Security Directory

The website at uoc.edu is currently inaccessible, returning a 403 Forbidden error page with minimal HTML content. This prevents any meaningful extraction of business, security, or compliance information from the site itself. The domain is registered and maintained with no privacy protection, indicating a legitimate registration status, but the lack of SSL/TLS and security headers presents a poor security posture. The DNS configuration shows use of Amazon AWS for hosting and Google for email services, which are reputable providers. Due to the blocked content, the overall risk assessment is elevated, and the site cannot be fully evaluated for compliance or business credibility.

SEB.lv is the official website of SEB bank in Latvia, a major financial institution offering comprehensive banking services to private individuals, businesses, and large enterprises. The website provides extensive information on daily banking, loans, investments, insurance, and private banking, supported by a professional and well-structured Drupal-based platform. Multilingual support and clear navigation enhance user experience. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, exposing users to potential risks. DNS configurations show good email security practices with SPF and DMARC policies in place. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting strong privacy awareness. Overall, the site demonstrates a mature digital presence but requires urgent remediation of its SSL/TLS configuration to meet modern security standards.

PricewaterhouseCoopers Italy operates a mature, well-branded professional services website targeting businesses seeking consulting, auditing, tax, and advisory services. The site demonstrates a strong market position consistent with PwC's global reputation, offering a wide range of services and localized content for the Italian market. Technically, the site uses modern frameworks such as AngularJS and Adobe Experience Manager, but suffers from slow load times and lacks a valid SSL certificate and modern security headers, which are critical for trust and compliance. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the website is professional and trustworthy but requires urgent improvements in security posture to meet industry standards.

D

Digital Impulse Hub

digitalimpulsehub.eu

0

Digital Impulse Hub is a strategic alliance focused on supporting the digital transformation of SMEs and local public administrations in Spain. It leverages partnerships with chambers of commerce, universities, and public entities to provide consulting, training, financing, and networking services. The website reflects a mature digital presence with integration into the European Digital Innovation Hubs network, showcasing a strong regional market position and trust indicators such as the Seal of Excellence. Technically, the site is built on WordPress with modern frameworks and libraries, though performance optimization is needed due to slow load times and large page size. Security posture is adequate with HTTPS, SPF, and DMARC configured, but could be enhanced with additional headers and HSTS. Privacy compliance is well addressed with GDPR-compliant cookie consent and policies. Overall, the site is professional and trustworthy, though direct contact details are limited to forms and social media.

ilMioDono is a donation platform operated by UniCredit S.p.A., focused on facilitating donations to non-profit organizations and social projects primarily in Italy. The platform showcases multiple projects and organizations, providing a community engagement space for donors and beneficiaries. The website is built on Adobe Experience Manager and hosted via Akamai, with moderate performance and good mobile and accessibility features. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. The site implements DMARC with a reject policy, enhancing email security. Privacy and cookie policies are present and appear comprehensive, supporting GDPR compliance. Overall, the business credibility is strong due to the UniCredit brand and mature domain age, but security improvements are urgently needed.

J

JSC Credit Information Bureau

manakreditvesture.lv

0

JSC Credit Information Bureau (KIB) operates the website manakreditvesture.lv, providing credit information and risk management services in Latvia. As part of the global Creditinfo Group and backed by major Latvian banks, it offers individuals and companies access to credit reports, credit scores, dispute management, and profile monitoring. The business model includes free and subscription-based services, targeting Latvian consumers and financial institutions. The website is built on a modern React and Gatsby stack, offering a good user experience and clear navigation, though performance is somewhat slow. Security posture is weak due to the absence of a valid SSL certificate and lack of security headers, which poses a significant risk. Privacy compliance is basic but present, with a privacy policy aligned with GDPR. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but requires urgent security improvements to protect user data and build trust.

M

Moventia

moventia.net

0

Moventia is a well-established multinational family business specializing in sustainable mobility solutions since 1923. The company offers integrated services in collective and private mobility, emphasizing quality, innovation, and sustainability. Their digital presence is built on a modern WordPress platform with multilingual support and SEO optimization, reflecting a mature and professional online identity. However, the website suffers from a critical security flaw due to an invalid SSL certificate, resulting in the absence of HTTPS protection, which poses risks to user data and trust. While privacy and cookie policies are present and GDPR compliant, no explicit security or incident response policies are found. The domain registration is consistent and mature, supporting the company's legitimacy. Strategic improvements in SSL deployment and security headers are recommended to enhance the security posture and user trust.

