy or cookie policies, and no explicit contact emails or phone numbers are provided, limiting business credibility. Social media presence is established, and advertising partnerships are evident. Overall, the site is functional and content-rich but requires urgent security and compliance improvements to enhance user trust and protect data.

L

lempire

tweethunter.io

57

Tweet Hunter is a specialized SaaS platform offering AI-powered tools to help individuals and brands grow and monetize their audience on X (formerly Twitter). The platform provides a comprehensive suite of services including content creation, scheduling, automation, CRM, and analytics, targeting users ranging from beginners to established influencers. The website is professionally designed with rich content and strong branding consistency, supported by extensive marketing and analytics integrations. Technically, the site is built on Webflow and leverages modern marketing and analytics tools, but suffers from critical security shortcomings due to an invalid or missing SSL certificate and lack of HTTPS enforcement. Privacy compliance is addressed with a comprehensive privacy policy and cookie consent management, though explicit security policies and incident response information are absent. Overall, the business appears legitimate and well-positioned in the technology sector, but the security posture requires urgent improvement to protect users and enhance trust.

T

Taplio

taplio.com

51

Taplio is a specialized AI-powered SaaS platform designed to help professionals and businesses grow their personal brand and engagement on LinkedIn. It offers a comprehensive suite of tools including AI-driven content creation, post scheduling, engagement building, analytics, and a Chrome extension to enhance LinkedIn experience. The platform targets LinkedIn users who want to optimize their content strategy and network growth efficiently. Technically, Taplio is built on WordPress with Elementor and leverages various modern web technologies and third-party integrations for analytics and marketing. However, a critical security gap is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. The website is well-structured with good SEO and accessibility features, but lacks a cookie consent mechanism despite using multiple tracking tools. Overall, Taplio presents a professional and trustworthy brand with strong business credibility but needs urgent improvements in security to protect user data and trust.

I

Inbound Elements

inboundelements.com

40

Inbound Elements is a small technology company specializing in the design and development of premium HubSpot templates, themes, and modules aimed at helping businesses and agencies scale their marketing efforts using HubSpot CMS. The company positions itself as a provider of high-quality, easy-to-use, and customizable HubSpot design assets, supported by a team of HubSpot certified experts. The website is professionally designed with excellent content quality and clear navigation, targeting HubSpot users seeking premium marketing templates and themes. Technically, the site is built on WordPress with Elementor and integrates multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, Twitter Conversion Tracking, and LinkedIn Insight Tag. However, the site suffers from critical security shortcomings, including the absence of a valid SSL certificate, lack of HTTPS enforcement, and missing security headers, which significantly reduce its security posture. Privacy compliance is also weak, with no visible privacy or cookie policies, which may expose the company to regulatory risks. Overall, while the business model and content quality are strong, the technical and security deficiencies present notable risks that should be addressed promptly.

L

lemlist

lemlist.com

58

lemlist is a technology company providing a comprehensive AI-powered sales engagement platform designed to automate multichannel outreach including email, LinkedIn, and calls. The platform offers a large lead database, advanced personalization, and integrated tools to streamline sales prospecting and improve reply rates. It is positioned as a key player in the sales automation market, serving over 20,000 sales teams with a strong reputation and high user ratings. Technically, the website is built on Webflow and leverages modern analytics and marketing technologies, but suffers from critical SSL/TLS misconfigurations that undermine security. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business demonstrates strong digital maturity and market presence but must urgently address its SSL and email security posture to maintain trust and compliance.

R

Railsware Products Studio LLC

mailtrap.live

68

Mailtrap.io, owned by Railsware Products Studio LLC, is a mature technology company specializing in email testing and delivery services. It serves a large global audience of developers, QA engineers, and managers with key offerings including Fake SMTP, API, SMTP Relay, and Email API. The company holds registered trademarks in major jurisdictions and maintains a strong market presence with over 900,000 users. Technically, the website is hosted behind Cloudflare, uses modern TLS protocols, and integrates popular analytics and customer support tools. Security posture is good with HTTPS enforced and SPF configured, though improvements such as DMARC, HSTS, and DNSSEC are recommended. Privacy compliance is supported by a comprehensive privacy policy and terms of service, but cookie consent mechanisms are not evident. Overall, the site is professional, trustworthy, and well-structured, with clear contact and business information.