Security Directory

The website demonstrates a solid baseline security posture with no critical or high severity issues detected. SSL/TLS and network security configurations are robust, scoring a perfect 100, indicating strong encryption and resilient infrastructure. However, there are several medium-level concerns related to compliance and domain security that could expose the business to regulatory penalties and increased attack surface. Notably, failure in GDPR and NIS2 analyses suggests potential gaps in data protection and regulatory adherence. Additionally, the absence of DNSSEC and a non-enforcing DMARC policy increase the risk of domain spoofing and phishing attacks. While low-level issues like missing CAA records have less immediate impact, they still represent opportunities to strengthen trustworthiness. Addressing these medium-priority vulnerabilities will enhance the organization’s risk management and reduce exposure to potential data breaches or compliance fines.

The website demonstrates a strong overall security posture with no critical or high severity issues detected. Key foundational protections such as email security, SSL/TLS configurations, and network security are fully compliant and robust, scoring 100/100. However, medium-level concerns exist around security headers, GDPR compliance, NIS2 requirements, and DNS health, notably the absence of DNSSEC. These medium issues highlight potential vulnerabilities in regulatory compliance and domain security that could expose the business to data privacy risks and domain spoofing attacks. Low severity items, such as missing CAA records, further indicate opportunities to enhance domain certificate management. Addressing these gaps will strengthen regulatory alignment, improve trust with users, and mitigate risks from DNS-based threats. Prioritizing these improvements ensures the website remains resilient against evolving cyber threats and regulatory scrutiny.

This website has 1 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website demonstrates a strong overall security posture with no critical or high-level vulnerabilities detected. Core security components such as email security, SSL/TLS configuration, and network security are fully optimized, scoring 100/100. However, medium-level issues related to missing security headers, GDPR compliance, NIS2 directives, and DNS security indicate areas for improvement. The absence of DNSSEC and incomplete DNS configurations slightly reduce the DNS module score to 85/100. These medium-severity findings could expose the business to regulatory penalties, data integrity risks, and potential targeted attacks if unaddressed. The low-severity issues, including missing CAA records, suggest opportunities to further harden DNS configurations. Addressing these areas will enhance regulatory compliance, reduce attack surface, and improve customer trust. Overall, the site is secure but requires focused remediation in compliance and DNS security to maintain resilience and meet evolving standards.

The overall security posture of the website is solid with no critical issues detected, and strong performance in email security, SSL/TLS, and network security modules. However, there are notable medium and high-risk concerns primarily related to DNS configuration and regulatory compliance. The most pressing issue is an unregistered MX record, which can lead to email delivery failures and potential exposure to phishing or spoofing attacks. Additionally, failure to enable DNSSEC and configure CAA records weakens DNS integrity and increases exposure to domain hijacking. The absence of key security headers and incomplete GDPR and NIS2 compliance analyses indicate gaps that could impact regulatory adherence and increase vulnerability to certain web-based attacks. Addressing these issues will significantly improve security posture, regulatory compliance, and trust with customers and partners. Immediate remediation of DNS configuration issues is critical to maintaining business continuity and safeguarding brand reputation.

The website demonstrates a generally strong security posture with no critical or high-severity issues detected and excellent scores in SSL/TLS and network security. However, medium-level concerns in security headers, GDPR compliance, NIS2 readiness, email security, and DNS health highlight areas requiring attention to reduce risk and ensure regulatory alignment. Notably, the absence of DKIM records and missing DNSSEC implementation expose the domain to potential email spoofing and DNS-based attacks. The lack of configured security headers weakens protection against common web vulnerabilities. Addressing these gaps will enhance trustworthiness, protect customer data, and improve compliance with evolving regulatory frameworks. Overall, the site is secure but would benefit from focused improvements to strengthen defenses and regulatory posture. These efforts will reduce potential business risks related to reputation, legal compliance, and cyber threats.

The website demonstrates a generally strong security posture with no critical or high-risk issues detected. SSL/TLS and network security configurations are robust, scoring 100/100, ensuring encrypted communications and a solid network defense. However, there are medium-level concerns related to missing or misconfigured security headers, GDPR compliance, NIS2 readiness, and DNS security enhancements such as the lack of DNSSEC. Low-level issues in email security, including complex SPF records and absence of DMARC reporting, could affect email deliverability and phishing protection. Addressing these medium and low-level issues will reduce potential attack vectors, improve regulatory compliance, and enhance overall trustworthiness. Proactively resolving these gaps aligns with both security best practices and business continuity goals. This balanced approach will help protect brand reputation, customer data, and meet evolving regulatory requirements effectively.