M

Marfina, SL

moventisexperience.es

0

MoventisExperience is an online platform operated by Marfina, SL, offering road transport services and excursions primarily in Catalonia, Spain. The company provides shuttle transfers, private transfers, and guided tours, targeting tourists and travelers seeking convenient booking options. The website reflects a medium-sized business with consistent branding and a focus on customer service, including 24/7 telephone support and cancellation policies. Technically, the site uses a modern tech stack including jQuery, Bootstrap, and Google Tag Manager, but suffers from slow load times and lacks a valid SSL certificate, which impacts its security posture. Privacy compliance is well addressed with clear cookie and privacy policies and a consent mechanism via Cookiebot. However, no explicit security or incident response policies are found on the site. Overall, the site is professional and trustworthy but requires improvements in security and performance to enhance user trust and compliance.

Security assessment completed with an overall score of 0/100 (unknown risk). 1 critical issues require immediate attention. Total of 20 security findings identified across all modules.

M

Moventia

moventia.es

0

Moventia is a well-established Spanish multinational company specializing in collective and private mobility solutions since 1923. The company positions itself as a leader in the transportation sector with a strong emphasis on innovation, sustainability, and quality service. Their website reflects a mature digital presence with multilingual support, rich multimedia content, and comprehensive corporate information. Technically, the site is built on WordPress with modern plugins and frameworks, though performance is somewhat slow likely due to heavy resource usage. Security posture is a concern due to an invalid SSL certificate and lack of modern TLS protocols, which exposes the site to risks and undermines user trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business credibility is high, supported by consistent branding and trust signals, but security improvements are critical to maintain reputation and compliance.

C

Consorci Localret

localret.cat

0

Consorci Localret is a well-established consortium focused on supporting local governments in Catalonia, Spain, with digital transformation initiatives. Their website showcases a comprehensive range of services including advisory, procurement centralization, telecommunications infrastructure, innovation office, and digital society support. The organization targets municipalities and supramunicipal entities, positioning itself as a key player in local government digital modernization. Technically, the website is built on WordPress with a mature tech stack including SEO and multilingual plugins, accessibility tools, and analytics integrations. However, the site suffers from a critical security shortfall due to the absence of a valid SSL certificate, resulting in no HTTPS support and exposing users to potential risks. Privacy compliance is strong with clear cookie and privacy policies and consent mechanisms. Overall, the site is content-rich and professionally presented but requires urgent security improvements to protect user data and enhance trust.

C

CREDITREFORM Rating SIA

crediweb.lv

0

CrediWeb.lv is a Latvian-based business information platform operated by CREDITREFORM Rating SIA, providing comprehensive credit and business reports for companies primarily in Latvia, Europe, and China. The platform targets businesses and registered users seeking detailed company and private person credit information, offering services such as company reports, family trees, monitoring, and foreign credit reports. The website demonstrates a professional design with consistent branding and clear navigation, supporting multiple languages and user authentication methods including bank link authentication. Technically, the site uses modern JavaScript libraries like jQuery, Flatpickr, Tippy.js, and Chart.js, and integrates Google Tag Manager for analytics. However, the site suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which severely impacts user security and trust. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. WHOIS data confirms the domain is actively maintained and consistent with the business's Latvian operations, though domain protection locks are not enabled. Overall, while the business model and content quality are strong, the security posture requires urgent improvement to protect users and enhance credibility.

A

ADTENDE SL

adtende.es

0

ADTENDE SL is a specialized company focused on innovation and service provision for the public sector, particularly in electronic administration and citizen assistance. The company positions itself as a unique partner with a public sector DNA, offering comprehensive services such as OAC 360º, LIAM AI agent, and centralized call services. Their target audience includes public administrations and e-citizens, emphasizing effective and innovative solutions to improve public service delivery. Technically, the website is built on WordPress with Elementor and integrates modern tools like Google Analytics and reCAPTCHA, but suffers from slow performance and lacks a valid SSL certificate, which is a critical security concern. Privacy and cookie policies are well implemented and GDPR compliant, with clear contact information and social media presence enhancing business credibility. Security posture is weak due to missing HTTPS and lack of security headers, exposing the site to potential risks. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and enhance trust.

M

Moventis S.A.

moventis.es

0

Moventis S.A. is a well-established transportation company specializing in collective passenger transport by road, operating primarily in Spain with regional and European services. The company offers a broad range of services including urban and interurban transport, coach rental, and ITS solutions. The website reflects a mature digital presence with comprehensive content, consistent branding, and clear business information targeting travelers and clients seeking transport services. Technically, the site is built on Drupal 7 with a variety of modern JavaScript libraries and integrates Google Analytics and Tag Manager for tracking. However, the site suffers from slow load times and lacks some advanced security headers and mechanisms such as HSTS, DNSSEC, and OCSP stapling. Privacy policies are present and GDPR compliance is indicated, though no active cookie consent mechanism is implemented. The WHOIS data confirms domain legitimacy and consistency with the business claims. Overall, the website is professional and trustworthy but could benefit from performance and security enhancements.

