Security Directory

E

European Flying Disc Federation

efdf.org

0

The European Flying Disc Federation (EFDF) is a well-established non-profit organization dedicated to the promotion and governance of flying disc sports across Europe. The website serves as an informational hub for multiple flying disc disciplines, providing news, event updates, and organizational details. The domain is mature and consistent with the organization's history, reinforcing its legitimacy. Technically, the site is built on WordPress with a standard theme and common libraries, but suffers from slow load times and lacks modern security configurations such as HTTPS. Security posture is weak due to the absence of a valid SSL certificate, missing security headers, and lack of DNSSEC. Privacy compliance is minimal, with no visible privacy or cookie policies, and no GDPR indicators. Contact information is not explicitly provided, which may hinder user trust and compliance. Overall, the site is functional and informative but requires significant improvements in security and privacy to meet modern standards.

C

Confederazione Boccistica Internazionale

cbi-prv.org

0

The Confederazione Boccistica Internazionale (CBI) is an international sports federation dedicated to the bocce sport. The organization provides comprehensive information about bocce events, news, rules, and membership. The website serves as a hub for bocce enthusiasts, players, and affiliated organizations worldwide, positioning itself as a key international governing body in this niche sport. The business model is non-profit, focusing on sport promotion and community engagement. Technically, the website is built on the 3WTURK CMS platform and uses legacy technologies such as jQuery and FlexSlider. While the site offers rich content and a consistent brand experience, it suffers from slow load times and basic mobile optimization. The absence of modern frameworks and performance optimizations indicates room for technical modernization. From a security perspective, the site lacks a valid SSL certificate and does not support HTTPS, which is a critical vulnerability. Although SPF and DMARC records are configured for email security, the lack of HTTPS and security headers exposes users to risks. No privacy or cookie policies are present, indicating compliance gaps with GDPR and other privacy regulations. Overall, the site is functional and content-rich but requires urgent improvements in security and privacy compliance to protect users and enhance trust. Performance optimizations and modernization of the technology stack would further improve user experience and operational resilience.

The website minigolfsport.com serves as a minimal informational portal for the World Minigolf Sport Federation, primarily redirecting visitors to a subdomain (gov.minigolfsport.com) where presumably more detailed content resides. The business focus is on international minigolf sport governance and community engagement, targeting enthusiasts and stakeholders in the sport. The site lacks substantive content, business contact information, and user engagement features, indicating a small-scale, niche presence. From a technical perspective, the site is hosted on an Apache server with basic HTTP headers and no SSL/TLS encryption, resulting in an insecure connection. The absence of modern web technologies, CMS, or analytics tools suggests a low digital maturity level. Performance metrics are unavailable but inferred to be slow due to minimal optimization and lack of HTTPS. Security posture is weak, with no valid SSL certificate, no HSTS, and no advanced security headers. This exposes users to potential risks such as data interception. No privacy or cookie policies are present, indicating non-compliance with GDPR and other privacy regulations. The WHOIS data is consistent and legitimate, with no privacy protection or suspicious registration patterns. Overall, the site presents a low-risk profile due to minimal data collection but suffers from poor security and compliance practices. Strategic improvements in SSL deployment, content enrichment, and privacy compliance are recommended to enhance trust and professionalism.

I

ITTF Foundation

ittffoundation.org

0

The ITTF Foundation is a non-profit organization leveraging table tennis to promote social development, health, and peace globally. It operates multiple specialized programmes targeting disadvantaged groups, humanitarian aid, and health awareness. The foundation is linked to the ITTF Group and maintains an active online presence with social media and newsletter engagement. Technically, the website is built on the Contao CMS with modern JavaScript libraries and frameworks but suffers from slow performance and lacks a valid SSL certificate, which critically impacts security posture. The absence of HTTPS and security headers exposes the site to risks and undermines user trust. Privacy compliance is basic with a cookie consent banner and a privacy policy, but no explicit GDPR compliance or terms of service are found. WHOIS data indicates a mature domain with privacy protection typical for non-profits. Overall, the site is functional and professional but requires urgent security improvements to protect users and enhance credibility.

I

International Fistball Association

ifa-fistball.com

0

The International Fistball Association (IFA) operates as the global governing body for the sport of fistball, providing resources such as sport rules, education, anti-doping information, and organizational news. The website serves as an informational platform targeting fistball players, referees, associations, and fans worldwide. Technically, the site is built on WordPress with common plugins and libraries but suffers from slow performance and lacks modern security configurations. Critically, the absence of a valid SSL certificate and HTTPS support exposes users to security risks. Privacy compliance is minimal with no cookie consent mechanisms or comprehensive privacy policies visibly implemented. Overall, the website demonstrates a basic digital maturity level with significant room for improvement in security and privacy practices.