The website demonstrates a generally strong security posture with no critical or high severity issues detected. Core areas such as email security, SSL/TLS configurations, and network security are well-implemented, scoring 100 out of 100. However, there are several medium-level issues primarily related to compliance and DNS configurations that require attention. Notably, the absence of essential security headers and failure in GDPR and NIS2 compliance analyses indicate potential risks in data protection and regulatory adherence. Additionally, the lack of DNSSEC implementation and missing CAA records could expose the domain to DNS spoofing and certificate mis-issuance risks. Addressing these medium and low-level vulnerabilities will strengthen the website's defenses and help ensure regulatory compliance, thereby protecting business reputation and customer trust. Proactive remediation is recommended to maintain a robust security posture and minimize potential attack surfaces.

The website demonstrates a generally strong security posture with no critical or high severity issues detected. Key areas such as email security, SSL/TLS configuration, and network security are fully compliant and robust, scoring 100/100. However, medium severity issues related to missing security headers, GDPR compliance gaps, NIS2 directive adherence, and DNSSEC absence indicate potential vulnerabilities and regulatory risks. Low severity findings like missing CAA records should also be addressed to strengthen DNS security further. The lack of DNSSEC protection exposes the domain to DNS spoofing and cache poisoning attacks, which could harm business reputation and user trust. GDPR and NIS2 compliance failures pose legal and operational risks, especially for businesses operating in or with the European Union. Addressing these medium-level issues will enhance overall resilience and regulatory alignment, reducing the risk of data breaches and compliance penalties.

The website demonstrates a generally strong security posture with no critical or high severity issues detected. Key areas such as email security, SSL/TLS configurations, and overall network security are well implemented, scoring 100/100. However, there are medium-level concerns related to missing security headers, lack of GDPR and NIS2 compliance evidence, and the absence of DNSSEC, which could expose the website to certain attack vectors and regulatory risks. Additionally, low-severity issues like unconfigured CAA records suggest room for improved domain security management. Addressing these medium and low-level findings will help mitigate potential vulnerabilities, reduce regulatory compliance risks, and enhance trustworthiness. Prioritizing these improvements will protect business operations and maintain customer confidence. Overall, the security posture is good but can be significantly strengthened by focusing on policy enforcement and DNS security enhancements.

A

Apef

apefasbl.org

60

The website demonstrates several significant security weaknesses that could expose the business to data breaches, regulatory penalties, and operational disruptions. Critical headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing risk from man-in-the-middle and cross-site scripting attacks. GDPR compliance is notably lacking with no privacy or cookie policies, no consent banner, and insufficient third-party privacy management, which may lead to legal consequences and damage to customer trust. The absence of an information security framework, security policies, and incident response procedures indicates poor organizational security maturity, elevating the risk of prolonged breach impact. SSL/TLS configurations are weak, with expiring certificates and weak key lengths threatening secure communications. Some DNS and network security measures are adequate, but gaps like missing DNSSEC and exposed SSH services remain. Overall, the current posture suggests urgent remediation is needed to protect customer data, comply with regulations, and safeguard business continuity.

The website's overall security posture demonstrates strengths in network security and email security, with high scores of 100 and 95 respectively. However, there are critical vulnerabilities related to GDPR compliance and organizational security policies, particularly for EU business operations, which pose significant legal and reputational risks. The absence of a cookie policy, consent banner, and adequate privacy measures exposes the business to potential regulatory penalties under GDPR. Additionally, foundational security frameworks such as incident response procedures, security policies, and vulnerability disclosure mechanisms are lacking, undermining the organization's ability to manage and respond to cybersecurity events effectively. SSL/TLS configurations show weaknesses that could compromise data in transit, while DNS security features like DNSSEC are not fully implemented. Low-severity issues in security headers suggest room for improvement in protecting user data from leakage and caching risks. Immediate remediation of critical and high-risk issues will significantly enhance compliance posture and reduce threat exposure.

The website demonstrates a generally strong network and email security posture but exhibits significant deficiencies in compliance with GDPR and NIS2 regulations, which expose the business to legal and operational risks. The absence of fundamental privacy documentation such as Privacy and Cookie Policies, combined with missing consent mechanisms, places the company at high risk of regulatory penalties, particularly given its operations within the EU. Critical gaps in information security frameworks, incident response, and business continuity planning indicate insufficient preparedness against cybersecurity incidents. SSL/TLS configurations are suboptimal, with weak key lengths and an expiring certificate, potentially undermining data confidentiality and trust. While foundational DNS and security header settings are adequate, improvements are needed to enhance overall resilience. Addressing these issues promptly is essential to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Prioritizing remediation of privacy and security governance will significantly reduce business exposure and strengthen the security posture.

M

mstack

mstack.nl

68

The website's overall security posture shows strengths in network security and email security, with scores of 100 and 95 out of 100 respectively. However, critical vulnerabilities exist in GDPR compliance and NIS2 regulatory adherence, scoring 18 and 25 respectively, which pose significant legal and operational risks. Key issues include the absence of cookie policies and consent mechanisms, lack of incident response and security policy documentation, and weak SSL configurations. These gaps not only expose the business to potential data breaches but also to regulatory penalties, particularly within the EU jurisdiction. While basic security headers and DNS health are generally well configured, improvements are needed to align with best practices. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will reduce liability and strengthen customer trust.