JauniAuto.lv is a Latvian automotive news website providing up-to-date articles, reviews, and industry news targeted at Latvian-speaking automotive enthusiasts. The site operates primarily as an advertising-supported media platform, featuring a range of automotive content with a consistent brand presentation. Technically, the website is built on WordPress and uses common web technologies such as jQuery and Google Analytics, but suffers from slow performance and lacks modern security configurations. The absence of a valid SSL certificate and HTTPS support is a critical security gap, exposing users to potential risks. Additionally, the site lacks privacy and cookie policies, which raises compliance concerns under GDPR regulations. Business credibility is moderate due to the lack of explicit contact information and security policies, although the domain registration data aligns well with the website's purpose and location.

P

PK MEŽS SIA

pkmezs.lv

0

SIA PK Mežs is a Latvian small-sized company specializing in forestry and wood processing services, primarily serving the Zemgale region. The company offers forest and forest stand purchasing, forestry services, wood processing, and forest property valuation. The website is professionally designed with good content quality and clear navigation, targeting forest owners and sellers. Technically, the site uses a modern tech stack including jQuery, Usercentrics for cookie consent, Google Analytics, and Snowplow for analytics, hosted on Businessmedia.lv infrastructure. However, the website lacks a valid SSL certificate and HTTPS support, which is a critical security vulnerability. Privacy compliance is basic with a privacy policy and cookie consent but no GDPR-specific indicators or terms of service. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but requires urgent security improvements.

A

Attollo Brokers

octa24.lv

0

OCTA24.lv is an online insurance brokerage platform focused on providing vehicle owners in Latvia with an easy-to-use OCTA insurance calculator and policy purchase service. The website offers comprehensive information about mandatory vehicle liability insurance, including FAQs, news, and related insurance products like KASKO. The business operates under Attollo Brokers, a recognized insurance intermediary in Latvia, positioning itself as a convenient digital channel for insurance comparison and purchase. Technically, the site uses an older technology stack with Apache and PHP 5.5.9, integrating jQuery and FancyBox for UI components. Despite functional content and structured data, the absence of a valid SSL certificate and outdated server software significantly weaken the security posture. Privacy and cookie policies are present and GDPR compliant, but no explicit security or incident response policies are found. Overall, the site is functional and informative but requires urgent security upgrades to protect user data and improve trust.

I

iAuto.lv

iauto.lv

0

iAuto.lv is a Latvian automotive news portal providing a wide range of content including automotive news, sports, forums, classifieds, and user-generated content. The site targets Latvian-speaking automotive enthusiasts and general audiences interested in vehicles and related topics. It operates primarily as an advertising-supported media platform with additional services such as classifieds and insurance calculators. Technically, the site uses a custom or unknown CMS with technologies including nginx, jQuery, Font Awesome, Google Tag Manager, and Gemius analytics. Hosting is supported by Cloudflare DNS and a dedicated IP. However, the site lacks a valid SSL/TLS certificate and does not support modern TLS protocols, which significantly impacts its security posture. Cookie consent mechanisms are implemented, supporting GDPR compliance to a basic degree. The absence of explicit contact information and security policies reduces business credibility somewhat. Overall, the site is functional with good content quality but requires urgent security improvements to protect users and enhance trust.

A

Akciju sabiedrība “Olpha”

olpha.eu

0

Olpha is a leading pharmaceutical manufacturer based in Latvia with a strong regional presence across more than 60 markets. The company offers a broad portfolio of pharmaceutical products, active pharmaceutical ingredients, and contract manufacturing services. Their website reflects a mature digital presence built on WordPress with multilingual support and advanced accessibility features, demonstrating a commitment to inclusivity and user experience. The site is professionally designed with clear navigation and comprehensive content tailored to healthcare professionals, business partners, and the general public. Security posture is solid with HTTPS enabled and SPF/DMARC email protections, though improvements in HTTPS hardening and DNS security are recommended. Privacy and cookie policies are well implemented and GDPR compliant. Overall, Olpha presents a trustworthy and credible business with a modern digital infrastructure.

A

Akciju sabiedrība “Olpha”

olpha.lv

0

Olpha is a leading pharmaceutical manufacturer based in Latvia, serving over 60 markets with a broad portfolio of pharmaceutical products, active ingredients, and nutritional supplements. The company operates through multiple subsidiaries across Eastern Europe and Central Asia, emphasizing contract manufacturing and pharmaceutical co-development. Their website reflects a mature digital presence with multilingual support, professional design, and a strong focus on accessibility, ensuring compliance with WCAG 2.1 AA standards. Technically, the site is built on WordPress with modern plugins and tracking tools, although performance could be improved due to high resource count and page size. Security posture is adequate with HTTPS and modern TLS protocols, but lacks some advanced configurations such as HSTS, DNSSEC, and DMARC, which are recommended for enhanced protection. Privacy compliance is strong with clear policies and consent mechanisms. Overall, Olpha presents a trustworthy and professional online presence aligned with its business stature.

