Security Directory

S

SUPER

super-web.es

0

SUPER is a small Spanish technology company specializing in virtual and digital ecosystem solutions targeted at European markets. Their website offers multilingual content and services including virtual expert consultations and technology-related blog posts. The technical infrastructure is based on WordPress with common plugins such as WooCommerce and LayerSlider, supported by Apache server technology. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Privacy and cookie policies exist but lack advanced compliance features such as consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional but requires urgent security improvements to protect user data and build trust.

A

Asociación APSA

asociacionapsa.com

0

Asociación APSA is a well-established Spanish non-profit organization focused on providing comprehensive services for individuals with disabilities across various life stages including education, transition to adulthood, adult occupational and residential care, and elderly services. The organization has a mature online presence with a domain registered since 2003 and a consistent brand identity. Their website is built on WordPress using Elementor and related plugins, offering good content quality, clear navigation, and accessibility features. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. While privacy and cookie policies are present and GDPR compliant, no explicit security or incident response policies are found. The organization maintains active social media channels and partnerships with recognized entities, enhancing trust and outreach. Strategic improvements in SSL implementation, security headers, and domain protection are recommended to elevate security and user trust.

M

Marc Martí

marc-marti.com

0

Marc Martí is a well-established Spanish company specializing in large format digital printing and advertising services, operating since 1977 with offices in Barcelona, Madrid, and Valencia. The company offers a comprehensive range of advertising and visual communication services targeting businesses and events across Spain and Europe. The website reflects a mature business with consistent branding and a professional online presence, including multilingual support and active social media channels. Technically, the site is built on WordPress using popular plugins and themes, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with clear cookie and privacy policies and a consent mechanism. However, the absence of HTTPS and security headers lowers the security posture significantly. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Opus Dei is a well-established non-profit Catholic prelature focused on spiritual formation and evangelization. The website serves as a comprehensive resource hub offering spiritual texts, news, multimedia content, and subscription services targeted at the Catholic faithful and spiritual seekers. The organization maintains a strong digital presence with official social media channels and multilingual support. Technically, the website employs modern web technologies including service workers and progressive enhancement features, hosted behind Cloudflare DNS. However, the absence of a valid SSL certificate and HTTPS support significantly undermines the security posture. Privacy policies are comprehensive and GDPR compliant, with clear data protection officer contact information. The website's performance is slow, but mobile optimization and accessibility are good. Overall, the site is professional and trustworthy but requires urgent security improvements.

A

Almirall, S.A.

almirall.com

0

Almirall, S.A. is a well-established pharmaceutical company focused on research and development of medicines for patients worldwide. The company has a mature online presence with a domain age of 25 years and a comprehensive website targeting patients, healthcare professionals, investors, and media professionals. The website provides extensive information about the company's purpose, expertise, sustainability efforts, and corporate governance, reflecting a strong business model and market position in the healthcare sector. Technically, the website is built on the Liferay CMS platform, hosted on Azure DNS, and utilizes modern JavaScript libraries and analytics tools such as Google Analytics, Google Tag Manager, New Relic, and OneTrust for cookie consent management. Accessibility features are implemented via EqualWeb, enhancing usability for diverse users. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture and user trust. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL/TLS configuration to ensure secure communications.

YOYO STUDIO's website is currently a minimal placeholder with very limited content, consisting primarily of a large image and a basic page title. The lack of textual content, metadata, and business information suggests the site is either under development or not actively maintained. The domain is registered in Spain and hosted on cdmon.net, consistent with the .es domain extension. However, the absence of HTTPS and security best practices significantly undermines the site's security posture. No privacy or cookie policies are present, indicating non-compliance with GDPR and related regulations. Overall, the website's digital maturity is low, with poor performance and minimal user engagement features.

The website ambit.cat is currently inaccessible due to a Cloudflare security challenge page that requires JavaScript and cookies to proceed. This prevents access to any meaningful content or business information. The domain is mature, registered since 2009, and uses Cloudflare for DNS and security services. However, the site lacks a valid SSL/TLS certificate, serving content only over HTTP, which is a critical security issue. No privacy, cookie, or terms of service policies are present, and no contact information or forms are available. The security headers are well configured but cannot compensate for the lack of HTTPS. Overall, the site’s security posture is weak, and the business credibility is low due to the absence of visible content and contact details.

E

EUROFRONT

programaeurofront.eu

0

Programa EUROFRONT is a European Union-funded cooperation program aimed at strengthening development and security in Latin America, focusing on border management and human rights protection. The website serves as an information portal for the program's activities, partners, and news, targeting government agencies and stakeholders involved in migration and security. Technically, the site is built on Bolt CMS with common web technologies and includes social media integration and event calendars. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Privacy and cookie policies exist but lack advanced consent mechanisms, and no direct contact information or security policies are provided. The WHOIS data is consistent and supports the legitimacy of the domain. Overall, the site provides good content and user experience but requires urgent security improvements to protect users and enhance trust.