The website exhibits a generally strong network and email security posture, but critical deficiencies exist in GDPR compliance, NIS2 security governance, and SSL/TLS configuration. The critical GDPR issue indicates the business is operating in the EU without adequate privacy measures, posing significant regulatory and reputational risks. Multiple high-severity issues around the lack of security policies, incident response, and vulnerability disclosure reflect immature information security management, potentially leading to delayed breach detection and response. SSL/TLS weaknesses, including an expiring certificate and weak key length, expose the site to man-in-the-middle attacks and data interception. While security headers and DNS health are relatively strong, minor improvements would further harden the environment. Immediate remediation of GDPR non-compliance and NIS2 framework adoption are essential to avoid legal penalties and ensure business continuity. Addressing these gaps will significantly reduce risk exposure and enhance trust with customers and regulators.

The website exhibits a mixed security posture with strong network security and email protections but significant gaps in GDPR compliance and information security governance. Critical and high-severity findings around privacy policies, cookie consent, and EU data protection requirements expose the business to regulatory penalties and reputational risk. Additionally, the absence of key NIS2 security governance elements—including incident response, security policies, and business continuity planning—indicates immature cybersecurity management. SSL/TLS configurations also present vulnerabilities, such as weak key lengths and imminent certificate expiration, which could lead to compromised data in transit. While foundational controls like security headers and DNS health are generally good, low-level misconfigurations suggest opportunities for improvement. Addressing these issues holistically will reduce legal exposure, enhance customer trust, and strengthen resilience against cyber incidents. Immediate focus on GDPR compliance and security governance will yield the highest business impact.

U

UC3

uc3.com

74

The website demonstrates a moderate to low overall security posture, with no critical vulnerabilities but several high and medium priority issues that pose significant business risks. Key deficiencies include missing essential security headers, lack of GDPR compliance elements such as a cookie consent banner, and absence of foundational NIS2 security documentation and policies. While email security, SSL/TLS, DNS health, and network security scores are strong, gaps in governance, incident response, and privacy controls expose the business to regulatory penalties, reputational damage, and potential exploitation. Immediate remediation is needed to reduce attack surface and comply with regulatory frameworks, especially NIS2 and GDPR. The absence of security policies and incident response procedures is especially concerning for business continuity and crisis management. Proactive enhancements in security headers, privacy controls, and policy documentation will strengthen defense-in-depth and regulatory compliance. Overall, the current posture may hinder customer trust and operational resilience if unaddressed.

C

Christie's International Real Estate

christiesrealestate.com

66

The website demonstrates a moderate to low overall security posture with no critical issues but several high and medium severity gaps that expose the business to compliance risks, data exposure, and operational disruptions. Key weaknesses include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of foundational NIS2 security management practices like incident response and security policy documentation. While network security and SSL/TLS configurations score relatively well, the absence of strict transport security (HSTS) and DNSSEC adoption weaken the defense-in-depth strategy. Email security is adequate but can be improved by enabling DKIM. Addressing these issues is imperative to reduce regulatory risks, protect customer data, and ensure business continuity. Overall, the website requires urgent enhancements in security governance, privacy compliance, and HTTP security controls to meet industry standards and protect brand reputation.

R

Réseau Scènes

reseauscenes.com

56

The website’s overall security posture is currently inadequate, exposing the business to significant risk from both technical vulnerabilities and regulatory non-compliance. Critical and high-severity issues, including exposed critical services such as MySQL and FTP, combined with missing essential security headers, indicate a high likelihood of exploitation. The absence of key GDPR policies (Privacy Policy, Cookie Policy, and consent mechanisms) exposes the company to potential legal and reputational damage. Additionally, the lack of a formal information security framework, incident response plans, and security documentation under NIS2 requirements suggests immature security governance. While email security and DNS health scores are relatively strong, foundational web security controls, encryption enforcement (HSTS), and secure service exposure are lacking. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and avoid regulatory penalties. Addressing these gaps will also improve resilience against cyberattacks and support business continuity.

D

Département des Alpes-Maritimes

mesdemarches06.fr

58

The website’s overall security posture reveals significant gaps, particularly in privacy compliance and foundational security policies, posing substantial business and regulatory risks. Critical and high-severity issues center around GDPR non-compliance, including the absence of privacy and cookie policies and consent mechanisms, which expose the business to potential legal penalties and reputational damage within the EU market. The lack of an established information security framework, incident response plan, and security documentation further undermines operational resilience and regulatory adherence, notably under NIS2 requirements. Technical security controls such as missing Content-Security-Policy headers, weak SSL key length, and incomplete email authentication protocols exacerbate the risk of data breaches and phishing attacks. While network security and DNS health show relatively strong scores, essential improvements in SSL/TLS configuration and security headers are needed. Immediate remediation is critical to avoid compliance violations, reduce attack surfaces, and protect customer trust. Without addressing these issues promptly, the business risks operational disruption, data compromise, and financial penalties. Overall, the assessment points to urgent needs for governance, compliance, and technical controls alignment to safeguard the enterprise and its customers.

