Security Directory

E

EarthX

earthxtv.com

64

The website demonstrates a moderate to poor overall security posture, with critical gaps in key areas such as security headers, GDPR compliance, and adherence to NIS2 requirements. No critical vulnerabilities were found, but several high-severity issues pose significant risks including missing essential HTTP security headers and lack of foundational security policies and procedures. GDPR compliance is insufficient, risking regulatory penalties and damaging customer trust due to missing cookie consent and incomplete privacy practices. The absence of incident response and business continuity plans further increases operational risk. Email security and network security are relatively strong, but SSL/TLS implementation weaknesses and DNS configuration gaps expose the site to man-in-the-middle and spoofing attacks. Immediate attention to security headers and policy frameworks is essential to reduce exposure to common web attacks and regulatory non-compliance. Overall, the organization should prioritize governance, technical controls, and compliance to safeguard data and maintain business continuity.

V

Virtuous Software

virtuous.org

69

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected but multiple high and medium priority issues that expose it to significant risk. Key weaknesses lie in missing essential security headers, lack of GDPR compliance measures, and inadequate implementation of NIS2 security frameworks, which collectively threaten data protection and regulatory adherence. SSL/TLS configurations need urgent improvement due to weak key lengths and impending certificate expirations, increasing susceptibility to interception. DNS and network security are relatively strong, and email security is excellent, providing a solid foundation in those areas. However, the absence of incident response procedures and security policy documentation highlights a lack of preparedness for security incidents. The missing cookie policy and consent mechanisms further expose the business to legal and reputational risks under data privacy regulations. Addressing these issues promptly will strengthen the website’s defenses, ensure compliance, and safeguard customer trust.

I

Institutional Real Estate, Inc.

irei.com

64

The website exhibits a concerning security posture with no critical issues but multiple high and medium severity vulnerabilities. Key deficiencies exist in security headers, exposing the site to clickjacking, XSS, and content injection attacks. GDPR compliance is weak, lacking cookie policies and consent mechanisms, which risks regulatory penalties and erodes customer trust. The absence of a formal information security framework, incident response, and security policies under NIS2 regulations exposes the business to operational risks and potential regulatory non-compliance. SSL/TLS configurations are suboptimal, featuring weak encryption and expiring certificates, increasing susceptibility to interception. DNS security is moderate but can be improved by enabling DNSSEC and configuring CAA records. While email and network security are strong, the overall posture demands urgent remediation to protect business assets, ensure compliance, and maintain customer confidence.

R

RFTB Digital Agency

rftb.agency

68

The website demonstrates a moderate security posture with no critical vulnerabilities detected but multiple high and medium-risk issues that could impact regulatory compliance and operational security. Notably, major gaps in GDPR compliance, including lack of privacy and cookie policies as well as absence of a consent mechanism, expose the business to legal and reputational risks. The absence of a formal information security framework, security policies, incident response, and business continuity plans significantly weakens the organization's resilience against cyber threats and regulatory mandates like NIS2. Technical security controls such as security headers and network services also show deficiencies, including missing Content-Security-Policy headers and exposure of high-risk services like FTP. SSL/TLS and email security are relatively strong, mitigating some risk. Overall, the company should urgently address compliance and governance gaps while strengthening security controls to reduce exposure and support sustainable business operations. Failure to act could result in regulatory penalties, data breaches, and damage to customer trust.

E

EarthX

earthx.org

65

The website demonstrates a generally moderate security posture with no critical issues but several high and medium risks that could impact business continuity, customer trust, and regulatory compliance. Key deficiencies include missing critical security headers and lack of foundational security policies such as incident response and business continuity planning. GDPR compliance gaps like the absence of a cookie consent banner and incomplete privacy documentation pose legal and reputational risks. The NIS2 framework adoption is notably weak, indicating insufficient organizational security governance and readiness. Email security and SSL/TLS configurations are adequate but require improvements to prevent phishing and data interception. DNS and network security show solid implementation, which reduces exposure to certain attack vectors. Overall, immediate attention to security headers, policy frameworks, and regulatory compliance is vital to strengthen defenses and maintain stakeholder confidence.

O

Old Parkland

oldparkland.com

71

The website demonstrates a generally strong technical security foundation, with excellent scores in email security, SSL/TLS, DNS health, and network security. However, significant gaps exist in governance and compliance areas, particularly relating to GDPR and NIS2 regulatory requirements. The absence of key privacy policies, cookie consent mechanisms, and documented information security frameworks exposes the business to legal risks, regulatory penalties, and reputational damage. Missing security headers and incomplete incident response and business continuity plans increase vulnerability to cyberattacks and operational disruptions. Immediate remediation in compliance documentation and security governance is critical to align with legal obligations and protect customer trust. Proactive management of expiring SSL certificates and DNSSEC implementation will strengthen overall resilience. Addressing these issues will reduce regulatory exposure and enhance the organization's security maturity, supporting sustainable business growth.