A

A2Z Events

mya2zevents.com

0

A2Z Events is a well-established event management software provider offering a comprehensive platform tailored for trade shows, conferences, and corporate events. With over 25 years of industry presence and backing by Personify Corporation, it holds a strong market position supported by a robust suite of event management tools and services. The website demonstrates professional design, rich content, and clear navigation targeting event professionals seeking scalable solutions. Technically, the site is built on WordPress with modern frameworks like Bootstrap and integrates multiple marketing and analytics tools, reflecting a mature digital infrastructure. However, the security posture is currently weak due to the absence of a valid SSL certificate and missing security headers, which poses risks to user data confidentiality and trust. Privacy compliance is well addressed with visible policies and consent mechanisms. Overall, the site is credible and professional but requires urgent security improvements to align with best practices and user expectations.

E

European Flying Disc Federation

efdf.org

0

The European Flying Disc Federation (EFDF) is a well-established non-profit organization dedicated to the promotion and governance of flying disc sports across Europe. The website serves as an informational hub for multiple flying disc disciplines, providing news, event updates, and organizational details. The domain is mature and consistent with the organization's history, reinforcing its legitimacy. Technically, the site is built on WordPress with a standard theme and common libraries, but suffers from slow load times and lacks modern security configurations such as HTTPS. Security posture is weak due to the absence of a valid SSL certificate, missing security headers, and lack of DNSSEC. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. Contact information is not explicitly provided, which may hinder user trust and compliance. Overall, the site is functional and informative but requires significant improvements in security and privacy to meet modern standards.

C

Confederazione Boccistica Internazionale

cbi-prv.org

0

The Confederazione Boccistica Internazionale (CBI) is an international sports federation dedicated to the bocce sport. The organization provides comprehensive information about bocce events, news, rules, and membership. The website serves as a hub for bocce enthusiasts, players, and affiliated organizations worldwide, positioning itself as a key international governing body in this niche sport. The business model is non-profit, focusing on sport promotion and community engagement. Technically, the website is built on the 3WTURK CMS platform and uses legacy technologies such as jQuery and FlexSlider. While the site offers rich content and a consistent brand experience, it suffers from slow load times and basic mobile optimization. The absence of modern frameworks and performance optimizations indicates room for technical modernization. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. Although SPF and DMARC records are configured for email security, the lack of HTTPS and security headers exposes users to risks. No privacy or cookie policies are present, indicating compliance gaps with GDPR and other privacy regulations. Overall, the site is functional and content-rich but requires urgent improvements in security and privacy compliance to protect users and enhance trust. Performance optimizations and modernization of the technology stack would further improve user experience and operational resilience.

The website minigolfsport.com serves as a minimal informational portal for the World Minigolf Sport Federation, primarily redirecting visitors to a subdomain (gov.minigolfsport.com) where presumably more detailed content resides. The business focus is on international minigolf sport governance and community engagement, targeting enthusiasts and stakeholders in the sport. The site lacks substantive content, business contact information, and user engagement features, indicating a small-scale, niche presence. From a technical perspective, the site is hosted on an Apache server with basic HTTP headers and no SSL/TLS encryption, resulting in an insecure connection. The absence of modern web technologies, CMS, or analytics tools suggests a low digital maturity level. Performance metrics are unavailable but inferred to be slow due to minimal optimization and lack of HTTPS. Security posture is weak, with no valid SSL certificate, no HSTS, and no advanced security headers. This exposes users to potential risks such as data interception. No privacy or cookie policies are present, indicating non-compliance with GDPR and other privacy regulations. The WHOIS data is consistent and legitimate, with no privacy protection or suspicious registration patterns. Overall, the site presents a low-risk profile due to minimal data collection but suffers from poor security and compliance practices. Strategic improvements in SSL deployment, content enrichment, and privacy compliance are recommended to enhance trust and professionalism.

I

ITTF Foundation

ittffoundation.org

0

The ITTF Foundation is a non-profit organization leveraging table tennis to promote social development, health, and peace globally. It operates multiple specialized programmes targeting disadvantaged groups, humanitarian aid, and health awareness. The foundation is linked to the ITTF Group and maintains an active online presence with social media and newsletter engagement. Technically, the website is built on the Contao CMS with modern JavaScript libraries and frameworks but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security posture. The absence of HTTPS and security headers exposes the site to risks and undermines user trust. Privacy compliance is basic with a cookie consent banner and a privacy policy, but no explicit GDPR compliance or terms of service are found. WHOIS data indicates a mature domain with privacy protection typical for non-profits. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance credibility.