P

Personify

personifycorp.com

0

Personify is a mature technology company specializing in software solutions for associations, nonprofits, chambers of commerce, and event professionals. With over 25 years of industry leadership and a client base exceeding 30,000 organizations, Personify offers a comprehensive SaaS platform including association management, event management, and member engagement software. Their business model focuses on delivering purpose-driven software combined with client success services to empower organizations in building communities and revenue streams. The company maintains a strong market position supported by multiple subsidiary brands and a consistent, professional web presence. Technically, the website is built on WordPress with a modern tech stack including Yoast SEO, UberMenu, and integrations with marketing and analytics tools such as Google Tag Manager and Marketo. Hosting appears to be on Azure infrastructure. Despite good SEO and content quality, the website suffers from slow load times and lacks a valid SSL certificate, which critically impacts security and user trust. From a security perspective, the absence of HTTPS and modern TLS protocols is a significant vulnerability, exposing visitors to potential data interception risks. The site also lacks essential security headers and advanced SSL features like HSTS and OCSP stapling. Privacy compliance is reasonably addressed with a clear privacy policy and cookie consent mechanism, but no explicit security or incident response policies are found. Overall, while Personify demonstrates strong business credibility and digital marketing maturity, urgent improvements in SSL/TLS implementation and security hardening are necessary to protect users and enhance trust. Addressing these gaps will align the company’s technical posture with its market leadership and professional brand image.

K

Kathy Corey Pilates

kathycoreypilates.com

0

Kathy Corey Pilates is a specialized Pilates education and certification provider led by Kathy Corey, a recognized expert with over 35 years of experience. The business offers teacher training, certification programs, continuing education, and Pilates-related products such as the CORE Band™. The website targets Pilates instructors and enthusiasts globally, positioning itself as a leader in Pilates education with international reach. Technically, the website is built on the Squarespace platform, leveraging standard web technologies and hosting services from GoDaddy. However, the site suffers from slow load times and lacks advanced analytics or tracking tools. Security-wise, the website has critical vulnerabilities including the absence of a valid SSL certificate, no HTTPS support, and missing security headers, which significantly lowers its security posture. Privacy compliance is minimal, with no visible privacy or cookie policies. Overall, the site presents a professional business with good content quality but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

A

ASIAN SPORT FOR ALL ASSOCIATION

asfaa.org

0

ASFAA (Asian Sport For All Association) is a regional non-profit organization dedicated to promoting sport for all across Asia. The website serves as an information hub for news, events, programs, and publications related to ASFAA's activities. It targets sports organizations, members, and the Asian sports community, positioning itself as a key regional player affiliated with international bodies such as TAFISA. The business model focuses on community engagement and event organization rather than commercial activities. Technically, the website uses a basic technology stack including jQuery and Google Analytics, with no modern CMS or advanced frameworks detected. Performance is moderate to slow, with basic mobile optimization and accessibility. The site lacks HTTPS, which is a critical security deficiency, and no advanced security headers or policies are implemented. Privacy compliance is poor, with no visible privacy or cookie policies. From a security perspective, the absence of SSL/TLS encryption exposes visitors to risks such as data interception. The lack of security headers and email authentication records further weakens the security posture. No incident response or vulnerability disclosure mechanisms are evident. Overall, the site demonstrates a low security maturity level. The overall risk assessment indicates that while the site is functional and provides relevant content, the lack of HTTPS and privacy compliance are critical issues that must be addressed to improve trust and security. Strategic recommendations include immediate SSL implementation, adoption of privacy policies, and enhancement of security configurations to protect users and improve compliance.

The website pilates-asia.com is currently inaccessible, returning a 406 Not Acceptable error page with minimal HTML content. This prevents any meaningful extraction of business, technical, or security information from the site itself. The domain is registered and hosted via Cafe24, with DNS records indicating a valid SPF record but lacking proper DMARC configuration and no DNSSEC or CAA records enabled. Critically, the site does not have an SSL certificate installed, resulting in no HTTPS support and a poor security posture. Due to the lack of accessible content, no privacy, cookie, or terms of service policies are detectable, nor is any contact or business information available. The overall digital maturity of the site is very low, with no modern security or performance features enabled.

C

Catering & Co.

cateringandco.hu

0

Catering & Co. is a Hungarian catering company specializing in high-quality event catering services, leveraging partnerships with notable restaurants such as KIOSK, Babel, and Piazza Budapest. The company emphasizes gastronomy excellence, sustainability, and customized event solutions tailored to client needs. The website is built on WordPress with multiple plugins for sliders, multilingual support, and contact forms, hosted behind Cloudflare DNS. However, the site lacks a valid SSL certificate, resulting in no HTTPS support, which is a critical security vulnerability. No privacy or cookie policies are present, indicating compliance gaps. Contact information is clearly provided, enhancing business credibility. Overall, the site presents a professional business image but requires urgent security improvements.

P

Papi

papi.hu

0

Papi.hu is a small hospitality business website focused on transforming a family legacy into a farm and restaurant experience in Hungary. The website content centers around a personal story of the founder and his father, emphasizing heritage and love. The business is positioned as an emerging local hospitality venue with a unique cultural narrative. Technically, the site is built on Webflow with modern technologies such as Weglot for multilingual support and Google Tag Manager for analytics. Performance is moderate with a load time of approximately 4.5 seconds. Security posture is basic with HTTPS enabled and modern TLS protocols supported, but lacks advanced security headers, DMARC, and HSTS configurations. Privacy compliance is weak due to the absence of privacy and cookie policies. No contact information or forms are present on the homepage, limiting direct communication channels. Overall, the site is professional and consistent in branding but could improve in security and compliance aspects.