The website demonstrates a generally strong technical security posture with robust SSL/TLS settings and good network security. However, significant gaps exist in compliance with GDPR and NIS2 regulations, posing substantial legal and operational risks. Critical issues include the complete absence of essential privacy policies and cookie consent mechanisms, which threaten regulatory compliance and customer trust, especially for EU users. The lack of documented information security frameworks, policies, and incident response procedures further exposes the business to heightened cyber risk and potential operational disruption. Email and DNS security configurations require improvement to prevent spoofing and enhance domain integrity. While security headers are mostly adequate, refinements can strengthen defense-in-depth. Immediate focus on regulatory compliance and governance frameworks is imperative to mitigate potential fines, reputational damage, and business continuity risks.

L

La Clinique Monte-Carlo

lacliniquemontecarlo.com

58

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. While there are no critical vulnerabilities detected, numerous high and medium severity issues exist, particularly around security headers, GDPR compliance, and information security governance aligned with NIS2 requirements. The absence of key HTTP security headers such as Strict-Transport-Security and Content-Security-Policy increases risk of web-based attacks. GDPR deficiencies, including missing privacy and cookie policies, expose the company to potential legal penalties and customer trust erosion. Lack of documented security policies and incident response plans under NIS2 further weakens the organization’s ability to manage and respond to cyber incidents effectively. SSL/TLS weaknesses and suboptimal email security settings present additional attack vectors. However, network security and DNS-related controls show relatively strong maturity. Immediate remediation in these areas will reduce risk and improve compliance posture substantially.

The website exhibits significant security and compliance gaps, particularly in privacy and incident management frameworks, posing considerable risks to business reputation and regulatory compliance. Critical deficiencies in GDPR adherence, such as the absence of a privacy policy, cookie policy, and consent mechanisms, expose the business to potential legal penalties and loss of customer trust. The lack of a security policy framework, incident response procedures, and vulnerability disclosure processes undermines the organization's ability to manage and respond to cyber threats effectively. Weak HTTP security headers and mixed content issues indicate vulnerabilities to web-based attacks, potentially compromising user data integrity. Exposure of high-risk services like FTP increases the attack surface and opens pathways for unauthorized access. While email security and DNS health are relatively stronger, they do not compensate for the fundamental gaps in governance and technical controls. Immediate remediation is required to address compliance and critical security flaws to safeguard business continuity and customer confidence. Overall, the security posture is inadequate for operating securely within the EU regulatory environment and against evolving cyber threats.

C

CIEPP

ciepp.ch

62

The website's overall security posture shows strong network security and solid SSL/TLS and DNS configurations, but reveals significant vulnerabilities in privacy compliance, email authentication, and information security governance. Critical gaps exist in GDPR compliance, including missing privacy and cookie policies and consent mechanisms, exposing the business to regulatory and reputational risks. The lack of an information security framework, security policies, and incident response procedures indicates immature security management, increasing exposure to cyber threats and operational disruptions. Email security is critically weak due to missing SPF and DKIM records, raising the risk of phishing and domain spoofing attacks. Security headers are partially implemented but omit key protections against cross-site scripting and feature abuse. Addressing these deficiencies will mitigate regulatory exposure, improve customer trust, and reduce the risk of cyber incidents. Prioritizing compliance and governance controls alongside email security enhancements is vital for business resilience and trustworthiness.

The website demonstrates a moderate security posture with no critical vulnerabilities currently detected; however, there are multiple high and medium risk issues that could expose the business to regulatory non-compliance and cyber threats. Significant gaps exist in privacy compliance, including missing privacy and cookie policies and absence of a consent banner, which expose the business to GDPR fines and reputational damage. The lack of documented information security and incident response policies indicates immature cybersecurity governance, increasing risk during security incidents. Network security weaknesses, such as exposed FTP service and missing DNSSEC, further heighten the risk of unauthorized access and data interception. While email security and SSL/TLS implementations are generally strong, some SSL and HSTS configurations require improvement to maintain secure communications. The overall security headers configuration is suboptimal, missing key protections like Content-Security-Policy, increasing risk of content injection attacks. Immediate attention to governance, privacy compliance, and network service exposure will significantly reduce business risk and improve regulatory adherence. Strengthening these areas will bolster customer trust and reduce potential financial and operational impacts from security incidents.