C

Consensus Sales, LLC

goconsensus.com

73

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity vulnerabilities that require urgent attention. Key gaps exist in security headers, GDPR compliance, and especially in adherence to NIS2 requirements, indicating insufficient information security governance and incident response preparedness. Missing Content-Security-Policy and Permissions-Policy headers expose the site to client-side attacks, while the absence of a cookie consent banner and incomplete privacy documentation risk regulatory non-compliance and potential fines. SSL/TLS and network security are strong areas, but upcoming certificate expiry and missing DNSSEC present risks to data integrity and trust. Email security shows room for improvement with missing DKIM signatures, which could affect email authenticity. Addressing these issues will strengthen both the technical defenses and regulatory compliance, reducing the risk of data breaches, reputational damage, and legal penalties.

W

WorkSpan, Inc.

workspan.com

70

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but multiple high and medium severity issues significantly undermine its overall security and regulatory compliance. Key weaknesses include missing critical HTTP security headers, lack of GDPR-compliant cookie policies, and an absence of foundational NIS2 security governance such as incident response and security documentation. While email security, SSL/TLS, DNS health, and network security show strong performance, gaps in security headers and compliance frameworks expose the business to risks including clickjacking, cross-site scripting, data privacy violations, and regulatory penalties. The absence of a formal information security framework and incident response procedures increases exposure to operational disruption and reputational damage. Immediate remediation is essential to strengthen defenses and meet legal obligations. Addressing these issues will reduce the risk of data breaches, improve customer trust, and ensure regulatory compliance, safeguarding business continuity and brand reputation.

O

Ooshman

ooshman.au

59

The website demonstrates significant security gaps, particularly in foundational security headers, privacy compliance, and information security governance, resulting in a poor overall security posture. While network security and email security score relatively well, critical vulnerabilities such as missing Strict-Transport-Security and Content-Security-Policy headers expose the site to data interception and cross-site scripting attacks. The absence of GDPR compliance elements like privacy and cookie policies presents legal and reputational risks. Additionally, missing NIS2-related documentation and incident response procedures indicate a lack of preparedness for cyber incidents, increasing operational risk. Weak SSL key lengths and impending certificate expiration further undermine secure communications. Addressing these high and medium priority issues is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity. Immediate remediation will reduce potential breach impact, enhance customer trust, and align with industry standards.

H

HandL Digital LLC

utmgrabber.com

71

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to significant security and compliance risks. Key gaps in security headers and transport security headers reduce protection against common web-based attacks and data interception. Non-compliance with GDPR, notably lacking a cookie consent banner and incomplete privacy policies, risks regulatory penalties and undermines user trust. The absence of a formal information security framework, incident response procedures, and security policies indicates weak organizational security maturity, potentially leading to poor incident handling and increased downtime. While email, network security, SSL/TLS, and DNS configurations are relatively strong, critical improvements are needed in governance and application-layer protections. Addressing these vulnerabilities promptly will protect sensitive data, improve regulatory compliance, and strengthen overall cyber resilience. Prioritizing governance and security headers will provide the greatest immediate business value. Continuous monitoring and policy updates should follow to maintain security posture and compliance.

U

Uber Freight

uberfreight.com

65

The website demonstrates a moderate security posture with no critical vulnerabilities but multiple high and medium-level issues that expose the business to significant risks. Key deficiencies exist in HTTP security headers, which leave the site susceptible to common web attacks like clickjacking, XSS, and data interception. GDPR compliance is notably weak, lacking core privacy elements such as a privacy policy, cookie policy, and consent mechanisms, which can result in regulatory penalties and reputational damage. The absence of a documented information security framework, incident response, and business continuity planning highlights operational risks in managing security incidents. While email security and network security show strong maturity, the gaps in SSL/TLS configurations and DNS settings further reduce overall resilience. Immediate remediation is required to protect user data, ensure regulatory compliance, and maintain customer trust. Proactive security governance and policy documentation are essential to meet NIS2 directives and strengthen organizational security posture.

B

BPAY Pty Ltd

bpay.com.au

63

The website demonstrates a moderate overall security posture with no critical issues detected, but several high and medium-risk vulnerabilities that pose significant risks to business operations and compliance. Key deficiencies exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, exposing the organization to regulatory penalties and potential data breaches. The absence of privacy and cookie policies, as well as missing consent mechanisms, undermines trust and legal compliance with data protection laws. Weak SSL/TLS configurations and mixed content issues threaten secure data transmission and user confidentiality. Network security and email security are strong points, reflecting good foundational controls in those areas. However, the lack of incident response procedures and security documentation hampers the organization's ability to effectively manage and respond to cyber incidents. Immediate remediation efforts should focus on closing compliance gaps, strengthening encryption standards, and improving security policy frameworks to safeguard business continuity and reputation.