M

M15 Restaurant Kft.

babel-budapest.hu

0

Babel Budapest is a well-established Michelin-starred fine dining restaurant located in Budapest, Hungary, operating since 2008 under the company M15 Restaurant Kft. The website presents a professional and content-rich experience targeting fine dining customers and gastronomes, with clear business information and strong branding. Technically, the site is built on Joomla CMS using UIkit and Yootheme frameworks, with moderate performance and good mobile optimization. However, the security posture is weak due to the absence of a valid SSL certificate and lack of modern security headers, exposing the site to risks and reducing user trust. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism despite usage of tracking scripts like Google Tag Manager. Overall, the site is credible but requires urgent security improvements to protect user data and enhance trust.

The website leismunicipais.com.br is currently inaccessible due to a Cloudflare security challenge page requiring human verification before access. This prevents retrieval of any meaningful business or content data. The domain is registered and hosted via Cloudflare with DNS and email services configured, but no SSL certificate is present, resulting in no HTTPS support. The site lacks any visible privacy, cookie, or terms of service policies, and no contact information or business details are available. Performance is slow, and the site appears to be in a blocked or pre-access state rather than serving actual content.

W

World Pilates Confederation

worldpilatesconfederation.com

0

The World Pilates Confederation is a European-based non-profit organization established in 2012, dedicated to promoting Pilates education and uniting Pilates practitioners worldwide. It is led by a respected Pilates expert and hosts prestigious events such as the International Pilates Heritage Congress. The website is built on WordPress with multiple plugins and page builders, offering resources, news, and educational content related to Pilates disciplines. However, the site lacks a valid SSL certificate, serving content over HTTP only, which poses security risks. No privacy or cookie policies are present, indicating compliance gaps. Contact information is available via email and contact forms, but phone numbers are not clearly provided. The technical infrastructure is moderately modern but suffers from performance and security weaknesses. Overall, the site is functional and informative but requires significant improvements in security and privacy compliance to enhance trust and protect users.

T

The Manta Resort

themantaresort.com

0

The Manta Resort is a small, niche luxury hospitality business located on Pemba Island, Tanzania, offering unique eco-luxury accommodations including the world's only Underwater Room. The website is professionally designed using WordPress and Elementor, providing rich content about rooms, activities, and the local environment. The technical infrastructure includes modern web technologies and caching mechanisms, but lacks a valid SSL certificate, which is a critical security concern. The security posture is basic with some best practices like reCAPTCHA implemented, but missing essential HTTPS and modern TLS protocols. Privacy and cookie policies are present but basic, with no explicit security or incident response policies found. Overall, the site is trustworthy and credible but requires urgent security improvements to protect user data and enhance trust.

M

M15 Restaurant Kft.

kiosk-budapest.hu

0

KIOSK Budapest is a well-established hospitality business operating a modern Hungarian restaurant located in the heart of Budapest. The company offers a range of services including dining, event hosting, catering, and online ordering, supported by a mature digital presence and multiple related brands. The website is professionally designed with good content quality and clear navigation, targeting both local and international visitors seeking authentic and contemporary Hungarian cuisine. Technically, the site leverages Webflow CMS, Cloudflare hosting, and integrates modern tools such as Google Tag Manager and Cookiebot for analytics and privacy compliance. While the SSL configuration is strong with TLS 1.3 support, security headers like HSTS are not enabled, representing an area for improvement. The site implements comprehensive cookie consent mechanisms and maintains GDPR compliance. Overall, the security posture is solid but could benefit from enhanced HTTP security headers and OCSP stapling. The domain is mature and consistent with the business claims, supporting high trustworthiness. Strategic recommendations include enabling HSTS, adding security headers, and improving performance to enhance user experience and security.

M

Mediarey Hungary Services Zrt.

forbes.hu

0

Forbes.hu is a mature Hungarian business media website operated by Mediarey Hungary Services Zrt., providing high-quality business, finance, lifestyle, and culture content targeted at Hungarian-speaking professionals and general readers. The site uses a WordPress CMS with React components and integrates multiple advertising and tracking technologies to support its business model, which includes advertising and premium subscriptions. Technically, the site is hosted behind Cloudflare and uses modern web technologies but lacks a valid SSL certificate, resulting in HTTP-only access which is a significant security concern. Privacy and cookie policies are comprehensive and GDPR compliant, with a consent mechanism implemented via Cookiebot. The WHOIS data confirms the domain's maturity and legitimacy, consistent with the business claims. Overall, the site is professionally designed and content-rich but requires urgent security improvements to enable HTTPS and strengthen its security posture.