M

MYSEA

mysea.co

64

The website's overall security posture is weak, with critical and high-severity vulnerabilities that expose the business to significant risks including data breaches and compliance violations. Key deficiencies include the absence of essential security headers, lack of GDPR compliance mechanisms such as cookie consent, and missing foundational NIS2 security policies and incident response plans. Critically, the exposure of database services (MySQL and PostgreSQL) and unsecured FTP services presents immediate threats that could lead to unauthorized access and data compromise. While email security and SSL/TLS configurations show moderate strength, gaps like impending SSL certificate expiration and missing HSTS reduce resilience against interception attacks. DNS security is fairly solid but could be improved with DNSSEC and CAA records. Overall, urgent remediation is required to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Failure to address these issues could result in financial loss, reputational damage, and legal penalties.

D

D-EDGE

fastbooking.com

65

The website's overall security posture reveals significant gaps in key areas critical to protecting business assets and customer trust. While no critical vulnerabilities were detected, there are multiple high and medium severity issues, particularly concerning missing security headers, GDPR compliance, and lack of formalized security frameworks. The absence of essential security headers like Strict-Transport-Security and Content-Security-Policy exposes users to elevated risks from man-in-the-middle and cross-site scripting attacks. GDPR compliance deficiencies, including no cookie consent banner and incomplete privacy policies, pose regulatory and reputational risks, especially in EU markets. The lack of incident response procedures and security policy documentation indicates immature organizational security governance, increasing potential downtime and breach impact. Email security and network infrastructure are relatively stronger but still require improvements to prevent phishing and spoofing threats. Immediate remediation will bolster customer confidence, reduce compliance risks, and lower the likelihood and impact of cyber incidents.

A

Andbank

andbank.es

55

The website's security posture is currently weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Critical and high-severity issues dominate the assessment, especially in privacy compliance (GDPR) and foundational web security headers, indicating gaps in legal and technical safeguards. The absence of key security headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to man-in-the-middle and cross-site scripting attacks. Lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks, especially for EU customers. The missing security framework, incident response procedures, and vulnerability disclosure policies reflect immature security governance, increasing exposure to prolonged or unmitigated incidents. Exposure of high-risk services such as FTP further elevates the attack surface. While email security, SSL/TLS, DNS health, and network security show moderate maturity, they still require improvements. Immediate attention to these issues will reduce risk, support regulatory compliance, and enhance customer trust.

I

Icecat

icecat.fr

59

The website's overall security posture reveals significant gaps, especially in privacy compliance and email security, which pose substantial risks to business reputation and regulatory adherence. Critical findings include the absence of essential GDPR-related policies and mechanisms, notably for an EU-based business, exposing the company to potential legal penalties and customer trust erosion. Email authentication is critically lacking, increasing the risk of phishing and domain spoofing attacks that could harm brand integrity. While SSL/TLS and network security are robust, foundational security controls such as Content-Security-Policy headers and security policy documentation are missing or insufficient. The NIS2 compliance score is notably low, indicating inadequate preparedness for incident response and governance requirements. DNS health is generally good but would benefit from enabling DNSSEC to protect against DNS spoofing. Addressing these issues will strengthen regulatory compliance, reduce cyber risk, and protect business continuity and customer trust.

O

OMNES Education

omneseducation.com

65

The website security assessment reveals a concerning overall security posture with no critical issues but multiple high and medium severity findings, particularly in governance, compliance, and security policy domains. Key weaknesses exist in security headers, GDPR compliance, and NIS2 regulatory adherence, exposing the business to legal risks, data privacy violations, and increased vulnerability to cyber threats. Email security and network security show relatively strong performance, reducing risk from phishing and network-based attacks. SSL/TLS configurations need urgent improvement to maintain secure communications, especially given the impending certificate expiry and weak key length. The absence of incident response and business continuity plans further heightens operational risk. Addressing these gaps will significantly reduce the risk of data breaches, regulatory fines, and reputational damage. Immediate focus on compliance and foundational security controls is essential to protect customer trust and meet regulatory requirements.

V

Volcanic

volcanic.co.uk

76

The website demonstrates a generally strong technical security foundation with perfect SSL/TLS and network security scores, and good email and DNS configurations. However, significant shortcomings exist in governance and compliance areas, particularly regarding NIS2 and GDPR requirements, which expose the business to regulatory risks and potential operational disruptions. The absence of critical security policies, incident response plans, and clear security contact information severely undermines the organization's ability to manage security incidents effectively. Additionally, missing security headers and weak email authentication configurations increase vulnerability to attacks such as cross-site scripting and email spoofing. The lack of a cookie consent banner and potentially non-compliant privacy policies also risk non-compliance with GDPR, potentially resulting in legal penalties and reputational damage. Overall, while technical controls are mostly robust, governance and compliance gaps present the most urgent business risks. Addressing these will improve resilience, regulatory compliance, and customer trust.