N

NZX Wealth Technologies

nzxwt.nz

57

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but multiple high and medium severity issues, particularly in compliance and policy enforcement. Key weaknesses include missing essential security headers, lack of GDPR compliance, absence of a formal information security framework, and poor DNS health. These gaps expose the business to data privacy risks, reputational damage, and potential regulatory penalties. Email security is moderately strong but can be improved. Network security and SSL/TLS configurations are generally well implemented, which mitigates some risk. However, the lack of incident response and business continuity planning raises concerns about resilience to cyber incidents. Urgent attention to governance, privacy policies, and DNS configurations is required to strengthen defense and regulatory compliance. Overall, the site is vulnerable to web-based attacks and non-compliance fines that could impact business continuity and customer trust.

S

SuperLife

superlife.co.nz

66

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but multiple high and medium-risk issues that could expose the business to significant risks. Key gaps exist in security headers implementation, GDPR compliance, and adherence to the NIS2 cybersecurity framework, indicating potential regulatory non-compliance and increased risk of data breaches. The SSL/TLS configuration is suboptimal, with an expiring certificate posing a near-term availability risk. While network security and email security are relatively strong, foundational aspects such as incident response, security policies, and cookie management need urgent attention. The absence of critical headers like Content-Security-Policy and X-Frame-Options increases the risk of cross-site scripting and clickjacking attacks. GDPR-related deficiencies, including missing cookie consent and insufficient privacy policy, may lead to legal penalties and reputational damage. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

S

Smartshares Limited

smartinvest.co.nz

63

The website's overall security posture reveals significant gaps, particularly in foundational security headers, GDPR compliance, and NIS2 regulatory adherence. While there are no critical vulnerabilities, multiple high-severity issues expose the business to risks such as data breaches, regulatory penalties, and reputational damage. Missing key HTTP security headers and an impending SSL certificate expiration undermine secure communications and user trust. GDPR compliance deficiencies, including the absence of a cookie policy and consent mechanisms, present legal and operational risks, especially in European markets. The lack of documented information security and incident response policies indicates insufficient preparedness against cyber incidents. On a positive note, the network security and email security modules score relatively well, showing strengths in these areas. Immediate remediation is needed to protect sensitive data, ensure regulatory compliance, and maintain customer confidence.

D

DiscoverOrg

discoverorg.com

64

The website exhibits a concerning security posture with no critical issues but multiple high and medium-risk findings, indicating significant gaps in foundational security controls. Key deficiencies include missing essential HTTP security headers, weak SSL/TLS configurations, and inadequate GDPR compliance measures, exposing the business to data breaches and regulatory penalties. The absence of a formal information security framework, incident response, and business continuity plans further increases operational risk and vulnerability to cyber incidents. While email and network security are strong, critical areas like web security headers, SSL/TLS, and compliance require urgent attention to protect sensitive user data and maintain customer trust. DNS security is relatively robust but can be improved with additional configurations. Addressing these issues will reduce the risk of exploitation, improve regulatory compliance, and strengthen overall resilience. Prioritizing governance, technical controls, and privacy policies will provide the best risk reduction and business value.

C

Cure Kids

rednoseday.co.nz

66

The website demonstrates a moderate overall security posture with no critical issues detected; however, there are multiple high and medium severity gaps that present significant risk to business operations and compliance. Key vulnerabilities include lack of foundational security headers and insufficient email authentication, which increase exposure to web-based attacks and phishing risks. Compliance with GDPR and NIS2 regulations is notably weak, with missing cookie consent mechanisms, security policies, and incident response procedures that could lead to regulatory penalties and reputational damage. While network and DNS security are relatively strong, the absence of core security policies and frameworks undermines the organization's resilience against cyber threats. Immediate remediation is critical to protect sensitive customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will also improve customer trust and reduce the likelihood of data breaches. Prioritizing security governance and visibility should be central to the remediation roadmap. Overall, the organization must advance beyond technical fixes to establish a robust security culture aligned with regulatory expectations.

G

G5

getg5.com

74

The website's overall security posture reveals significant gaps, particularly in compliance with regulatory frameworks such as GDPR and NIS2, which pose legal and reputational risks. While there are no critical vulnerabilities, several high-severity issues—such as missing security policies, weak SSL key length, and absence of cookie consent—indicate inadequate protection against data breaches and cyber incidents. The security headers and privacy configurations are suboptimal, increasing the likelihood of clickjacking attacks and non-compliance with data privacy laws. Network security and email security are strong points, demonstrating robust perimeter defenses. However, deficiencies in incident response, business continuity planning, and security documentation expose the business to prolonged downtime and regulatory penalties in case of an incident. Immediate attention is needed to address these weaknesses to safeguard customer data, maintain trust, and ensure compliance. Improving these areas will enhance the website’s resilience against cyber threats and regulatory scrutiny.