D

Duna Médiaszolgáltató Nonprofit Zrt.

dunanap.com

0

Dunanap.com is the official website for the DUNA NAPOK cultural festival scheduled for May 30 to June 1, 2025, in Hungary. The site promotes a variety of cultural and entertainment events including concerts, children's programs, exhibitions, running races, and culinary competitions. The business behind the site is Duna Médiaszolgáltató Nonprofit Zrt., a medium-sized media and nonprofit entity focused on cultural event organization. The website targets festival attendees, families, and cultural enthusiasts primarily in Hungary. Technically, the site is built on WordPress using Elementor and Yoast SEO, hosted by Websupport. While the site is mobile optimized and has good content quality, it suffers from slow load times and lacks advanced accessibility features. Security posture is weak due to an invalid SSL certificate, absence of HTTPS, no security headers, and no DNSSEC or domain protection locks. Privacy compliance is partially met with a privacy policy present but no cookie consent mechanism. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Komáromi Jókai Színház operates an online ticketing platform focused on theatrical performances and cultural events in Komárno, Slovakia. The website provides event listings, ticket purchasing options, and voucher issuance primarily targeting local Hungarian and Slovak-speaking audiences. The business model centers on direct online sales with integrated payment processing via Barion. Technically, the site uses a custom CMS with jQuery, Foundation framework, and several third-party scripts for UI and payment integration. However, the site suffers from a lack of HTTPS, resulting in a critical security vulnerability. The absence of privacy and terms of service pages indicates compliance gaps. Performance is suboptimal with slow load times and a large page size. Security posture is weak due to missing SSL, no security headers, and no email authentication records. Contact information is available but no company emails are published. Overall, the site is functional but requires urgent security and compliance improvements.

I

Interticket.pl

interticket.pl

0

Interticket.pl is a mature Polish e-commerce platform specializing in online ticket sales for concerts, theater, festivals, museums, and cinemas. Established in 2004, it serves primarily Polish-speaking customers with a broad offering of event tickets. The website integrates multiple marketing and analytics tools such as Google Analytics, Google Tag Manager, and Facebook Pixel, and maintains active social media profiles to engage its audience. However, the technical infrastructure shows signs of aging, with reliance on older JavaScript libraries and a custom CMS. Performance is suboptimal with slow page load times and a large page size. Critically, the site lacks a valid SSL certificate and does not enforce HTTPS, posing significant security risks.

I

IFMST - International Federation of Municipalities Sports And Tourism

ifmst.org

0

IFMST is an international federation focused on promoting sports and tourism initiatives at the municipal level worldwide. The organization aims to improve quality of life, foster cultural exchange, and stimulate economic growth through local sports and tourism development. The website reflects a structured federation with departments, committees, and a calendar of events, targeting municipalities and stakeholders in sports and tourism sectors. Technically, the site is built on WordPress with Elementor and several plugins, hosted on a LiteSpeed server via Parspack. However, the site lacks a valid SSL certificate and does not serve content over HTTPS, which is a critical security gap. The security posture is weak with no HSTS, no OCSP stapling, and missing security headers. Privacy compliance is minimal, with no visible privacy or cookie policies. Contact is primarily via social media and a contact form, with no explicit emails or phone numbers listed. Overall, the site is functional and content-rich but requires urgent improvements in security and privacy compliance to enhance trust and protect users.

Security assessment incomplete. Successfully analyzed: emailSecurity, sslTls, dnsHealth, networkSecurity. Failed to analyze: securityHeaders, gdpr, nis2. 12 security issues were identified in the completed modules. The website may be inaccessible or protected by security measures. Please retry the scan or verify website accessibility.

T

The Solomon R. Guggenheim Foundation

guggenheim-venice.it

0

The Peggy Guggenheim Collection website represents a well-established cultural institution focused on modern European and American art. It serves a diverse audience including tourists, art lovers, families, and educational groups. The site offers comprehensive information about exhibitions, tours, educational programs, and membership opportunities, positioning itself as a leading museum in Venice with strong brand recognition. Technically, the site uses a modern CMS (ProcessWire) and integrates caching and analytics tools, but lacks a valid SSL certificate, which is a critical security gap. Privacy and cookie policies are present and GDPR compliant, and contact information is clearly provided. The security posture is weak due to missing HTTPS and modern TLS protocols, exposing the site to potential risks. Overall, the site is professional and trustworthy but requires urgent security improvements to protect visitors and maintain credibility.

N

NISZ Nemzeti Infokommunikációs Szolgáltató Zrt.

nisz.hu

0

NISZ Nemzeti Infokommunikációs Szolgáltató Zrt. is a key Hungarian government IT and telecommunications service provider, supporting digital government infrastructure and public sector digital transformation. The company offers a range of services including mobile applications, telecommunication services, managed IT services, data center and cloud services, and videoconferencing platforms. The website reflects a mature and professional organization with clear business focus on government clients and public institutions. Technically, the site uses modern frontend technologies and integrates multiple analytics and marketing tools, but suffers from a critical security flaw due to the absence of a valid SSL certificate and lack of TLS support, which severely impacts its security posture. Privacy compliance is well addressed with comprehensive cookie consent and privacy policies. Contact information and social media presence are clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent security improvements to protect user data and trust.