C

Copolad

copolad.eu

0

Copolad is a government and non-profit cooperation program focused on drug policy collaboration between Latin America, the Caribbean, and the European Union. The website serves as an information portal offering news, publications, training, and event details to stakeholders involved in drug policy. The business model is based on international cooperation funded by the EU and partner organizations, positioning Copolad as a reputable program in its sector. Technically, the website is built on WordPress with multiple plugins and frameworks including WP Rocket, WPML for multilingual support, and various marketing and analytics tools such as Google Analytics and Mailchimp. The site is hosted by Arsys Internet S.L.U. but suffers from slow load times and lacks a valid SSL certificate, which impacts security and user trust. From a security perspective, the absence of a valid SSL certificate is a critical vulnerability, exposing users to potential data interception. No security headers or incident response policies are evident, indicating room for significant improvement in security posture. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, while the website provides valuable content and maintains good business credibility, the lack of HTTPS and security best practices lowers its security score and user trust. Strategic improvements in SSL deployment, security headers, and incident response readiness are recommended to enhance the site's security and compliance standing.

E

EUROsociAL

eurosocial.eu

0

EUROsociAL is a European Union program dedicated to promoting social cohesion in Latin America through technical assistance, policy design, and knowledge management. The website serves as a comprehensive portal offering news, seminars, reports, and resources targeted at government agencies and social organizations across 19 Latin American countries. The program has a strong market position with over 15 years of operation and is supported by reputable international partners. Technically, the site is built on WordPress with a variety of plugins and integrations, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. The security posture is weak due to missing HTTPS, lack of modern TLS support, and minimal security headers. Privacy compliance is basic with presence of privacy and cookie policies but no explicit consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

F

Fiiapp

fiiapp.org

0

FIAP (formerly FIIAPP) is a Spanish non-profit foundation specializing in international cooperation and public policy support. With a domain age of 24 years and operations in over 120 countries, it holds a strong market position in government and non-profit sectors. The website provides comprehensive information about its services, projects, and communications, targeting public administrations and international cooperation stakeholders. Technically, the site is built on WordPress with Elementor and uses modern JavaScript libraries, but suffers from a critical lack of valid SSL/TLS configuration, impacting security and trust. Privacy and cookie policies are well implemented with consent mechanisms, and contact information is clearly presented. Social media presence is robust across multiple platforms.

The Latin America IP SME Helpdesk is an official European Commission service providing free intellectual property assistance to SMEs from the EU and SMP-associated countries targeting the Latin American market. It offers confidential advice, training, and resources to improve global competitiveness. The website is professionally designed, content-rich, and well-structured, targeting SMEs seeking IP support in Latin America. Technically, the site is built on Drupal 10 and hosted by Level27 bv, with moderate performance and good mobile and accessibility features. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. Privacy compliance is strong with clear cookie and privacy policies, and contact information is transparent and institutional. Overall, the site is trustworthy but urgently needs to address its SSL/TLS configuration to improve security posture and user trust.

C

Cámara de Comercio de España

camara.es

0

Cámara de Comercio de España is a well-established governmental and non-profit organization dedicated to supporting SMEs, entrepreneurs, and self-employed individuals in Spain. The website offers a comprehensive range of services including business creation, innovation support, foreign trade facilitation, training, and mediation. It serves as a national chamber of commerce with a strong market position and a broad service portfolio. The digital infrastructure is built on Drupal 10 with Apache and PHP backend, hosted likely by Cloud4B, and includes modern frontend technologies ensuring good mobile optimization and accessibility. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS configuration, exposing users to potential risks. Privacy and cookie compliance are well implemented, with clear policies and consent mechanisms. The WHOIS data confirms the legitimacy and consistency of the domain registration, aligning with the organization's official status. Strategic improvements in SSL/TLS deployment and security hardening are recommended to enhance trust and security posture.

C

Cambra de Terrassa

garantiajuvenil.cat

0

Garantiajuvenil.cat is a government-backed youth employment program website managed by Cambra de Terrassa, targeting young people aged 16 to 29 who are not currently working or studying, as well as companies interested in hiring youth with incentives. The program is promoted by the Ministry of Labour and Social Economy and co-financed by the European Social Fund. The website provides information, orientation, and support services to its target audience. Technically, the site is built on WordPress using Elementor and Yoast SEO plugins, with integration of Google Analytics and social media links. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts its security posture. Privacy compliance is basic but present, with cookie consent and privacy policies linked. Overall, the site is functional but requires urgent security improvements to protect user data and enhance trust.