The website’s overall security posture reveals significant gaps in critical areas, particularly compliance with GDPR and NIS2 regulations, as well as foundational security controls. While there are no critical vulnerabilities, the presence of 11 high-severity issues highlights urgent risks that could lead to legal penalties, data breaches, or service disruptions. Missing key HTTP security headers and weak SSL/TLS configurations expose the site to common web-based attacks such as clickjacking and mixed content exploitation. Compliance gaps, including lack of cookie policies and incident response planning, increase regulatory and operational risks. DNS health issues like unregistered MX records pose risks to email reliability and can affect business communication. Positively, network security controls are strong, and email security is fairly robust, but improvements are needed to prevent spoofing and phishing. Immediate remediation will reduce risks, improve customer trust, and align with regulatory requirements. Without prompt action, the business risks reputational damage, regulatory fines, and potential data compromises.

B

Briscoes AU

briscoes.com.au

54

The website's security posture is currently weak, with numerous critical and high-risk vulnerabilities exposing the business to significant threats including data breaches, regulatory fines, and operational disruptions. Critical services such as Telnet, SMB, MSSQL, MySQL, PostgreSQL, Redis, and MongoDB are openly exposed, posing immediate risk of compromise. Security headers are inadequately configured, leaving the site vulnerable to clickjacking, cross-site scripting, and data leakage attacks. GDPR compliance is poor, with no cookie policy or consent mechanisms in place, increasing legal and reputational risks. The absence of a formal information security framework, incident response plan, and security policies under NIS2 requirements indicates a lack of preparedness for cyber incidents. SSL/TLS configurations are suboptimal, including weak keys and impending certificate expiration, undermining data encryption and trust. Although email security and DNS health show relatively better scores, critical network security gaps must be addressed urgently to protect business assets and maintain customer trust.

P

Profisee

profisee.com

67

The website demonstrates a moderate overall security posture with no critical issues but multiple high and medium risk findings that could expose the business to significant operational, reputational, and regulatory risks. Key weaknesses exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity framework requirements, reflecting gaps in privacy protection, incident preparedness, and information security governance. SSL/TLS configurations show vulnerabilities including weak key lengths and impending certificate expiration, which threaten secure communications. While email security and network security measures score well, foundational security controls such as Content Security Policy and proper cookie management are missing. Failure to implement GDPR-required cookie consent and policies exposes the business to potential regulatory penalties and loss of customer trust. The absence of incident response and business continuity plans significantly heightens risk from cyber incidents. Immediate remediation will reduce attack surface, improve compliance, and strengthen customer confidence. Overall, addressing these gaps is essential to align with industry standards and regulatory obligations, protecting both the business and its customers.

C

CNECT

cnectgpo.com

65

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk vulnerabilities across key domains. Significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity standards, exposing the business to regulatory, reputational, and operational risks. Missing essential headers like Strict-Transport-Security and Content-Security-Policy weaken defense against common web attacks. GDPR-related deficiencies, including lack of a cookie policy and consent mechanisms, risk non-compliance penalties. The absence of documented security policies, incident response, and business continuity plans under NIS2 further increases exposure to cyber threats and operational disruptions. SSL/TLS configurations are suboptimal with weak key length and upcoming certificate expiry, potentially compromising secure communications. Encouragingly, network security and email security show relatively strong scores, indicating some foundational controls are in place. Immediate remediation focused on regulatory compliance and critical security controls will substantially reduce risk and improve trustworthiness.

R

RealPage

yieldstar.com

73

The website demonstrates a moderate security posture with no critical vulnerabilities detected but several high and medium-severity issues that could expose the business to regulatory risks and cyber threats. Notably, the absence of essential security headers and weak encryption practices increase susceptibility to common web attacks such as clickjacking and data interception. GDPR compliance gaps, including missing cookie consent and incomplete privacy policies, pose significant legal and reputational risks, especially in markets regulated by data protection laws. The lack of a formal information security framework, policy documentation, and incident response procedures highlights a critical deficiency in organizational security governance. While network security and email security perform relatively well, weaknesses in SSL key strength and DNS configurations undermine overall trustworthiness. Addressing these issues promptly will not only enhance security resilience but also support regulatory compliance and customer confidence. A prioritized, strategic approach focusing on governance, encryption, and compliance will provide the most business value. Continuous monitoring and improvement are essential to maintaining and advancing the security posture over time.

S

ShowingTime+

showingtime.com

67

The website demonstrates a moderate overall security posture with strong network security and solid SSL/TLS and email security implementations. However, significant gaps exist in compliance and governance areas, particularly concerning GDPR and NIS2 regulatory requirements, which present considerable legal and reputational risks. The absence of fundamental privacy policies, cookie consent mechanisms, and incident response procedures exposes the business to potential regulatory penalties and customer trust erosion. Missing critical security headers like X-Frame-Options increases susceptibility to web-based attacks such as clickjacking. While core infrastructure like DNS and SSL is generally well-managed, some improvements are needed to maintain robust protection. Immediate focus on establishing comprehensive privacy and security policies, alongside addressing critical security headers, will substantially improve risk posture. Without remediation, these vulnerabilities could lead to data breaches, compliance violations, and operational disruptions impacting business continuity and customer confidence.