N

Nemzeti Adatvédelmi és Információszabadság Hatóság

naih.hu

0

The Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) is the Hungarian national authority responsible for data protection and freedom of information enforcement. The website serves as an official government portal providing comprehensive information on data protection laws, GDPR compliance, public information access, and related regulatory activities. It targets data controllers, data subjects, legal professionals, and the general public in Hungary. The business model is that of a government regulatory authority with a medium organizational size and a mature domain age of 14 years, reflecting its established presence. Technically, the website is built on Joomla CMS with Bootstrap and jQuery frameworks, hosted behind Cloudflare DNS. The site is content-rich and well-structured, with good mobile optimization and accessibility features. However, performance is slow due to a large page size and many resources. The site lacks a valid SSL certificate and modern TLS protocols, which is a critical security shortfall. No advanced security headers or session management features are implemented, exposing the site to potential risks. Security posture is weak due to the absence of HTTPS and security headers, despite no detected vulnerabilities like Heartbleed or POODLE. Privacy compliance is strong with clear privacy and cookie policies and GDPR alignment. Contact information is transparent and comprehensive, including emails, phone numbers, and physical addresses. No advertising or tracking services are detected, indicating a privacy-conscious approach. Overall, the site is trustworthy and authoritative but requires urgent security improvements, especially SSL/TLS implementation, to protect user data and maintain compliance. Strategic recommendations include deploying a valid SSL certificate, enabling modern TLS protocols, adding security headers, and optimizing performance to enhance user experience and security.

kozadattar.hu is an official Hungarian government website supporting the Közadat program, which mandates public institutions to publish metadata about public interest data sets online. The platform facilitates registration and data provision for these institutions and offers free applications to assist in compliance. The target audience includes government bodies and citizens interested in transparency and public data access. The website is operated under the auspices of NISZ Nemzeti Infokommunikációs Szolgáltató Zrt., a government-affiliated entity. Technically, the website is built on Drupal 7 with jQuery and related modules. It is hosted on government infrastructure with DNS and mail servers under gov.hu domains. However, the site suffers from slow performance and lacks modern web optimizations. Mobile responsiveness and accessibility are basic, and SEO features are minimal. From a security perspective, the site has critical deficiencies: it lacks a valid SSL certificate and does not support any TLS protocols, exposing users to insecure connections. No security headers or DNS security features are implemented. The outdated Drupal 7 CMS may pose additional risks if not properly maintained. Privacy and cookie policies are absent, indicating compliance gaps with GDPR and related regulations. Overall, while the site fulfills an important government transparency function, its technical and security posture is weak. Immediate improvements in SSL deployment, security headers, and privacy compliance are recommended to enhance trust and protect users.

M

Magyar Rádió Művészeti Együttesei

mrze.hu

0

The website represents the official online presence of the Magyar Rádió Művészeti Együttesei, a Hungarian cultural organization focused on classical music ensembles including symphonic orchestra, choir, and children's choir. It serves as a platform for concert information, ticket sales, media content, and organizational news, targeting classical music enthusiasts and concert attendees primarily in Hungary. The site is built on WordPress with a variety of custom plugins and integrates media streaming services. However, a critical security gap exists as the site lacks a valid SSL certificate and does not support HTTPS, exposing users to potential risks. The site includes a cookie consent mechanism and links to a comprehensive privacy policy hosted on the parent MTVA domain, indicating good privacy compliance. No direct contact emails or phone numbers are visible, but a contact form is available. Overall, the site is professionally designed with good accessibility and SEO practices but requires urgent security improvements.

H

Címlap | Hungary matters

hungarymatters.hu

0

Security assessment completed with an overall score of 0/100 (unknown risk). 1 critical issues require immediate attention. Total of 28 security findings identified across all modules.

M

Meraki Marketing Kft.

meraki.hu

0

Meraki Marketing Kft. is a Hungarian digital marketing agency specializing in services such as web development, SEO, videomarketing, branding, and digital campaigns. The company targets businesses aiming for growth and international market entry, positioning itself as an innovative and fast-growing agency with a strong client portfolio and testimonials. The website is professionally designed, content-rich, and provides clear contact information and GDPR-compliant privacy policies. Technically, the site uses Joomla CMS with UIkit framework and integrates common marketing and analytics tools like Google Analytics, Facebook Pixel, and Google Tag Manager. However, the website suffers from critical security issues due to an invalid or missing SSL certificate and disabled TLS protocols, which undermines secure communications. Performance is also a concern with slow load times and large page size. Overall, the site demonstrates good privacy compliance and business credibility but requires urgent security improvements to protect user data and enhance trust.

H

HRmaster

hrmaster.ro

0

HRmaster.ro is a Romanian-based HR software provider offering a modular and scalable solution for companies of all sizes to automate and manage human resources processes. The company positions itself as a recognized player in the European HR Tech market with a focus on recruitment, employee management, training, and performance evaluation. The website is built on Joomla CMS with modern UIkit frontend framework and integrates Google services for analytics and bot protection. However, the absence of a valid SSL certificate and HTTPS severely impacts the security posture, exposing users to risks. Privacy compliance is partially addressed with a privacy policy and GDPR consent on forms, but lacks cookie consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, the site demonstrates good content quality and business legitimacy but requires urgent security improvements.