EACAT is a mature government-operated digital platform serving the Catalan public administrations by providing electronic administration services and facilitating inter-administrative communication. The platform targets public sector entities within Catalonia and has been operational for over 15 years, reflecting a stable market position within the regional government sector. The website content and branding are consistent with official government services, supported by domain registration details matching the registrant organization and country. Technically, the website employs legacy JavaScript libraries such as jQuery 1.8.2 and Modernizr 2.6.2, with backend technologies based on Microsoft Visual Studio .NET and C#. Hosting is via Amazon AWS DNS infrastructure. Performance is suboptimal with a slow load time and large page size. Mobile optimization and accessibility are basic, and SEO practices are minimal. The site lacks a CMS and uses custom-built code. From a security perspective, the site has critical deficiencies including the absence of a valid SSL/TLS certificate, no HTTPS support, and no security headers. DNS records show valid SPF and DMARC configurations, but CAA records are malformed. No incident response or security policy information is provided. Sensitive login forms transmit credentials without encryption, posing significant risk. Privacy compliance is weak, with no cookie consent mechanism despite use of tracking scripts like Google Tag Manager and Lucky Orange. Overall, the website presents moderate business credibility as a government service but suffers from critical security and privacy shortcomings. Immediate remediation of SSL/TLS configuration and implementation of security best practices is essential to protect user data and maintain trust. Enhancing privacy compliance and modernizing technical infrastructure would further improve the platform's digital maturity and user experience.

D

Digital Impulse Hub

digitalimpulsehub.eu

0

Digital Impulse Hub is a strategic alliance focused on supporting the digital transformation of SMEs and local public administrations in Spain. It leverages partnerships with chambers of commerce, universities, and public entities to provide consulting, training, financing, and networking services. The website reflects a mature digital presence with integration into the European Digital Innovation Hubs network, showcasing a strong regional market position and trust indicators such as the Seal of Excellence. Technically, the site is built on WordPress with modern frameworks and libraries, though performance optimization is needed due to slow load times and large page size. Security posture is adequate with HTTPS, SPF, and DMARC configured, but could be enhanced with additional headers and HSTS. Privacy compliance is well addressed with GDPR-compliant cookie consent and policies. Overall, the site is professional and trustworthy, though direct contact details are limited to forms and social media.

G

Generalitat de Catalunya

atm.cat

0

Autoritat del Transport Metropolità (ATM) is a public consortium under the Generalitat de Catalunya, managing integrated transport tariffs and mobility projects in the Barcelona metropolitan area. The website serves as an official portal providing comprehensive information about transport tariffs, mobility plans, transparency, and customer support. It targets residents and public transport users in Catalonia, offering multilingual content and links to related government services. The business model is public sector focused, emphasizing transparency and service delivery rather than commercial revenue. Technically, the website is built on the Liferay CMS platform with modern web technologies including React and Bootstrap. While the site is content-rich and accessible, performance is hindered by a high load time and large page size. The site is mobile optimized and includes accessibility features. SEO and metadata are well implemented, including Open Graph tags. Security posture is adequate with HTTPS enforced, valid SSL certificates, and email authentication via DMARC and SPF. However, advanced security headers like HSTS and DNSSEC are missing, and domain protection locks are not enabled, which could be improved. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is trustworthy and professionally maintained, reflecting its governmental nature. Recommendations include enhancing security headers, enabling DNSSEC, improving performance, and adding explicit security and incident response policies to further strengthen trust and compliance.

M

Moventia

moventia.net

0

Moventia is a well-established multinational family business specializing in sustainable mobility solutions since 1923. The company offers integrated services in collective and private mobility, emphasizing quality, innovation, and sustainability. Their digital presence is built on a modern WordPress platform with multilingual support and SEO optimization, reflecting a mature and professional online identity. However, the website suffers from a critical security flaw due to an invalid SSL certificate, resulting in the absence of HTTPS protection, which poses risks to user data and trust. While privacy and cookie policies are present and GDPR compliant, no explicit security or incident response policies are found. The domain registration is consistent and mature, supporting the company's legitimacy. Strategic improvements in SSL deployment and security headers are recommended to enhance the security posture and user trust.

M

Marfina, SL

moventisexperience.es

0

MoventisExperience is an online platform operated by Marfina, SL, offering road transport services and excursions primarily in Catalonia, Spain. The company provides shuttle transfers, private transfers, and guided tours, targeting tourists and travelers seeking convenient booking options. The website reflects a medium-sized business with consistent branding and a focus on customer service, including 24/7 telephone support and cancellation policies. Technically, the site uses a modern tech stack including jQuery, Bootstrap, and Google Tag Manager, but suffers from slow load times and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear cookie and privacy policies and a consent mechanism via Cookiebot. However, no explicit security or incident response policies are found on the site. Overall, the site is professional and trustworthy but requires improvements in security and performance to enhance user trust and compliance.

M

Moventia

moventia.es

0

Moventia is a well-established Spanish multinational company specializing in collective and private mobility solutions since 1923. The company positions itself as a leader in the transportation sector with a strong emphasis on innovation, sustainability, and quality service. Their website reflects a mature digital presence with multilingual support, rich multimedia content, and comprehensive corporate information. Technically, the site is built on WordPress with modern plugins and frameworks, though performance is somewhat slow likely due to heavy resource usage. Security posture is a concern due to an invalid SSL certificate and lack of modern TLS protocols, which exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding and trust signals, but security improvements are critical to maintain reputation and compliance.