E

Egnyte

egnyte.com

76

The website exhibits a generally strong security posture in network security, SSL/TLS configuration, and email security, scoring near or at 100 in these areas. However, significant gaps exist in compliance with GDPR and NIS2 requirements, leading to low scores of 43 and 25 respectively. Critical business risks stem from missing cookie policies and consent mechanisms, absence of an information security framework, and lack of incident response procedures, which expose the organization to regulatory penalties and operational disruptions. Security headers are mostly implemented but lack some key controls that could reduce exposure to information leakage. DNS health is adequate but can be improved by enabling DNSSEC to prevent domain spoofing. Overall, the website is secure from common network and transport layer attacks but vulnerable to regulatory compliance violations and incident management deficiencies, which could impact business reputation and continuity.

B

Balearic Marine Cluster

balearicmarinecluster.com

61

The website’s security posture reveals significant gaps in foundational security controls and regulatory compliance, posing risks to both business operations and customer trust. While there are no critical vulnerabilities, multiple high and medium severity issues indicate a lack of essential security headers, incomplete GDPR compliance, and absence of key information security policies aligned with NIS2 requirements. The missing security headers expose the site to common web-based attacks like clickjacking, content injection, and cross-site scripting. GDPR non-compliance, including the absence of a privacy policy and cookie consent, risks regulatory penalties and reputational damage. The lack of incident response, security policies, and vulnerability disclosure procedures undermines the organization’s ability to manage and mitigate security incidents effectively. Exposure of high-risk services such as FTP further increases attack surface and potential data breaches. Although email security and DNS health are relatively strong, SSL/TLS and network security require immediate attention to prevent service disruptions and data interception. Overall, addressing these deficiencies is critical to protect customer data, maintain regulatory compliance, and safeguard business continuity.

U

USLI

bizresourcecenter.com

58

The website exhibits significant security weaknesses, particularly in foundational security controls such as HTTP security headers, email authentication, and compliance with GDPR and NIS2 regulations. Critical gaps like the absence of email authentication and incident response procedures expose the business to phishing risks and operational disruption. Missing key headers such as Strict-Transport-Security and Content-Security-Policy increase susceptibility to man-in-the-middle attacks and cross-site scripting. Compliance-related issues, including lack of cookie policies and privacy measures, present legal and reputational risks. While network security and DNS health show relatively strong postures, the presence of weak SSL configurations and expiring certificates further degrade trustworthiness. Overall, these vulnerabilities could lead to data breaches, regulatory penalties, and loss of customer confidence. Immediate remediation focused on critical security controls and compliance frameworks is essential to safeguard business operations and reputation.

U

USLI

usli.ca

63

The website's overall security posture reveals significant vulnerabilities, particularly in foundational security controls and regulatory compliance. While no critical issues were found, numerous high and medium severity gaps exist, notably in security headers, GDPR compliance, and adherence to NIS2 requirements. The absence of key HTTP security headers like Strict-Transport-Security and Content-Security-Policy exposes the site to common web attacks such as clickjacking and cross-site scripting. GDPR non-compliance, especially lacking cookie policies and consent mechanisms, risks substantial legal and reputational damage. NIS2 deficiencies, including missing security policies and incident response plans, indicate unpreparedness for managing cybersecurity incidents. However, email security, SSL/TLS configurations, DNS health, and network security demonstrate comparatively better maturity. Immediate remediation is essential to mitigate risk exposure, protect customer data, and align with regulatory frameworks. Addressing these weaknesses will enhance trust, reduce liability, and strengthen the organization's cybersecurity resilience.

The website's overall security posture reveals significant gaps, particularly in compliance with EU privacy regulations and foundational security controls. Critical and high-severity issues indicate the absence of essential headers, privacy measures, and security governance frameworks, exposing the business to legal, reputational, and operational risks. GDPR compliance is notably deficient, with no cookie policy, consent mechanisms, or adequate privacy practices in place, creating a critical risk for EU operations. The lack of incident response and security policy documentation further exacerbates vulnerability to cyber threats and breaches. While network security and DNS health demonstrate relatively strong postures, gaps in email security and SSL/TLS configurations could facilitate phishing and data interception attacks. Immediate remediation is required to align with regulatory requirements and industry best practices to protect customer data and maintain trust. Failure to act promptly may result in regulatory penalties, customer attrition, and increased exposure to cyberattacks.

The website's overall security posture shows no critical vulnerabilities but is hindered by multiple high and medium-level issues, particularly in governance and compliance areas. Key deficiencies include missing fundamental security headers, an absent cookie consent mechanism, and lack of documented security and incident response policies, exposing the business to regulatory risks and operational disruptions. The SSL certificate's imminent expiration poses an immediate threat to secure communications. While network security and DNS health are relatively strong, gaps in email security and GDPR compliance could lead to data breaches and reputational damage. Addressing these issues promptly will enhance user trust, regulatory compliance, and reduce attack surface exposure. The current state suggests insufficient maturity concerning NIS2 requirements, which could impact compliance and operational resilience. Overall, the business should prioritize remediation efforts to strengthen security posture and meet regulatory obligations effectively.