S

Seismic

seismic.com

75

The website demonstrates a generally solid security foundation with no critical vulnerabilities detected, and strong performance in email security, SSL/TLS, DNS health, and network security. However, significant gaps exist in governance and compliance areas, notably GDPR and NIS2 regulations, with multiple high-severity issues such as missing cookie policies, lack of incident response procedures, and absence of security framework documentation. These deficiencies expose the business to regulatory risks, potential legal penalties, and reputational damage. Security headers are not fully optimized, leaving the site vulnerable to clickjacking and some cross-site scripting risks. While SSL/TLS configurations are largely robust, upcoming certificate expiry and incomplete HSTS settings require attention to maintain trust and secure communications. Overall, the organization should prioritize establishing comprehensive security policies and compliance measures to mitigate operational and regulatory risks effectively.

R

Real Estate Team OS

realestateteamos.com

66

The website's overall security posture exhibits significant gaps, particularly in foundational security controls and regulatory compliance. Critical and high-severity issues primarily relate to missing email authentication, lack of comprehensive security policies, and poor implementation of security headers, exposing the business to phishing, data breaches, and clickjacking attacks. GDPR compliance is notably weak, with absent cookie policies and consent mechanisms, risking legal penalties and reputational damage. Although network security and SSL/TLS configurations are relatively strong, imminent SSL certificate expiration and missing DNS security features present moderate risks. The absence of an incident response framework and vulnerability disclosure policy indicates unpreparedness for security incidents. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard brand trust. Addressing these issues will strengthen the website’s resilience against common threats and align it with industry best practices.

F

Freddie Mac

freddiemac.com

74

The website demonstrates a generally solid technical security foundation with no critical vulnerabilities detected and strong scores in email security, network security, SSL/TLS, and DNS health. However, significant gaps exist in regulatory compliance and governance, particularly regarding GDPR and NIS2 mandates, which present substantial legal and operational risks. The absence of essential policies such as cookie consent, incident response, and security frameworks exposes the organization to potential regulatory penalties and undermines customer trust. Missing key security headers and mixed content issues indicate areas where the website’s resilience against common web attacks can be improved. While foundational network and protocol configurations are strong, the low scores in compliance reflect a need for urgent attention to documentation, privacy, and incident management. Overall, the security posture is functional but incomplete, with business-critical exposure due to compliance shortcomings. Addressing these gaps will enhance legal compliance, customer confidence, and incident readiness, thereby reducing potential financial and reputational damage.

F

Fannie Mae

fanniemae.com

63

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that could impact both security and regulatory compliance. Notably, the absence of key GDPR-related elements such as Privacy and Cookie Policies, and a consent banner, exposes the business to potential legal penalties and loss of user trust. Security headers are inadequately configured, increasing susceptibility to common web attacks like cross-site scripting. The lacking information security framework and incident response procedures indicate immature cybersecurity governance, risking delayed or ineffective handling of security incidents. SSL certificate expiration and mixed content issues threaten secure communications, while missing DNSSEC and email authentication elements could allow domain spoofing or phishing attacks. Positively, network security and DNS health are strong, providing a solid foundation. Overall, immediate focus on compliance and security policy establishment is critical to safeguard business operations and reputation.

B

Blend

blend.com

72

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, significant gaps exist in compliance, documentation, and some security configurations. High-severity issues center on GDPR non-compliance, including the absence of a cookie policy and consent mechanisms, which expose the business to regulatory and reputational risks. Additionally, the lack of an established information security framework, incident response procedures, and security policy documentation undermines the organization's ability to effectively manage cybersecurity risks and respond to incidents, potentially affecting business continuity. SSL certificate expiration and mixed content warnings further threaten data integrity and user trust. While network security and email security scores are strong, deficiencies in security headers and DNS configurations expose the website to avoidable attack vectors. Prioritizing compliance and foundational security processes will significantly enhance the organization's risk posture and regulatory standing.

D

DotLoop LLC

dotloop.com

74

The website demonstrates a generally strong network and email security posture, with high scores in networkSecurity (100/100) and emailSecurity (95/100). However, significant gaps exist in compliance and governance areas, particularly related to GDPR and NIS2 regulations, where scores are notably low (43/100 and 25/100 respectively). Critical business risks stem from missing cookie policies and consent mechanisms, lack of information security frameworks, and absent incident response and business continuity plans. Security headers are partially implemented but lack essential protections like Content-Security-Policy, increasing exposure to web-based attacks. SSL/TLS configurations are good overall but require timely certificate renewal and improved HSTS settings. DNS health is solid but could be enhanced by enabling DNSSEC. Addressing these deficiencies is crucial to mitigate regulatory non-compliance risks, protect customer data, and ensure operational resilience against security incidents.