C

Consorci Localret

localret.cat

0

Consorci Localret is a well-established consortium focused on supporting local governments in Catalonia, Spain, with digital transformation initiatives. Their website showcases a comprehensive range of services including advisory, procurement centralization, telecommunications infrastructure, innovation office, and digital society support. The organization targets municipalities and supramunicipal entities, positioning itself as a key player in local government digital modernization. Technically, the website is built on WordPress with a mature tech stack including SEO and multilingual plugins, accessibility tools, and analytics integrations. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no HTTPS support and exposing users to potential risks. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is content-rich and professionally presented but requires urgent security improvements to protect user data and enhance trust.

The website gencat.net serves as an official domain for the Generalitat de Catalunya, the regional government of Catalonia, Spain. However, the site itself contains only a minimal HTML page that immediately redirects visitors to the main government portal at web.gencat.cat. This indicates that gencat.net functions primarily as a redirect domain rather than a content-rich site. The domain is mature, registered since 2000, and aligns with the official government entity, supporting its legitimacy. The target audience includes Catalan citizens and others seeking official government information. From a technical perspective, the site is hosted on an Apache server but lacks modern security and performance features. Critically, there is no SSL/TLS certificate configured, resulting in unencrypted HTTP traffic. The site does not implement DNSSEC, HSTS, or security headers, and no privacy or cookie policies are present. The minimal content and lack of technical sophistication suggest low digital maturity and poor user experience. Security posture is weak due to the absence of HTTPS and security best practices, exposing users to potential interception risks. The lack of privacy compliance measures and contact information further reduces trust and compliance with regulations such as GDPR. Despite these issues, the domain's WHOIS data is consistent and trustworthy, registered to a reputable registrar with no privacy protection, which is appropriate for a government domain. Overall, the website's primary function as a redirect limits its content and utility. Strategic improvements should focus on securing the domain with HTTPS, enhancing security headers, and providing clear privacy and contact information to improve trust and compliance.

C

Consorci Administracio Oberta De Catalunya

idcat.cat

0

The idcat.cat website is an official government digital identity platform managed by the Consorci Administracio Oberta De Catalunya, providing digital certificates for secure electronic identification and signing. The site targets residents and entities in Catalonia, facilitating interactions with public administrations. The business model is government service provision with a focus on digital identity and certification. The website content is well-structured and professionally presented, primarily in Catalan, with additional language options. However, the technical infrastructure shows weaknesses, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts security posture. The site uses modern JavaScript libraries and Google Tag Manager for analytics and user engagement but lacks cookie consent mechanisms, raising privacy compliance concerns. Overall, the domain registration and WHOIS data confirm legitimacy and consistency with the claimed government entity, but security improvements are critical to protect users and enhance trust.

A

ADTENDE SL

adtende.es

0

ADTENDE SL is a specialized company focused on innovation and service provision for the public sector, particularly in electronic administration and citizen assistance. The company positions itself as a unique partner with a public sector DNA, offering comprehensive services such as OAC 360º, LIAM AI agent, and centralized call services. Their target audience includes public administrations and e-citizens, emphasizing effective and innovative solutions to improve public service delivery. Technically, the website is built on WordPress with Elementor and integrates modern tools like Google Analytics and reCAPTCHA, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are well implemented and GDPR compliant, with clear contact information and social media presence enhancing business credibility. Security posture is weak due to missing HTTPS and lack of security headers, exposing the site to potential risks. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

M

Moventis S.A.

moventis.es

0

Moventis S.A. is a well-established transportation company specializing in collective passenger transport by road, operating primarily in Spain with regional and European services. The company offers a broad range of services including urban and interurban transport, coach rental, and ITS solutions. The website reflects a mature digital presence with comprehensive content, consistent branding, and clear business information targeting travelers and clients seeking transport services. Technically, the site is built on Drupal 7 with a variety of modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking. However, the site suffers from slow load times and lacks some advanced security headers and mechanisms such as HSTS, DNSSEC, and OCSP stapling. Privacy policies are present and GDPR compliance is indicated, though no active cookie consent mechanism is implemented. The WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the website is professional and trustworthy but could benefit from performance and security enhancements.