I

Interticket Kft.

jegy.hu

0

Jegy.hu is a well-established Hungarian online ticketing platform specializing in cultural events such as theater, concerts, festivals, and sports. Founded in 2000, it serves a large audience primarily in Hungary with some regional presence. The platform offers extensive event listings, search and filtering capabilities, and supports affiliate marketing and gift vouchers. Technically, the site uses a custom CMS with modern JavaScript libraries and frameworks, providing a good user experience and mobile optimization. However, a critical security gap is the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with cookie consent mechanisms and comprehensive privacy policies. Overall, the site is professional and trustworthy but requires urgent security improvements.

Bonelli Bus s.a.s. is a well-established transportation company based in Italy, offering a variety of bus services including interregional lines, shuttle services, school transport, excursions, and bus rentals. The company targets tourists, commuters, and groups requiring transportation primarily in the Italian regions of Rimini, San Marino, Urbino, and Torino. The website is built on WordPress using Elementor and integrates common marketing and analytics tools such as Google Tag Manager and Facebook Pixel. Despite a professional design and comprehensive content, the website lacks a valid SSL certificate, which significantly impacts its security posture. Privacy and cookie policies are present and appear GDPR compliant, with a functional consent mechanism. The domain is mature and consistent with the business profile, enhancing trustworthiness. However, the absence of HTTPS and security headers, along with the presence of a suspicious external script domain, pose security risks that should be addressed promptly.

The website is.cc is currently inaccessible due to a Cloudflare security challenge page that requires human verification via Turnstile captcha. This prevents access to any substantive content or business information. The technical infrastructure is protected by Cloudflare but lacks a valid SSL certificate and HTTPS support, resulting in a poor security posture. Performance is slow and no privacy or contact information is available. Due to the blocking mechanism, a full analysis of the website's business model, services, and compliance cannot be performed.

I

International Beach Tennis IFBT

ifbt.eu

0

International Beach Tennis IFBT is a small, specialized sports federation focused on promoting and organizing beach tennis events globally. The organization operates a multilingual WordPress website providing comprehensive event information, player rankings, and membership services. The technical infrastructure is based on WordPress with several plugins and a custom theme, hosted by CDmon in Spain. While the website content and business information are well presented and consistent with the organization's mission, the security posture is weak due to lack of a valid SSL certificate and absence of modern TLS protocols. Privacy compliance is addressed with clear policies and consent mechanisms. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

F

FUNDACION DEL MUSEO GUGGENHEIM BILBAO

guggenheim-bilbao.eus

0

The Museo Guggenheim Bilbao is a prominent non-profit cultural institution based in Bilbao, Spain, managed by the FUNDACION DEL MUSEO GUGGENHEIM BILBAO. The website serves as a comprehensive portal for visitors to plan their visits, explore exhibitions, and access educational resources. It targets a broad audience interested in art, culture, and museum experiences. The museum holds a strong market position as an internationally recognized art venue with strategic partnerships and sponsorships from government and corporate entities. Technically, the website leverages modern web technologies including Next.js and React, with a headless WordPress CMS backend. It integrates accessibility tools and multimedia content hosted on Vimeo. The site is mobile-optimized and SEO-friendly, providing a good user experience and navigation clarity. From a security perspective, the site currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability impacting user trust and data security. Other security headers and best practices are partially implemented, but the absence of HTTPS significantly lowers the security posture. Overall, the website is professionally designed and content-rich, but the lack of HTTPS is a major risk. Strategic recommendations include immediate SSL/TLS deployment, enabling HSTS, and improving certificate management to enhance security and user trust.

E

Evolution Consulting Kft.

hrmaster.hu

0

HRmaster.hu is the online presence of Evolution Consulting Kft., a mature Hungarian company founded in 2012, offering modular HR software solutions tailored for small to large enterprises. The website presents a comprehensive portfolio of HR management modules and payroll services, positioning itself as a top European HR Tech provider. The technical infrastructure is based on Joomla CMS, PHP, ASP.NET, and Microsoft IIS, with modern JavaScript frameworks enhancing user experience. However, the site lacks a valid SSL certificate, exposing it to security risks and reducing trustworthiness. Contact information and business credibility are well established with testimonials and certifications. Overall, the website is professional and content-rich but requires urgent security improvements to enable HTTPS and enhance privacy compliance.

M

Magyar Rádió Művészeti Együttesei

radiomusic.hu

0

radiomusic.hu is the official website for the Hungarian Radio's Artistic Ensembles, providing information about their symphonic orchestra, choir, children's choir, and related cultural events. The site serves a Hungarian-speaking audience interested in classical music and concert attendance, offering ticket sales, event calendars, galleries, and news updates. The organization is well-established with a history of over 80 years, supported by the parent media entity MTVA. Technically, the site is built on WordPress with a variety of plugins and JavaScript libraries to enhance user experience and functionality. However, the absence of a valid SSL/TLS certificate is a critical security shortfall, exposing users to potential risks and reducing trust. The site implements cookie consent mechanisms and links to legal and privacy pages, but lacks explicit security or incident response policies. Overall, the website is content-rich and professionally maintained but requires urgent security improvements to meet modern standards.