B

Braque

braque.ca

52

The website demonstrates significant security weaknesses across multiple domains, presenting substantial risks to the business. Critical and high-severity findings include exposed critical services like MySQL and FTP, missing essential security headers, and lacking fundamental information security policies, which collectively leave the organization vulnerable to data breaches and compliance violations. The absence of GDPR-required elements such as privacy and cookie policies indicates regulatory non-compliance risks, potentially leading to fines and reputational damage. Email security and DNS health exhibit moderate maturity but require improvements to prevent phishing and domain spoofing. SSL/TLS configurations are suboptimal, with expiring certificates and mixed content issues that may undermine user trust and data confidentiality. Network security is particularly concerning due to exposed critical services without adequate protections. Overall, the organization is at high risk of cyber incidents, regulatory penalties, and customer trust erosion, necessitating urgent remediation efforts and governance improvements.

The website currently exhibits significant security gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. Critical security headers are missing, weakening defenses against common web-based attacks such as clickjacking and content injection. GDPR compliance is insufficient, notably lacking cookie policies and consent mechanisms, increasing legal and financial risk. The absence of a formal information security framework and incident response plans highlights a lack of organizational maturity in cybersecurity governance. SSL/TLS configuration weaknesses and expiring certificates risk undermining encrypted communications and user trust. Although email security and network posture scores are relatively strong, DNS security can be improved. Overall, urgent remediation is needed to protect customer data, maintain regulatory compliance, and safeguard business continuity.

The website demonstrates a generally strong network and email security posture but has significant gaps in critical security and compliance areas. Notably, the absence of a Content-Security-Policy header and weak HTTP security headers increase exposure to common web attacks. Compliance deficiencies related to GDPR, such as missing privacy and cookie policies and consent mechanisms, present legal and reputational risks. The lack of documented information security frameworks, incident response plans, and security policies under NIS2 requirements further heightens operational vulnerabilities. While SSL/TLS and DNS configurations are mostly adequate, some improvements are needed to maintain trust and secure communications. Overall, the current security posture exposes the business to regulatory penalties, data breaches, and service interruptions. Addressing these issues promptly will strengthen compliance, reduce risk, and protect customer trust.

G

Gianvito Rossi Global

gianvitorossi.com

54

The website's overall security posture is concerning, with multiple critical and high-severity issues identified that expose the business to significant risks. The absence of HTTPS encryption is a critical vulnerability, impacting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 mandates. Additionally, the lack of key security headers and weak privacy controls reduces protection against common web attacks and privacy violations. Governance and compliance frameworks such as NIS2 and GDPR are poorly implemented, with missing policies, procedures, and contact information, raising potential legal and reputational risks. While email security and network security show relatively strong scores, foundational web and application security practices require urgent remediation. Immediate action is required to secure communications, ensure compliance, and establish incident response capabilities. Without addressing these gaps, the business risks data breaches, regulatory fines, and damage to customer trust.

The website exhibits a severely deficient security posture, particularly in critical areas such as encryption, data privacy compliance, and incident preparedness. The absence of HTTPS encryption poses an immediate and significant risk, exposing sensitive user data to interception and undermining customer trust. Critical GDPR compliance gaps—including missing privacy and cookie policies and lack of consent mechanisms—expose the business to regulatory penalties and reputational damage. Additionally, the lack of a formal information security framework and incident response procedures under NIS2 requirements indicates unpreparedness for cyber incidents, increasing operational risk. While network security and email security show moderate strength, key improvements are needed to align with industry standards and legal mandates. Overall, urgent remediation is required to protect customer data, comply with regulations, and safeguard business continuity. Immediate focus on encryption and privacy policies will significantly reduce risk and enhance stakeholder confidence.

V

VolkerRail

volkerrail.nl

51

The website exhibits critical vulnerabilities that severely impact its security posture, notably the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust. Compliance with GDPR is critically deficient, with missing privacy measures, cookie consent, and policy elements, risking significant legal and financial penalties for operating as an EU business without proper safeguards. The lack of an information security framework, incident response procedures, and security policies further amplifies operational risks and regulatory non-compliance under NIS2 requirements. While network security and email security show strengths, foundational issues such as weak security headers and DNS security gaps must be addressed to prevent exploitation. Overall, the site is at high risk of data breaches, legal repercussions, and reputational damage unless urgent remediation occurs. Immediate focus on encryption, privacy compliance, and security governance is essential to protect business interests and customer trust. The current security posture scores indicate critical gaps in GDPR, NIS2, and SSL/TLS domains that require rapid attention. Addressing these will significantly improve compliance, resilience, and stakeholder confidence.