I

International Beach Tennis IFBT

ifbt.eu

0

International Beach Tennis IFBT is a small, specialized sports federation focused on promoting and organizing beach tennis events globally. The organization operates a multilingual WordPress website providing comprehensive event information, player rankings, and membership services. The technical infrastructure is based on WordPress with several plugins and a custom theme, hosted by CDmon in Spain. While the website content and business information are well presented and consistent with the organization's mission, the security posture is weak due to lack of a valid SSL certificate and absence of modern TLS protocols. Privacy compliance is addressed with clear policies and consent mechanisms. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

U

Universitat de Barcelona

ub.edu

0

The Universitat de Barcelona (UB) is a leading public academic institution in Spain, specializing in education, research, and innovation. The website serves a diverse audience including students, researchers, academic staff, alumni, companies, and media. It offers comprehensive information on academic programs, research initiatives, and institutional activities, positioning itself as a major educational entity in the region. The digital presence is supported by a mature technical infrastructure leveraging Liferay CMS and modern JavaScript frameworks, ensuring a good user experience and accessibility. However, the absence of a valid SSL certificate and HTTPS support is a critical security flaw that undermines user trust and data protection. Privacy compliance is well addressed through Cookiebot and Google Consent Mode, with clear cookie and privacy policies in place. Overall, the website is professional and content-rich but requires urgent security improvements to meet modern standards.

F

FUNDACION DEL MUSEO GUGGENHEIM BILBAO

guggenheim-bilbao.eus

0

The Museo Guggenheim Bilbao is a prominent non-profit cultural institution based in Bilbao, Spain, managed by the FUNDACION DEL MUSEO GUGGENHEIM BILBAO. The website serves as a comprehensive portal for visitors to plan their visits, explore exhibitions, and access educational resources. It targets a broad audience interested in art, culture, and museum experiences. The museum holds a strong market position as an internationally recognized art venue with strategic partnerships and sponsorships from government and corporate entities. Technically, the website leverages modern web technologies including Next.js and React, with a headless WordPress CMS backend. It integrates accessibility tools and multimedia content hosted on Vimeo. The site is mobile-optimized and SEO-friendly, providing a good user experience and navigation clarity. From a security perspective, the site currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data security. Other security headers and best practices are partially implemented, but the absence of HTTPS significantly lowers the security posture. Overall, the website is professionally designed and content-rich, but the lack of HTTPS is a major risk. Strategic recommendations include immediate SSL/TLS deployment, enabling HSTS, and improving certificate management to enhance security and user trust.

F

Fundacion Gala-Salvador Dali

salvador-dali.org

0

The Fundació Gala-Salvador Dalí is a well-established cultural foundation dedicated to preserving and promoting the legacy of the artist Salvador Dalí. Operating since 1999, it manages multiple museums and archives in Spain, offering exhibitions, educational programs, and research services. The website reflects a mature digital presence with multilingual support and clear navigation aimed at art enthusiasts, researchers, and tourists. Technically, the site uses Cloudflare for hosting and security, integrates Google Tag Manager and Metricool for analytics and tracking, and employs standard web technologies. Security posture is solid with HTTPS and several security headers, though improvements such as DNSSEC and enhanced HSTS settings are recommended. Privacy compliance is well addressed with clear cookie and privacy policies and a consent mechanism. Overall, the site demonstrates high business credibility and trustworthiness with consistent WHOIS data and a long domain history.

A

AJUNTAMENT DE LLEIDA

paeria.cat

0

The website paeria.cat is the official digital presence of the Ajuntament de Lleida, the municipal government of Lleida, Spain. It serves as a comprehensive portal for residents and visitors to access city information, municipal services, online procedures, news, events, and citizen participation platforms. The site is well-positioned as a trusted government resource with a broad range of public services and cultural content. Technically, the website is built on the Plone CMS platform, leveraging modern web technologies such as jQuery, Owl Carousel, and Google Fonts, hosted on Microsoft Azure infrastructure. While the site offers good accessibility and SEO features, its performance is somewhat slow due to a large page size and high resource count. Security posture is solid with HTTPS enforced using TLS 1.3 and 1.2, OCSP stapling, and valid SPF and DMARC DNS records. However, improvements are recommended in enabling HSTS, DNSSEC, domain protection locks, and additional security headers. Privacy compliance is strong with clear privacy and cookie policies and GDPR adherence. Contact information is readily available, including phone numbers, physical address, and online forms, complemented by active social media channels. Overall, the website demonstrates a mature, professional, and trustworthy government digital service with room for technical and security enhancements.

T

TEMPESTA MEDIA, S.L.

latempesta.cc

0

La Tempesta is a small Spanish company specializing in digital transformation and consulting services for cultural heritage and social innovation organizations. Founded in 2019, it offers a range of services including digital storytelling, web development, 3D virtualisation of heritage, knowledge management, and digital strategy. The company has a strong market position within its niche, supported by reputable clients and industry awards. Technically, the website is built on WordPress with modern plugins and frameworks, optimized for SEO and multilingual support. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with comprehensive cookie and privacy policies and consent mechanisms. Overall, the business presents a professional and trustworthy image but must urgently address its SSL/TLS configuration to improve security and user trust.