The website demonstrates a generally sound technical security posture with strong network security, SSL/TLS configurations, and email security. However, there are significant compliance and governance gaps, primarily related to GDPR and NIS2 regulatory requirements, which pose high legal and operational risks. Key concerns include the absence of privacy and cookie policies, lack of consent mechanisms, and missing incident response and information security framework documentation. These deficiencies could lead to regulatory penalties, reputational damage, and loss of customer trust. Security headers are implemented but need strengthening to mitigate web-based attacks effectively. DNS and email security are adequate but have room for improvement to reduce attack surface. Addressing governance and compliance issues should be prioritized alongside enhancing security headers to ensure a balanced, robust security posture that supports business continuity and regulatory adherence.

The website exhibits a moderate security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to regulatory, reputational, and operational risks. Key weaknesses include missing crucial security headers like Content-Security-Policy and inadequate GDPR compliance, notably the absence of a cookie policy and consent mechanism. The most significant gaps lie in the lack of foundational NIS2 security governance elements, including no documented security policies, incident response procedures, or vulnerability disclosure policies. While SSL/TLS and network security are relatively strong, mixed content issues and suboptimal HTTP Strict Transport Security (HSTS) configurations reduce overall protection. DNS security is good but could be enhanced by enabling DNSSEC and configuring CAA records. Immediate remediation is especially critical to meet regulatory requirements, protect sensitive user data, and reduce exposure to web-based attacks. The current state may lead to compliance penalties, customer trust erosion, and increased risk of successful cyberattacks if not addressed promptly.

O

Osano, Inc.

trusthub.com

71

The website demonstrates a generally stable security posture with no critical vulnerabilities detected and strong scores in SSL/TLS and network security. However, significant gaps exist in compliance-related areas, notably GDPR and NIS2 regulatory requirements, which expose the business to legal and operational risks. Missing cookie policies, consent mechanisms, and privacy policy issues create potential non-compliance liabilities under data protection laws. Additionally, the absence of documented security policies, incident response procedures, and security contact information undermines the organization's ability to effectively manage security incidents and regulatory audits. Security headers are partially implemented but lack key protections, increasing the risk of clickjacking and cross-site scripting. Email security is reasonably well configured but can be improved with DKIM and DMARC enhancements. DNS security is good but would benefit from enabling DNSSEC and configuring CAA records to prevent unauthorized certificate issuance. Overall, the company should prioritize compliance maturity and governance to reduce business risk while reinforcing technical controls.

A

Aryeo

aryeo.com

66

The website demonstrates several significant security gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. While there are no critical vulnerabilities, the presence of multiple high and medium severity issues in security headers, GDPR compliance, NIS2 regulatory adherence, and SSL/TLS configuration indicate an urgent need for remediation. The low scores in security headers (30/100), GDPR (43/100), and especially NIS2 (25/100) highlight weaknesses in both technical controls and governance practices. Email security and network security are relatively strong, reducing some exposure to phishing and network-based attacks. However, the absence of key policies and procedures, such as incident response and vulnerability disclosure, leaves the organization ill-prepared for security events. The lack of cookie consent mechanisms also risks non-compliance fines under data protection laws. Overall, the organization should prioritize strengthening foundational security controls and compliance frameworks to protect customer data and maintain trust.

F

Follow Up Boss

followupboss.com

71

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, significant gaps exist in compliance and governance areas, particularly GDPR and NIS2 requirements. While foundational network and email security controls are strong, missing security headers and incomplete security policies expose the business to potential data privacy risks and regulatory penalties. The absence of a cookie policy, consent mechanisms, and incident response procedures presents considerable legal and operational risks, especially as data privacy regulations tighten. Insufficient documentation of security frameworks and contact points undermines stakeholder trust and readiness to respond to incidents. Addressing these issues promptly will enhance regulatory compliance, reduce exposure to data breaches, and improve overall security resilience. The organization should prioritize establishing formal security policies, GDPR compliance measures, and incident response capabilities to protect business continuity and reputation. Investment in these areas will mitigate risks of fines, customer dissatisfaction, and operational disruption.

Z

Zillow, Inc.

zillowhomeloans.com

65

The website demonstrates a concerning security posture with significant gaps in fundamental protections and regulatory compliance. While there are no critical vulnerabilities detected, the presence of 11 high and multiple medium-severity issues indicates elevated risk exposure. Key deficiencies include missing essential security headers, lack of GDPR compliance elements such as privacy and cookie policies, and absence of core NIS2 security governance frameworks and incident response protocols. These lapses increase the risk of data breaches, regulatory penalties, and reputational damage. On a positive note, email security and network security configurations are robust, and SSL/TLS and DNS health are relatively strong but still require improvements. Immediate remediation is needed to address regulatory compliance and secure communication headers to reduce attack surfaces. Implementing structured security policies and response plans will enhance resilience and trust with customers and partners.