K

Közszolgálati Médiaakadémia Alapítvány

media-akademia.hu

0

The Média Akadémia website represents a Hungarian non-profit foundation dedicated to media education and talent development, primarily targeting future television and radio professionals. The site is well-structured with rich content including news articles, event information, and educational program details. It leverages WordPress CMS with a variety of plugins to deliver multimedia content and interactive features. However, the absence of a valid SSL certificate and HTTPS support is a critical security shortfall that undermines user trust and data protection. The site implements a cookie consent mechanism but lacks comprehensive privacy and security policies. The domain registration is consistent and aligns with the organization's public media affiliations, indicating legitimacy. Strategic improvements in security posture and privacy compliance are necessary to enhance overall trustworthiness and compliance.

D

Duna Médiaszolgáltató Nonprofit Zrt.

dunamsz.hu

0

Duna Médiaszolgáltató Nonprofit Zrt. operates as a Hungarian public media service provider delivering television, radio, and online content primarily targeting Hungarian-speaking audiences. The website serves as a portal for accessing media services and related information, reflecting a nonprofit business model with a strong public service orientation. The company is positioned as a key player in Hungary's media landscape, supported by partnerships with official entities such as MTVA. Technically, the website is built on WordPress with a modern set of JavaScript libraries and plugins to support multimedia content delivery and user interaction. However, the absence of a valid SSL certificate and HTTPS support represents a critical security gap, exposing users to potential risks. The site includes a cookie consent mechanism but lacks explicit privacy, security, and incident response policies, which may affect compliance with GDPR and other regulations. Overall, the site is functional and professionally designed but requires urgent security enhancements to protect user data and improve trust.

Security assessment completed with an overall score of 0/100 (unknown risk). 1 critical issues require immediate attention. Total of 25 security findings identified across all modules.

S

San Marino Welcome

sanmarinowelcome.com

0

San Marino Welcome is a small Destination Management Company specializing in organizing events, meetings, and customized experiences in San Marino. The company collaborates with local hospitality, catering, and leisure providers to deliver exclusive and memorable events. The website is built on WordPress using Elementor and Yoast SEO, indicating a moderate level of digital maturity. However, the site suffers from a lack of HTTPS support, which significantly impacts its security posture. Cookie consent is implemented, but no privacy policy or terms of service pages were found, indicating gaps in compliance. Contact information and social media presence are clearly provided, supporting business credibility. Overall, the website provides good content and user experience but requires urgent security improvements.

C

Consorzio Terra di San Marino

terradisanmarino.com

0

Consorzio Terra di San Marino is a small-sized cooperative consortium focused on protecting and promoting typical agro-food products from the Republic of San Marino. The website serves as a platform to showcase their products, events, and cultural heritage, targeting local consumers and enthusiasts of traditional food and rural culture. Technically, the site is built on Drupal 7 with common web libraries and Google Analytics for tracking. However, the site suffers from critical security shortcomings, notably the absence of HTTPS and a valid SSL certificate, which exposes users to risks and undermines trust. Privacy compliance is basic, with a cookie policy and consent mechanism but no explicit privacy or security policies. The domain is mature and consistent with the business claims, enhancing credibility. Overall, the site provides good content and user experience but requires urgent security improvements to protect visitors and enhance trust.

24xtra.hu is a user authentication portal associated with the Hungarian media brand 24.hu, providing login and registration services including social login options via Facebook, Apple, and Google. The site targets Hungarian-speaking users of 24.hu services and acts as a gateway for accessing content or services requiring user authentication. The business model centers on user identity management for a media platform. Technically, the site is hosted on Amazon AWS infrastructure using CloudFront CDN and employs Keycloak for single sign-on capabilities. The technology stack includes modern JavaScript modules and standard web technologies, but performance metrics are unavailable or minimal, indicating potential areas for improvement. Mobile optimization and accessibility are basic but functional. From a security perspective, the site implements several important HTTP security headers and enforces HSTS with preload. However, the absence of a valid SSL certificate and lack of HTTPS support critically undermine the security posture. No OCSP stapling or session resumption is configured, and no privacy or cookie policies are published, indicating compliance gaps. No contact or business information is provided on the site, limiting transparency. Overall, the site is functional as a login portal but requires urgent improvements in SSL/TLS configuration and privacy compliance to enhance trust and security. The domain registration is consistent with the 24.hu brand, supporting legitimacy. Strategic recommendations include obtaining a valid SSL certificate, publishing privacy and cookie policies, and improving performance and accessibility.

M

Médiaszolgáltatás-támogató és Vagyonkezelő Alap (MTVA)

mtva.hu

0

MTVA.hu is the official website of the Hungarian public media organization Médiaszolgáltatás-támogató és Vagyonkezelő Alap (MTVA), providing a wide range of media services including television, radio, and online content. The site is well-structured, content-rich, and targets the Hungarian public with news, press releases, and organizational information. The business model is public service media, supported by government funding, positioning MTVA as a leading media broadcaster in Hungary. Technically, the site is built on WordPress with modern JavaScript libraries and accessibility features, hosted on Telekom.hu infrastructure. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS, exposing users to potential risks. The site implements proper email security with SPF and DMARC records and includes a cookie consent mechanism compliant with GDPR. Overall, the website demonstrates good business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

I

IDIMweb

idimweb.com

0

IDIMweb is a small, specialized web agency operating primarily in France and the Caribbean, with over 15 years of experience in custom website creation, development, SEO, and digital marketing. The company targets professionals, institutions, and individuals seeking tailored web solutions, leveraging Joomla CMS and modern frontend technologies. The website reflects a professional and consistent brand image with clear contact channels and a portfolio of client references. Technically, the site uses Joomla with Bootstrap and jQuery, but suffers from slow load times and lacks a valid SSL certificate, which is a critical security shortfall. Privacy compliance is well addressed with comprehensive cookie and privacy policies and a consent mechanism. Social media integration and analytics usage are moderate and transparent.