W

Walmeric

walmeric.com

0

Walmeric is a technology company specializing in transforming potential customers into real revenue through omnichannel assisted sales management and conversion enhancement. It holds a strong market position as a chosen global provider by Google for call detail forwarding and offers a suite of solutions including digital channel traceability, lead management, data consolidation, analytics, lead nurturing, and AI automation. The company is part of Globant and targets businesses seeking to optimize their sales and marketing performance. Technically, the website is built on modern frameworks like React and Next.js, integrating with major platforms such as Google Ads, Meta, Adobe Campaign, and Salesforce. However, the website suffers from a critical security weakness due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy and legal compliance are well addressed with comprehensive policies and GDPR indicators. Overall, the website demonstrates excellent content quality and business credibility but requires urgent security improvements to protect user data and enhance trust.

E

EELISA

eelisa.eu

0

EELISA is a European university alliance focused on engineering education, research, and innovation. It brings together multiple prestigious partner universities across Europe to provide joint educational programs, research networking, and community engagement. The website reflects a mature digital presence with comprehensive content, including detailed event listings and partner information. Technically, the site is built on WordPress with various plugins for events and page building, but suffers from slow performance and lacks a valid SSL certificate, which impacts security. The security posture is weak due to missing HTTPS, HSTS, DNSSEC, and other security headers. Privacy compliance is good with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional and trustworthy but requires significant improvements in security configuration to enhance user trust and data protection.

E

eKomi Holding GmbH

ekomi.es

0

eKomi Holding GmbH operates a global SaaS platform specializing in authentic customer and product reviews to enhance business conversion rates and SEO performance. The company is well-positioned in the technology and e-commerce sectors, serving over 15,000 clients worldwide with recognized certifications and awards. Technically, the website is built on WordPress with modern frameworks and includes essential marketing and analytics integrations with user consent. Security posture is solid with HTTPS and SPF/DMARC email protections, though improvements like HSTS and OCSP stapling are recommended. Overall, the website demonstrates good professionalism, trustworthiness, and compliance with privacy regulations.

Arvato SE operates a comprehensive supply chain management and e-commerce logistics platform targeting enterprise clients primarily in Spain and internationally. The website showcases a professional and well-structured digital presence powered by TYPO3 CMS and modern frontend technologies. Key services include supply chain management, logistics and fulfillment, transportation management, and digital solutions. The company demonstrates strong branding consistency and trust indicators such as client logos and social media presence. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which significantly impacts its security posture. Privacy compliance is well addressed with a comprehensive cookie policy and consent mechanism via Cookiebot. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

R

Roca Sanitario S.A.U.

roca.com

0

Roca Sanitario S.A.U. is a global leader in bathroom products with a presence in over 170 countries. The company offers a wide range of innovative, sustainable bathroom solutions targeting both consumers and professionals. Their website reflects a mature digital presence built on Liferay DXP, featuring rich content including product collections, professional resources, and corporate information. The site is well-branded and professionally designed, with good navigation and mobile optimization. However, the security posture is weakened by an invalid SSL certificate and lack of modern TLS protocols, which poses risks to user trust and data security. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via forms and social media, with no direct emails or phone numbers exposed. Overall, the website is functional and credible but requires urgent security improvements to protect users and enhance trust.

E

Elewit

elewit.ventures

0

Elewit is a technology platform under the Redeia group focused on driving innovation in the energy and telecommunications sectors. The company operates through venture capital investments, innovation challenges, and partnerships with startups and technology providers to accelerate the energy transition and connectivity. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding aligned with its parent company. Technically, the site is built on Drupal CMS with modern libraries and integrates Google Analytics and Cookiebot for tracking and compliance. Security posture is solid with HTTPS, valid SPF and DMARC records, and OCSP stapling, though improvements like HSTS and DNSSEC are recommended. No critical vulnerabilities or exposed sensitive data were detected. Overall, Elewit presents a professional and trustworthy online presence with good privacy compliance and a well-established partner ecosystem.

R

Reintel

reintel.es

0

Reintel is the largest neutral operator of dark fiber infrastructure in Spain, operating as a subsidiary of Grupo Red Eléctrica (redeia). The company provides critical telecommunications infrastructure services including long-distance fiber networks, dedicated cables, equipment hosting, and customized connectivity solutions. Their market position is strong within the Spanish energy and telecommunications sectors, serving businesses requiring extensive fiber optic connectivity. The website reflects a mature digital presence built on Drupal 10, integrating modern technologies such as Google Tag Manager, Cookiebot for consent management, and Google Maps API. Despite a slow page load time, the site offers excellent content quality, clear navigation, and good mobile optimization. Security posture is solid with HTTPS, valid SSL certificates, and OCSP stapling, though improvements are recommended in DNS security and HTTP security headers. Privacy compliance is robust with comprehensive privacy and cookie policies and active consent mechanisms. Overall, Reintel demonstrates a professional and trustworthy online presence aligned with its business stature.