B

Best Western Plus Casino Royale Hotel

casinoroyalehotel.com

45

The website's overall security posture is critically weak, with multiple high and critical severity issues posing significant risks to business operations and compliance. The absence of HTTPS encryption represents an immediate threat to data confidentiality and integrity, undermining user trust and exposing sensitive information to interception. Key security headers are missing, leaving the site vulnerable to common web attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. GDPR compliance is severely lacking, increasing regulatory and legal risks due to missing cookie policies, consent mechanisms, and privacy safeguards. The lack of an established information security framework, incident response procedures, and business continuity plans further exacerbates operational risks under the NIS2 directive. While network security and email security show some strengths, critical gaps in SSL/TLS implementation and DNS security reduce overall trustworthiness. Urgent remediation is required to protect user data, ensure regulatory compliance, and maintain business continuity in the face of evolving cyber threats.

E

Engeco Engenharia e Construção LTDA

engeco.com.br

38

The website's overall security posture is critically weak, with multiple high and critical severity issues spanning encryption, compliance, and network exposure. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a fundamental risk. Key security headers that protect against common web attacks are missing, increasing vulnerability to clickjacking, MIME sniffing, and cross-site scripting. Compliance deficiencies, particularly with GDPR and NIS2 regulations, pose significant legal and reputational risks due to missing privacy policies, cookie consent, and documented security policies. Network services such as FTP and MySQL are exposed without adequate controls, presenting easy attack vectors for unauthorized access. While email security and DNS health show relatively better scores, critical gaps in vulnerability disclosure, incident response, and business continuity planning further weaken organizational resilience. Immediate attention is required to establish a secure baseline, ensure regulatory compliance, and protect customer data to maintain trust and avoid costly breaches.

S

SCC

scc.com

51

The website's overall security posture is currently inadequate, with critical deficiencies that expose the business to significant risks. The absence of HTTPS encryption represents a severe vulnerability, impacting data confidentiality, user trust, and regulatory compliance. Furthermore, the lack of a privacy policy, cookie policy, and consent mechanisms places the business at high risk of GDPR non-compliance, potentially resulting in regulatory penalties and reputational damage. The site also lacks foundational information security governance elements such as security policies, incident response procedures, and business continuity planning, severely weakening its resilience to cyber threats. While network and email security show strong performance, critical gaps in encryption and legal compliance overshadow these strengths. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and comply with relevant regulations such as GDPR and NIS2. Addressing these issues will significantly reduce legal liabilities and enhance overall cyber defense capabilities.

F

Fabi AS

fabi.no

42

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk. The absence of HTTPS encryption is a critical failure, undermining data confidentiality and user trust, and violating key regulatory requirements such as GDPR and NIS2. There is a lack of foundational security policies and procedures, including incident response, security framework, and vulnerability disclosure, which impairs the organization's ability to detect and respond to threats. Privacy compliance is inadequate, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Security headers are poorly implemented, increasing exposure to common web attacks like clickjacking and cross-site scripting. Email security is incomplete, lacking enforcement of DMARC and missing DKIM records, increasing the risk of phishing and domain spoofing. DNS security is moderately strong but can be improved. Network security posture is good, indicating some positive controls in place. Immediate remediation is essential to protect sensitive data, comply with regulations, and maintain customer trust.

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is the most severe vulnerability, risking data interception and undermining customer trust. Missing fundamental security headers further exposes the platform to common web attacks such as clickjacking, cross-site scripting, and content injection. Non-compliance with GDPR, especially lacking cookie policies and consent mechanisms, increases legal and financial liabilities. The exposure of critical services like MySQL and FTP without adequate protections heightens the risk of unauthorized access and data loss. Additionally, the lack of documented security policies, incident response plans, and business continuity strategies indicates poor preparedness for cyber incidents. While email security scores well, network security and governance frameworks are significantly lacking, undermining overall resilience. Immediate remediation is essential to protect business reputation, customer data, and ensure regulatory compliance.

I

IQVIA

imshealth.com

50

The website's security posture currently exhibits significant vulnerabilities that pose notable risks to business operations and customer trust. Most critically, the absence of HTTPS encryption exposes all data transmissions to interception and manipulation, violating GDPR and NIS2 compliance requirements and potentially leading to regulatory penalties. The lack of fundamental privacy policies and cookie consent mechanisms further threatens legal compliance and customer confidence. Additionally, missing core security governance elements such as incident response, security policies, and vulnerability disclosure indicate a weak security management framework. While network and email security show strengths, critical gaps in web security headers and DNS configurations leave attack surfaces open. Immediate remediation is essential to prevent data breaches, reputational damage, and compliance failures. Overall, the website needs a prioritized security overhaul to align with industry standards and regulatory mandates.