I

International Fistball Association

ifa-fistball.com

0

The International Fistball Association (IFA) operates as the global governing body for the sport of fistball, providing resources such as sport rules, education, anti-doping information, and organizational news. The website serves as an informational platform targeting fistball players, referees, associations, and fans worldwide. Technically, the site is built on WordPress with common plugins and libraries but suffers from slow performance and lacks modern security configurations. Critically, the absence of a valid SSL certificate and HTTPS support exposes users to security risks. Privacy compliance is minimal with no cookie consent mechanisms or comprehensive privacy policies visibly implemented. Overall, the website demonstrates a basic digital maturity level with significant room for improvement in security and privacy practices.

P

Personify

personifycorp.com

0

Personify is a mature technology company specializing in software solutions for associations, nonprofits, chambers of commerce, and event professionals. With over 25 years of industry leadership and a client base exceeding 30,000 organizations, Personify offers a comprehensive SaaS platform including association management, event management, and member engagement software. Their business model focuses on delivering purpose-driven software combined with client success services to empower organizations in building communities and revenue streams. The company maintains a strong market position supported by multiple subsidiary brands and a consistent, professional web presence. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO, UberMenu, and integrations with marketing and analytics tools such as Google Tag Manager and Marketo. Hosting appears to be on Azure infrastructure. Despite good SEO and content quality, the website suffers from slow load times and lacks a valid SSL certificate, which critically impacts security and user trust. From a security perspective, the absence of HTTPS and modern TLS protocols is a significant vulnerability, exposing visitors to potential data interception risks. The site also lacks essential security headers and advanced SSL features like HSTS and OCSP stapling. Privacy compliance is reasonably addressed with a clear privacy policy and cookie consent mechanism, but no explicit security or incident response policies are found. Overall, while Personify demonstrates strong business credibility and digital marketing maturity, urgent improvements in SSL/TLS implementation and security hardening are necessary to protect users and enhance trust. Addressing these gaps will align the company’s technical posture with its market leadership and professional brand image.

K

Kathy Corey Pilates

kathycoreypilates.com

0

Kathy Corey Pilates is a specialized Pilates education and certification provider led by Kathy Corey, a recognized expert with over 35 years of experience. The business offers teacher training, certification programs, continuing education, and Pilates-related products such as the CORE Band™. The website targets Pilates instructors and enthusiasts globally, positioning itself as a leader in Pilates education with international reach. Technically, the website is built on the Squarespace platform, leveraging standard web technologies and hosting services from GoDaddy. However, the site suffers from slow load times and lacks advanced analytics or tracking tools. Security-wise, the website has critical vulnerabilities including the absence of a valid SSL certificate, no HTTPS support, and missing security headers, which significantly lowers its security posture. Privacy compliance is minimal, with no visible privacy or cookie policies. Overall, the site presents a professional business with good content quality but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

A

ASIAN SPORT FOR ALL ASSOCIATION

asfaa.org

0

ASFAA (Asian Sport For All Association) is a regional non-profit organization dedicated to promoting sport for all across Asia. The website serves as an information hub for news, events, programs, and publications related to ASFAA's activities. It targets sports organizations, members, and the Asian sports community, positioning itself as a key regional player affiliated with international bodies such as TAFISA. The business model focuses on community engagement and event organization rather than commercial activities. Technically, the website uses a basic technology stack including jQuery and Google Analytics, with no modern CMS or advanced frameworks detected. Performance is moderate to slow, with basic mobile optimization and accessibility. The site lacks HTTPS, which is a critical security deficiency, and no advanced security headers or policies are implemented. Privacy compliance is poor, with no visible privacy or cookie policies. From a security perspective, the absence of SSL/TLS encryption exposes visitors to risks such as data interception. The lack of security headers and email authentication records further weakens the security posture. No incident response or vulnerability disclosure mechanisms are evident. Overall, the site demonstrates a low security maturity level. The overall risk assessment indicates that while the site is functional and provides relevant content, the lack of HTTPS and privacy compliance are critical issues that must be addressed to improve trust and security. Strategic recommendations include immediate SSL implementation, adoption of privacy policies, and enhancement of security configurations to protect users and improve compliance.

The website pilates-asia.com is currently inaccessible, returning a 406 Not Acceptable error page with minimal HTML content. This prevents any meaningful extraction of business, technical, or security information from the site itself. The domain is registered and hosted via Cafe24, with DNS records indicating a valid SPF record but lacking proper DMARC configuration and no DNSSEC or CAA records enabled. Critically, the site does not have an SSL certificate installed, resulting in no HTTPS support and a poor security posture. Due to the lack of accessible content, no privacy, cookie, or terms of service policies are detectable, nor is any contact or business information available. The overall digital maturity of the site is very low, with no modern security or performance features enabled.

C

Catering & Co.

cateringandco.hu

0

Catering & Co. is a Hungarian catering company specializing in high-quality event catering services, leveraging partnerships with notable restaurants such as KIOSK, Babel, and Piazza Budapest. The company emphasizes gastronomy excellence, sustainability, and customized event solutions tailored to client needs. The website is built on WordPress with multiple plugins for sliders, multilingual support, and contact forms, hosted behind Cloudflare DNS. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. No privacy or cookie policies are present, indicating compliance gaps. Contact information is clearly provided, enhancing business credibility. Overall, the site presents a professional business image but requires urgent security improvements.