R

Red Eléctrica

ree.es

0

Red Eléctrica is the Spanish Transmission System Operator (TSO) responsible for the operation, development, and maintenance of the national electricity grid. The company plays a critical role in ensuring the quality and security of electricity supply across Spain and supports the country's ecological transition by integrating renewable energy sources and developing infrastructure projects. The website reflects a mature digital presence with comprehensive content, clear navigation, and professional design, targeting energy sector stakeholders and the general public interested in electricity data and sustainability. Technically, the site is built on Drupal 10 with modern front-end libraries and uses Akamai and Imperva for DNS and CDN services. However, a critical security shortcoming is the absence of a valid SSL certificate and proper HTTPS configuration, which significantly impacts the site's security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Business credibility is strong, supported by consistent branding, corporate governance links, and trust signals. Overall, the site scores well in content and business credibility but requires urgent improvements in SSL/TLS security to enhance trust and protect users.

S

SQS - Software Quality Systems

sqs.es

0

SQS - Software Quality Systems is a medium-sized Spanish company specializing in software testing, quality assurance, certification, and data space services. It serves regulated sectors such as healthcare, pharmaceuticals, railways, and automotive, offering professional consulting, managed testing services, and training. The company holds multiple recognized certifications including ISO 9001, ISO/IEC 27001, and ENS, positioning itself as a trusted provider in the technology and regulated industries. Technically, the website is built on WordPress with Divi theme and integrates modern marketing and analytics tools such as Google Analytics, Hotjar, and reCAPTCHA. However, the site lacks a valid SSL certificate and modern TLS support, which significantly weakens its security posture. Privacy compliance is well addressed with GDPR cookie consent and a comprehensive privacy policy. Contact information is clearly available, enhancing business credibility. Overall, the website is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

R

Redeia

redeia.com

0

Redeia is a leading global manager of essential electricity and telecommunications infrastructures, primarily operating in Spain and Latin America. The company emphasizes sustainability, corporate governance, and a commitment to a just ecological transition. Technically, the website is built on Drupal 10 with modern libraries and is served via Imperva CDN, ensuring good performance and security. The security posture is strong with HTTPS, OCSP stapling, and secure cookie settings, though improvements in HSTS and DNS security are recommended. Privacy and cookie policies are present with consent mechanisms, indicating good compliance. Overall, Redeia presents a professional, trustworthy, and well-structured digital presence.

H

Hispasat

hispasat.com

0

Hispasat is a leading satellite telecommunications operator specializing in the distribution of audiovisual content in Spanish and Portuguese across Europe and Latin America. As a large enterprise and a subsidiary of Redeia, Hispasat offers a broad portfolio of satellite and data services including internet access, cellular backhaul, tele-education, and satellite programs. The website reflects a mature digital presence with multilingual support, modern UI frameworks, and a comprehensive content structure targeting telecommunications customers and partners. Technically, the infrastructure leverages Microsoft Azure hosting and AWS Route53 DNS, with a tech stack including jQuery, Bootstrap, and Google Tag Manager. Security posture is moderate with valid SSL certificates and SPF records but lacks advanced protections such as HSTS, DMARC, DNSSEC, and OCSP stapling. The site employs cookie consent mechanisms and analytics tools, indicating awareness of privacy compliance, though no explicit security or incident response policies are published. Overall, Hispasat demonstrates a professional and trustworthy online presence aligned with its market position.

D

DEKRA ITV

dekraitv.es

0

DEKRA ITV is the leading global operator in vehicle technical inspection (ITV), recently expanding its presence in Spain since 2022. The company offers a comprehensive range of services including online appointment booking, inspections for conventional and electric vehicles, and specialized services for corporate fleets. Their commitment to sustainability is demonstrated through the ITVerde project, focusing on green technologies and practices in ITV stations. Technically, the website is built on WordPress with Elementor and several premium plugins, optimized for SEO and mobile use, and integrates cookie consent and analytics tools such as CookieYes and Microsoft Clarity. Security-wise, the site has a valid SSL certificate but lacks modern TLS protocol support and some security headers, indicating room for improvement in HTTPS enforcement and security best practices. Overall, DEKRA ITV presents a professional, trustworthy, and user-friendly digital presence aligned with its market leadership.

D

DEKRA Certificación

dekra-certification.es

0

DEKRA Certificación is a leading European certification body accredited by ENAC, specializing in audits and certifications across quality, environmental management, occupational health and safety, sustainability, and cybersecurity sectors. The company offers a broad portfolio of certifications including ISO 9001, ISO 14001, ISO 45001, and industry-specific certifications such as SERMI and TISAX, targeting businesses aiming to improve compliance and operational excellence. Their market position is strong, supported by recognized accreditations and a comprehensive service offering tailored to various industries in Spain and beyond. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, hosted on Azure, and integrates multiple analytics and marketing tools such as Matomo, Hotjar, and Google Tag Manager. The site demonstrates good performance, mobile optimization, and accessibility, reflecting a mature digital infrastructure. However, the SSL/TLS configuration shows no enabled TLS protocols, which is unusual and should be addressed for secure communications. From a security perspective, the site implements robust HTTP security headers including HSTS, CSP, and X-Frame-Options, but the lack of TLS 1.2 or higher and the disabled X-XSS-Protection header indicate areas for improvement. No explicit security policy or incident response information is publicly available, which could be a gap in transparency and readiness. The site complies with GDPR, featuring comprehensive privacy and cookie policies with consent mechanisms. Overall, DEKRA Certificación presents a professional and trustworthy online presence with strong business credentials and technical maturity. Addressing the TLS configuration and enhancing security transparency would further strengthen their security posture and user trust.