T

TEMPESTA MEDIA, S.L.

latempesta.cc

0

La Tempesta is a small Spanish company specializing in digital transformation and consulting services for cultural heritage and social innovation organizations. Founded in 2019, it offers a range of services including digital storytelling, web development, 3D virtualisation of heritage, knowledge management, and digital strategy. The company has a strong market position within its niche, supported by reputable clients and industry awards. Technically, the website is built on WordPress with modern plugins and frameworks, optimized for SEO and multilingual support. However, the site suffers from a critical security issue due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts its security posture. Privacy compliance is well addressed with comprehensive cookie and privacy policies and consent mechanisms. Overall, the business presents a professional and trustworthy image but must urgently address its SSL/TLS configuration to improve security and user trust.

L

Log In ‹ CEATL members — WordPress

ceatl-members.eu

0

The website ceatl-members.eu serves as a WordPress-based login portal for CEATL members, indicating a restricted access platform likely intended for a specific user group. The site lacks publicly accessible business descriptions, contact information, or policy documents, which limits transparency and user trust. Technically, the site runs on WordPress with jQuery libraries and is hosted by Budget Webhosting. However, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which exposes users to potential data interception risks. The security posture is weak, with minimal security headers and no modern TLS protocols enabled. Privacy compliance is also lacking, with no visible privacy or cookie policies or GDPR indicators. Overall, the site appears to be a basic, small-scale member login portal with limited public-facing content and significant security and compliance gaps.

R

Repubblica di San Marino

gov.sm

0

The website gov.sm serves as the official digital portal for the Republic of San Marino, providing citizens and public administration users with access to government services, news, and administrative information. It is positioned as the primary government interface for public sector communication and service delivery. The site targets residents, businesses, and government employees within San Marino. Technically, the website uses older but stable technologies such as jQuery 1.12.4 and Bootstrap, with a custom or unknown CMS. However, performance is slow with a load time exceeding 12 seconds, and SEO and accessibility features are basic. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no DNSSEC or CAA records, exposing the site to potential risks. Privacy compliance is minimal, with no cookie consent mechanism and only a basic privacy policy present. Business credibility is moderate given the official government branding and domain, but the lack of contact information and security best practices reduces trust. Overall, the site requires urgent security improvements and enhanced privacy compliance to meet modern standards.

U

Ufficio del Turismo

visitsanmarino.com

0

The website visitsanmarino.com serves as the official tourism portal for the Republic of San Marino, providing comprehensive information on events, travel planning, cultural experiences, shopping, and outdoor activities. It targets tourists and visitors interested in exploring San Marino, positioning itself as the authoritative source for tourism-related content in the country. The business model is government-driven, focusing on promoting tourism and cultural heritage. Technically, the site is built on Magnolia CMS and served via Apache, utilizing JavaScript libraries including jQuery and Google Tag Manager for analytics and marketing. The site is multilingual and mobile-optimized, though performance data suggests potential slowness. Accessibility and SEO are basic but functional. From a security perspective, the site lacks a valid SSL certificate and HTTPS support, which is a critical vulnerability. Security headers are minimal, and no advanced security policies or incident response information are published. Cookie consent mechanisms are absent despite the use of tracking tools, indicating privacy compliance gaps. Overall, the site is legitimate and trustworthy as an official government tourism resource but requires urgent improvements in security and privacy compliance to protect users and enhance trust.

The website pa.sm serves as the official government portal for the Republic of San Marino, providing citizens and businesses with access to public administration services, news, and information. It targets local users and offers key services such as online public services, recruitment notices, and departmental information. The site is branded consistently with government logos and domain usage, reinforcing its official status. Technically, the website employs older but widely used technologies like jQuery 1.12.4 and Bootstrap, with some external libraries loaded from CDNs. However, the site suffers from slow performance with a load time exceeding 12 seconds and lacks modern security configurations. Notably, there is no valid SSL certificate, resulting in no HTTPS support, which is a critical security flaw. The absence of security headers and cookie consent mechanisms further weakens its security and privacy posture. From a security perspective, the lack of HTTPS and security headers exposes users to potential risks, and the site does not demonstrate compliance with GDPR or other privacy regulations. No incident response or vulnerability disclosure information is provided. WHOIS data confirms the domain's legitimacy and government ownership, supporting the trustworthiness of the site despite technical shortcomings. Overall, while the website fulfills its role as a government information portal with good content quality and professional design, significant improvements in security, privacy compliance, and performance are necessary to enhance user trust and protect sensitive data.