P

Papi

papi.hu

0

Papi.hu is a small hospitality business website focused on transforming a family legacy into a farm and restaurant experience in Hungary. The website content centers around a personal story of the founder and his father, emphasizing heritage and love. The business is positioned as an emerging local hospitality venue with a unique cultural narrative. Technically, the site is built on Webflow with modern technologies such as Weglot for multilingual support and Google Tag Manager for analytics. Performance is moderate with a load time of approximately 4.5 seconds. Security posture is basic with HTTPS enabled and modern TLS protocols supported, but lacks advanced security headers, DMARC, and HSTS configurations. Privacy compliance is weak due to the absence of privacy and cookie policies. No contact information or forms are present on the homepage, limiting direct communication channels. Overall, the site is professional and consistent in branding but could improve in security and compliance aspects.

M

M15 Restaurant Kft.

babel-budapest.hu

0

Babel Budapest is a well-established Michelin-starred fine dining restaurant located in Budapest, Hungary, operating since 2008 under the company M15 Restaurant Kft. The website presents a professional and content-rich experience targeting fine dining customers and gastronomes, with clear business information and strong branding. Technically, the site is built on Joomla CMS using UIkit and Yootheme frameworks, with moderate performance and good mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and lack of modern security headers, exposing the site to risks and reducing user trust. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism despite usage of tracking scripts like Google Tag Manager. Overall, the site is credible but requires urgent security improvements to protect user data and enhance trust.

The website leismunicipais.com.br is currently inaccessible due to a Cloudflare security challenge page requiring human verification before access. This prevents retrieval of any meaningful business or content data. The domain is registered and hosted via Cloudflare with DNS and email services configured, but no SSL certificate is present, resulting in no HTTPS support. The site lacks any visible privacy, cookie, or terms of service policies, and no contact information or business details are available. Performance is slow, and the site appears to be in a blocked or pre-access state rather than serving actual content.

W

World Pilates Confederation

worldpilatesconfederation.com

0

The World Pilates Confederation is a European-based non-profit organization established in 2012, dedicated to promoting Pilates education and uniting Pilates practitioners worldwide. It is led by a respected Pilates expert and hosts prestigious events such as the International Pilates Heritage Congress. The website is built on WordPress with multiple plugins and page builders, offering resources, news, and educational content related to Pilates disciplines. However, the site lacks a valid SSL certificate, serving content over HTTP only, which poses security risks. No privacy or cookie policies are present, indicating compliance gaps. Contact information is available via email and contact forms, but phone numbers are not clearly provided. The technical infrastructure is moderately modern but suffers from performance and security weaknesses. Overall, the site is functional and informative but requires significant improvements in security and privacy compliance to enhance trust and protect users.

T

The Manta Resort

themantaresort.com

0

The Manta Resort is a small, niche luxury hospitality business located on Pemba Island, Tanzania, offering unique eco-luxury accommodations including the world's only Underwater Room. The website is professionally designed using WordPress and Elementor, providing rich content about rooms, activities, and the local environment. The technical infrastructure includes modern web technologies and caching mechanisms, but lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with some best practices like reCAPTCHA implemented, but missing essential HTTPS and modern TLS protocols. Privacy and cookie policies are present but basic, with no explicit security or incident response policies found. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

M

M15 Restaurant Kft.

kiosk-budapest.hu

0

KIOSK Budapest is a well-established hospitality business operating a modern Hungarian restaurant located in the heart of Budapest. The company offers a range of services including dining, event hosting, catering, and online ordering, supported by a mature digital presence and multiple related brands. The website is professionally designed with good content quality and clear navigation, targeting both local and international visitors seeking authentic and contemporary Hungarian cuisine. Technically, the site leverages Webflow CMS, Cloudflare hosting, and integrates modern tools such as Google Tag Manager and Cookiebot for analytics and privacy compliance. While the SSL configuration is strong with TLS 1.3 support, security headers like HSTS are not enabled, representing an area for improvement. The site implements comprehensive cookie consent mechanisms and maintains GDPR compliance. Overall, the security posture is solid but could benefit from enhanced HTTP security headers and OCSP stapling. The domain is mature and consistent with the business claims, supporting high trustworthiness. Strategic recommendations include enabling HSTS, adding security headers, and improving performance to enhance user experience and security.