D

DEKRA

dekra.es

0

DEKRA is a global leader in inspection, testing, and certification services, with a strong emphasis on safety, quality, and sustainability. The company offers a comprehensive range of services including consulting, digital and product solutions, industrial inspection, claims and expertise, training, and certification. DEKRA operates in multiple sectors such as energy, automotive, telecommunications, and manufacturing, serving a broad business audience primarily in Spain and internationally. The website demonstrates a mature digital infrastructure leveraging modern frameworks like Nuxt.js and Vue.js, hosted on Microsoft Azure, with robust performance and mobile optimization. Security measures are well-implemented, including strong HTTP security headers, a valid SSL certificate, and no detected major vulnerabilities. The site integrates multiple analytics and marketing tools with clear privacy and cookie policies, reflecting good compliance with GDPR. Overall, DEKRA's online presence is professional, trustworthy, and aligned with its market position as an enterprise-level service provider.

A

Andbank

andbank.es

0

The website's security posture is currently weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Critical and high-severity issues dominate the assessment, especially in privacy compliance (GDPR) and foundational web security headers, indicating gaps in legal and technical safeguards. The absence of key security headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to man-in-the-middle and cross-site scripting attacks. Lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks, especially for EU customers. The missing security framework, incident response procedures, and vulnerability disclosure policies reflect immature security governance, increasing exposure to prolonged or unmitigated incidents. Exposure of high-risk services such as FTP further elevates the attack surface. While email security, SSL/TLS, DNS health, and network security show moderate maturity, they still require improvements. Immediate attention to these issues will reduce risk, support regulatory compliance, and enhance customer trust.

A

Actyus | Fintech venture capital

actyus.com

0

The website demonstrates a moderate overall security posture with no critical issues but multiple high-severity vulnerabilities predominantly in governance, compliance, and configuration areas. Key deficiencies exist in GDPR compliance, including missing privacy and cookie policies and absence of a consent banner, exposing the organization to regulatory and reputational risks. Security headers are inadequately configured, increasing exposure to common web-based attacks such as clickjacking and cross-site scripting. The lack of a formal information security framework, incident response procedures, and security policy documentation indicates immature cybersecurity governance, which could delay breach detection and response. Email security and DNS health are relatively strong, though improvements in DMARC enforcement and DNSSEC could further reduce phishing and spoofing risks. SSL/TLS configuration issues, including weak key length and imminent certificate expiration, present risks to secure communications and customer trust. Network security posture is solid, providing a stable foundation for other improvements. Addressing these issues promptly will reduce regulatory exposure, enhance customer trust, and strengthen overall risk management.

B

Balearic Marine Cluster

balearicmarinecluster.com

0

The website’s security posture reveals significant gaps in foundational security controls and regulatory compliance, posing risks to both business operations and customer trust. While there are no critical vulnerabilities, multiple high and medium severity issues indicate a lack of essential security headers, incomplete GDPR compliance, and absence of key information security policies aligned with NIS2 requirements. The missing security headers expose the site to common web-based attacks like clickjacking, content injection, and cross-site scripting. GDPR non-compliance, including the absence of a privacy policy and cookie consent, risks regulatory penalties and reputational damage. The lack of incident response, security policies, and vulnerability disclosure procedures undermines the organization’s ability to manage and mitigate security incidents effectively. Exposure of high-risk services such as FTP further increases attack surface and potential data breaches. Although email security and DNS health are relatively strong, SSL/TLS and network security require immediate attention to prevent service disruptions and data interception. Overall, addressing these deficiencies is critical to protect customer data, maintain regulatory compliance, and safeguard business continuity.

B

Black Bull Group

blackbull-group.com

0

The website's security posture reveals significant gaps that expose the business to potential cyber risks and regulatory non-compliance. While there are no critical vulnerabilities, several high and medium-level issues, particularly in security headers, GDPR compliance, and network security, present serious concerns. Missing essential HTTP security headers increases exposure to web-based attacks such as clickjacking, content injection, and cross-site scripting. The absence of privacy and cookie policies, alongside missing cookie consent mechanisms, risks violating data protection regulations like GDPR, potentially resulting in legal penalties and reputational damage. Additionally, the lack of incident response procedures and vulnerability disclosure policies hampers the organization's ability to effectively manage and recover from security incidents. The exposure of high-risk services like FTP further elevates the threat landscape. Overall, immediate remediation is essential to enhance security posture, protect customer data, and ensure regulatory compliance to safeguard business continuity and trust.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.