S

ShowingTime+

showingtimeplus.com

66

The website's security posture reveals significant gaps primarily in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements, which could expose the business to regulatory penalties and reputational damage. While there are no critical vulnerabilities, multiple high and medium severity issues in security headers, encryption practices, and incident response readiness indicate an elevated risk profile. The absence of privacy policies, cookie consent mechanisms, and security documentation undermines trust and legal compliance. Network and email security are strong points, suggesting foundational infrastructure controls are effective. However, weaknesses in SSL configuration and DNS security measures could jeopardize data confidentiality and integrity. Overall, immediate attention to regulatory compliance and security governance will mitigate substantial business and operational risks. Enhancing security headers and cryptographic standards will further strengthen defenses against common web-based threats.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected but several high and medium severity issues that pose significant risk. Key deficiencies include missing critical security headers such as Content-Security-Policy and weak configurations of transport security headers, increasing exposure to client-side attacks. Compliance gaps with GDPR and NIS2 regulations are evident, notably the absence of cookie policies, consent mechanisms, incident response procedures, and security policy documentation, which could lead to regulatory penalties and reputational damage. The SSL/TLS and DNS configurations are generally solid but require improvements to fully protect data in transit and DNS integrity. Email and network security modules score well, indicating good controls in those areas. However, the lack of a formal information security framework and vulnerability disclosure processes introduces organizational risk. Addressing these issues will strengthen security posture, regulatory compliance, and customer trust.

The website demonstrates a mixed security posture with strengths in network security, SSL/TLS configuration, email security, and DNS health. However, critical gaps exist in compliance with GDPR and NIS2 regulations, especially due to missing privacy policies, cookie consent mechanisms, and comprehensive security documentation. The absence of key security headers and vulnerability disclosure policies further exposes the site to preventable threats like clickjacking and content-type based attacks. These compliance and security shortcomings not only increase operational risk but could also result in regulatory penalties and damage to brand reputation. Immediate attention to privacy compliance and incident response readiness is crucial for business continuity and trust. While foundational security controls are in place, the lack of documented policies and frameworks leaves the organization vulnerable to evolving threats. Addressing these gaps will improve regulatory alignment, customer trust, and overall resilience against cyber threats.

C

Country Road

countryroad.co.nz

63

The website's overall security posture shows no critical vulnerabilities but reveals significant high and medium risks that could expose the business to compliance, operational, and reputational threats. Notably, the absence of foundational GDPR documentation and cookie consent mechanisms presents major regulatory compliance gaps, risking legal penalties and loss of customer trust. The missing core security headers and lack of an incident response framework further amplify exposure to common web-based attacks and operational disruptions. DNS and email configurations contain high-risk issues such as unregistered MX records and missing DKIM records, which could lead to email delivery problems and increased phishing risks. While network security and SSL/TLS configurations are generally strong, mixed content and incomplete HSTS policies reduce overall transport security effectiveness. Immediate remediation in governance, compliance, and core security controls is needed to safeguard customer data, ensure regulatory compliance, and maintain business continuity. Without addressing these, the business faces increased risks of data breaches, service interruptions, and regulatory fines.

Z

Zillow Group

zillowgroup.com

69

The website demonstrates a moderate overall security posture with no critical issues found, but several high and medium severity gaps that pose significant risks. Key vulnerabilities include missing essential security headers, lack of GDPR compliance measures such as cookie policy and consent mechanisms, and absence of comprehensive security governance aligned with NIS2 requirements. While network security and email security are strong, deficiencies in incident response, security policy documentation, and vulnerability disclosure processes expose the business to operational and regulatory risks. The presence of mixed content and weak HSTS configurations could lead to data interception and man-in-the-middle attacks. Non-compliance with GDPR and NIS2 frameworks may result in regulatory penalties and damage to brand reputation. Immediate remediation will reduce exposure to cyber threats and enhance customer trust. Overall, addressing these gaps is critical to aligning security practices with business continuity and regulatory expectations.

The website demonstrates a generally sound network security and SSL/TLS posture, with strong email security and DNS health scores. However, significant shortcomings exist in privacy compliance and information security governance, notably lacking a privacy policy, cookie policies, and essential GDPR compliance elements. Critical NIS2 regulation adherence is absent, including no incident response plan, security policies, or business continuity planning, exposing the organization to regulatory and operational risks. Security headers are incompletely implemented, increasing the risk of common web attacks such as clickjacking and content sniffing. While there are no critical vulnerabilities identified, the high and medium issues collectively indicate a need for urgent remediation to reduce legal exposure, enhance customer trust, and safeguard against potential breaches. Addressing these gaps will improve regulatory compliance, reduce reputational risk, and strengthen the overall security posture. Prioritizing governance and compliance measures alongside technical controls is essential for sustainable business security.

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk findings that could expose the business to regulatory, reputational, and operational risks. Key deficiencies include missing fundamental security headers, lack of GDPR compliance measures such as privacy and cookie policies, and the absence of essential NIS2 cybersecurity governance frameworks like incident response and security policy documentation. While email security, SSL/TLS, DNS health, and network security show strong maturity, the gaps in legal compliance and governance frameworks pose significant risks for regulatory penalties and customer trust erosion. Addressing these gaps is vital to reduce legal liability, improve customer confidence, and strengthen overall cybersecurity resilience. Immediate focus on privacy policy implementation and establishing security governance will enhance compliance with evolving legal and industry standards. Proactive communication of security policies and incident response readiness will also support business continuity and reputation management. Overall, the website requires targeted improvements to bridge compliance and policy deficiencies while maintaining its strong technical security controls.