M

Mediarey Hungary Services Zrt.

forbes.hu

0

Forbes.hu is a mature Hungarian business media website operated by Mediarey Hungary Services Zrt., providing high-quality business, finance, lifestyle, and culture content targeted at Hungarian-speaking professionals and general readers. The site uses a WordPress CMS with React components and integrates multiple advertising and tracking technologies to support its business model, which includes advertising and premium subscriptions. Technically, the site is hosted behind Cloudflare and uses modern web technologies but lacks a valid SSL certificate, resulting in HTTP-only access which is a significant security concern. Privacy and cookie policies are comprehensive and GDPR compliant, with a consent mechanism implemented via Cookiebot. The WHOIS data confirms the domain's maturity and legitimacy, consistent with the business claims. Overall, the site is professionally designed and content-rich but requires urgent security improvements to enable HTTPS and strengthen its security posture.

D

Duna Médiaszolgáltató Nonprofit Zrt.

dunanap.com

0

Dunanap.com is the official website for the DUNA NAPOK cultural festival scheduled for May 30 to June 1, 2025, in Hungary. The site promotes a variety of cultural and entertainment events including concerts, children's programs, exhibitions, running races, and culinary competitions. The business behind the site is Duna Médiaszolgáltató Nonprofit Zrt., a medium-sized media and nonprofit entity focused on cultural event organization. The website targets festival attendees, families, and cultural enthusiasts primarily in Hungary. Technically, the site is built on WordPress using Elementor and Yoast SEO, hosted by Websupport. While the site is mobile optimized and has good content quality, it suffers from slow load times and lacks advanced accessibility features. Security posture is weak due to an invalid SSL certificate, absence of HTTPS, no security headers, and no DNSSEC or domain protection locks. Privacy compliance is partially met with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Komáromi Jókai Színház operates an online ticketing platform focused on theatrical performances and cultural events in Komárno, Slovakia. The website provides event listings, ticket purchasing options, and voucher issuance primarily targeting local Hungarian and Slovak-speaking audiences. The business model centers on direct online sales with integrated payment processing via Barion. Technically, the site uses a custom CMS with jQuery, Foundation framework, and several third-party scripts for UI and payment integration. However, the site suffers from a lack of HTTPS, resulting in a critical security vulnerability. The absence of privacy and terms of service pages indicates compliance gaps. Performance is suboptimal with slow load times and a large page size. Security posture is weak due to missing SSL, no security headers, and no email authentication records. Contact information is available but no company emails are published. Overall, the site is functional but requires urgent security and compliance improvements.

I

Interticket.pl

interticket.pl

0

Interticket.pl is a mature Polish e-commerce platform specializing in online ticket sales for concerts, theater, festivals, museums, and cinemas. Established in 2004, it serves primarily Polish-speaking customers with a broad offering of event tickets. The website integrates multiple marketing and analytics tools such as Google Analytics, Google Tag Manager, and Facebook Pixel, and maintains active social media profiles to engage its audience. However, the technical infrastructure shows signs of aging, with reliance on older JavaScript libraries and a custom CMS. Performance is suboptimal with slow page load times and a large page size. Critically, the site lacks a valid SSL certificate and does not enforce HTTPS, posing significant security risks.

I

IFMST - International Federation of Municipalities Sports And Tourism

ifmst.org

0

IFMST is an international federation focused on promoting sports and tourism initiatives at the municipal level worldwide. The organization aims to improve quality of life, foster cultural exchange, and stimulate economic growth through local sports and tourism development. The website reflects a structured federation with departments, committees, and a calendar of events, targeting municipalities and stakeholders in sports and tourism sectors. Technically, the site is built on WordPress with Elementor and several plugins, hosted on a LiteSpeed server via Parspack. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security gap. The security posture is weak with no HSTS, no OCSP stapling, and missing security headers. Privacy compliance is minimal, with no visible privacy or cookie policies. Contact is primarily via social media and a contact form, with no explicit emails or phone numbers listed. Overall, the site is functional and content-rich but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 12 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

T

The Solomon R. Guggenheim Foundation

guggenheim-venice.it

0

The Peggy Guggenheim Collection website represents a well-established cultural institution focused on modern European and American art. It serves a diverse audience including tourists, art lovers, families, and educational groups. The site offers comprehensive information about exhibitions, tours, educational programs, and membership opportunities, positioning itself as a leading museum in Venice with strong brand recognition. Technically, the site uses a modern CMS (ProcessWire) and integrates caching and analytics tools, but lacks a valid SSL certificate, which is a critical security gap. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. The security posture is weak due to missing HTTPS and modern TLS protocols, exposing the site to potential risks. Overall, the site is professional and trustworthy but requires urgent security improvements to protect visitors and maintain credibility.

N

NISZ Nemzeti Infokommunikációs Szolgáltató Zrt.

nisz.hu

0

NISZ Nemzeti Infokommunikációs Szolgáltató Zrt. is a key Hungarian government IT and telecommunications service provider, supporting digital government infrastructure and public sector digital transformation. The company offers a range of services including mobile applications, telecommunication services, managed IT services, data center and cloud services, and videoconferencing platforms. The website reflects a mature and professional organization with clear business focus on government clients and public institutions. Technically, the site uses modern frontend technologies and integrates multiple analytics and marketing tools, but suffers from a critical security flaw due to the absence of a valid SSL certificate and lack of TLS support, which severely impacts its security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and trust.