The website demonstrates a generally good foundation in network security, SSL/TLS configuration, and DNS health, reflected by high module scores in these areas. However, significant gaps exist in compliance with GDPR and NIS2 regulations, exposing the business to potential legal, reputational, and operational risks. Missing critical security headers and the absence of privacy and cookie policies indicate vulnerabilities to web-based attacks and non-compliance penalties. The lack of documented information security frameworks, incident response procedures, and vulnerability disclosure policies further increases risk exposure and reduces readiness to handle security incidents. Email security is moderately strong but requires improvements to enhance email authenticity and reduce phishing risks. Addressing these deficiencies will strengthen regulatory compliance, improve user trust, and reduce the likelihood and impact of cyber incidents. Immediate remediation of high-priority issues will also help safeguard the business’s reputation and avoid costly regulatory fines.

W

WSJ Barrons Group

wsjbg-adsmanager.com

73

The website demonstrates a generally strong technical security foundation with perfect SSL/TLS and network security scores and good DNS health. However, significant gaps exist in governance, compliance, and policy frameworks, particularly around GDPR and NIS2 requirements, which pose substantial business and regulatory risks. Critical headers like Content-Security-Policy are missing, increasing the risk of client-side attacks. The absence of cookie policies and consent mechanisms exposes the business to GDPR non-compliance penalties. Furthermore, the lack of an information security framework, incident response plans, and clear security contacts undermines the organization's ability to manage and respond to cyber threats effectively. While email security and DNS configurations are above average, enabling DNSSEC and adding DKIM records would enhance protection against spoofing and phishing. Overall, the organization's security posture requires urgent attention to policy, compliance, and response capabilities to reduce legal exposure and improve resilience against cyber incidents.

The website demonstrates a generally solid technical security foundation in areas such as network security, SSL/TLS configurations, and email security. However, significant gaps exist in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements, which expose the business to regulatory risks and potential legal liabilities. Critical missing elements include privacy and cookie policies, consent mechanisms, and comprehensive security documentation such as incident response and business continuity plans. The absence of key HTTP security headers also leaves the website vulnerable to web-based attacks like clickjacking and cross-site scripting. While the technical controls are mostly strong, the lack of formal policies and procedures undermines overall security posture and business resilience. Immediate attention is required to align with regulatory mandates and establish clear security governance. Addressing these issues will reduce legal exposure, improve customer trust, and enhance operational readiness against cyber incidents.

The website demonstrates a strong technical foundation in network security, SSL/TLS configuration, and DNS health, scoring above 80% in these areas. However, significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, with several high-severity issues identified. Missing critical security headers like X-Frame-Options exposes the site to clickjacking attacks, while the absence of privacy and cookie policies alongside no consent mechanism poses substantial legal and reputational risks under GDPR. Lack of an information security framework, security policies, and incident response procedures indicate immature cybersecurity governance, increasing vulnerability to breaches and regulatory penalties. Email security is adequate but can be improved by adding DKIM records to prevent spoofing. Overall, the website’s security posture is adequate technically but deficient in compliance and governance, necessitating urgent attention to policy, legal, and procedural controls to safeguard business continuity and customer trust.

C

Country Road

countryroad.com

64

The website demonstrates a moderate security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to regulatory, reputational, and operational risks. Key deficiencies exist in privacy compliance (GDPR) and NIS2-related information security governance, including missing privacy and cookie policies, absence of incident response and security policy documentation, and lack of a vulnerability disclosure program. Security headers are inadequately configured, increasing the risk of clickjacking, content sniffing, and cross-site scripting. While email security, SSL/TLS, DNS health, and network security show relatively strong configurations, mixed content issues and missing DNSSEC reduce overall protection. Addressing these gaps will improve regulatory compliance, customer trust, and resilience against cyber threats. Without timely remediation, the business risks penalties, data breaches, and erosion of stakeholder confidence. Prioritizing governance and compliance improvements alongside technical hardening will yield the greatest business value and security impact.

This website has 4 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website demonstrates a generally strong technical security posture with robust SSL/TLS implementation and good network security. However, significant gaps exist in the organizational security framework, particularly related to compliance with the NIS2 Directive, which impacts regulatory adherence and risk management. The absence of documented security policies, incident response procedures, and vulnerability disclosure mechanisms exposes the business to potential operational disruptions and reputational damage in the event of a security incident. Additionally, failure to implement key security headers and GDPR compliance measures further increases exposure to data breaches and legal penalties. Email security is mostly sound but lacks DKIM records, which could affect email authenticity and increase phishing risks. DNS health is adequate but could be improved by enabling DNSSEC and configuring CAA records to prevent certificate misuse. Overall, the website requires urgent governance and policy enhancements to complement its technical defenses and align with regulatory requirements, ensuring business resilience and trustworthiness.