N

Nemzeti Adatvédelmi és Információszabadság Hatóság

naih.hu

0

The Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) is the Hungarian national authority responsible for data protection and freedom of information enforcement. The website serves as an official government portal providing comprehensive information on data protection laws, GDPR compliance, public information access, and related regulatory activities. It targets data controllers, data subjects, legal professionals, and the general public in Hungary. The business model is that of a government regulatory authority with a medium organizational size and a mature domain age of 14 years, reflecting its established presence. Technically, the website is built on Joomla CMS with Bootstrap and jQuery frameworks, hosted behind Cloudflare DNS. The site is content-rich and well-structured, with good mobile optimization and accessibility features. However, performance is slow due to a large page size and many resources. The site lacks a valid SSL certificate and modern TLS protocols, which is a critical security shortfall. No advanced security headers or session management features are implemented, exposing the site to potential risks. Security posture is weak due to the absence of HTTPS and security headers, despite no detected vulnerabilities like Heartbleed or POODLE. Privacy compliance is strong with clear privacy and cookie policies and GDPR alignment. Contact information is transparent and comprehensive, including emails, phone numbers, and physical addresses. No advertising or tracking services are detected, indicating a privacy-conscious approach. Overall, the site is trustworthy and authoritative but requires urgent security improvements, especially SSL/TLS implementation, to protect user data and maintain compliance. Strategic recommendations include deploying a valid SSL certificate, enabling modern TLS protocols, adding security headers, and optimizing performance to enhance user experience and security.

kozadattar.hu is an official Hungarian government website supporting the Közadat program, which mandates public institutions to publish metadata about public interest data sets online. The platform facilitates registration and data provision for these institutions and offers free applications to assist in compliance. The target audience includes government bodies and citizens interested in transparency and public data access. The website is operated under the auspices of NISZ Nemzeti Infokommunikációs Szolgáltató Zrt., a government-affiliated entity. Technically, the website is built on Drupal 7 with jQuery and related modules. It is hosted on government infrastructure with DNS and mail servers under gov.hu domains. However, the site suffers from slow performance and lacks modern web optimizations. Mobile responsiveness and accessibility are basic, and SEO features are minimal. From a security perspective, the site has critical deficiencies: it lacks a valid SSL certificate and does not support any TLS protocols, exposing users to insecure connections. No security headers or DNS security features are implemented. The outdated Drupal 7 CMS may pose additional risks if not properly maintained. Privacy and cookie policies are absent, indicating compliance gaps with GDPR and related regulations. Overall, while the site fulfills an important government transparency function, its technical and security posture is weak. Immediate improvements in SSL deployment, security headers, and privacy compliance are recommended to enhance trust and protect users.

M

Magyar Rádió Művészeti Együttesei

mrze.hu

0

The website represents the official online presence of the Magyar Rádió Művészeti Együttesei, a Hungarian cultural organization focused on classical music ensembles including symphonic orchestra, choir, and children's choir. It serves as a platform for concert information, ticket sales, media content, and organizational news, targeting classical music enthusiasts and concert attendees primarily in Hungary. The site is built on WordPress with a variety of custom plugins and integrates media streaming services. However, a critical security gap exists as the site lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. The site includes a cookie consent mechanism and links to a comprehensive privacy policy hosted on the parent MTVA domain, indicating good privacy compliance. No direct contact emails or phone numbers are visible, but a contact form is available. Overall, the site is professionally designed with good accessibility and SEO practices but requires urgent security improvements.

H

Címlap | Hungary matters

hungarymatters.hu

0

Security assessment completed with an overall score of 0/100 (unknown risk). 1 critical issues require immediate attention. Total of 28 security findings identified across all modules.

M

Meraki Marketing Kft.

meraki.hu

0

Meraki Marketing Kft. is a Hungarian digital marketing agency specializing in services such as web development, SEO, videomarketing, branding, and digital campaigns. The company targets businesses aiming for growth and international market entry, positioning itself as an innovative and fast-growing agency with a strong client portfolio and testimonials. The website is professionally designed, content-rich, and provides clear contact information and GDPR-compliant privacy policies. Technically, the site uses Joomla CMS with UIkit framework and integrates common marketing and analytics tools like Google Analytics, Facebook Pixel, and Google Tag Manager. However, the website suffers from critical security issues due to an invalid or missing SSL certificate and disabled TLS protocols, which undermines secure communications. Performance is also a concern with slow load times and large page size. Overall, the site demonstrates good privacy compliance and business credibility but requires urgent security improvements to protect user data and enhance trust.