Security Directory

The website demonstrates a generally stable security posture with no critical vulnerabilities detected, and strong network security measures in place. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, reflected by low scores of 43 and 25 respectively. High-severity issues such as the absence of a cookie policy, consent banner, security documentation, and incident response procedures expose the business to legal, reputational, and operational risks. Email security protocols and SSL/TLS configurations are adequate but require improvements to prevent phishing and data interception. DNS health and security headers are mostly well-configured, though some enhancements are advisable. Overall, the site is protected against common network threats but needs urgent attention on regulatory compliance and incident preparedness to mitigate potential business disruptions and fines. Addressing these gaps will strengthen trust with customers and regulators while enhancing resilience against cyber incidents.

The overall security posture of the website reflects a solid foundation in network security, email security, and SSL/TLS configurations, with scores above 85 in these areas. However, significant gaps exist in regulatory compliance and governance, particularly around GDPR and NIS2 requirements, with scores of 43 and 25 respectively, indicating high risk in legal and operational domains. The absence of a cookie policy, consent banner, and incomplete privacy documentation expose the business to potential non-compliance penalties and reputational damage under data protection laws. Critical governance frameworks such as incident response procedures, security policies, and vulnerability disclosure mechanisms are missing, increasing the risk of unresolved security incidents. Medium-level issues like missing permissions-policy headers, DNSSEC not being enabled, and DMARC not fully enforced suggest areas where attack surfaces could be reduced. Low-risk issues, including sensitive data caching and missing CAA records, should be addressed to enhance overall security hygiene. Immediate focus on compliance and formal security documentation will mitigate regulatory and operational risks while maintaining strong technical defenses. This balanced approach supports business continuity and builds customer trust in the website's security posture.

S

Spotify AB

spotifyforbrands.com

65

The website demonstrates a moderate to weak security posture with no critical issues but several high and medium severity findings that could expose the business to significant risks. Key gaps include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of foundational NIS2 security governance documentation. Email and network security are relatively strong, but SSL/TLS configurations show weaknesses that could undermine data integrity and confidentiality. The absence of incident response and vulnerability disclosure policies increases the risk of prolonged breaches and reputational damage. Overall, the organization faces regulatory compliance risks, potential data breaches, and operational disruptions if these issues remain unaddressed. Immediate remediation will enhance customer trust, reduce legal exposure, and improve resilience against cyber threats. Prioritizing governance and technical controls will strengthen the security framework and align with industry best practices.

B

Briscoe Group

briscoegroup.co.nz

55

The website's security posture is currently poor, with significant vulnerabilities across multiple domains including network security, compliance, and security headers. Critical risks arise from numerous exposed critical services such as SMB, MSSQL, MySQL, and Telnet, which pose immediate threats of unauthorized access and data breaches. Additionally, the absence of key security headers and a Content Security Policy increases susceptibility to web-based attacks like clickjacking and cross-site scripting. GDPR compliance is notably lacking, with no cookie policy or consent mechanisms, risking legal penalties and reputational damage. The lack of incident response and information security frameworks further exacerbates business risk by limiting preparedness for cyber events. While email security and DNS health scores are relatively strong, SSL/TLS configurations require urgent improvement to protect data in transit. Overall, the organization faces high exposure to cyber threats and compliance violations that must be urgently addressed to safeguard assets and maintain customer trust.

B

Briscoes AU

briscoes.com.au

54

The website's security posture is currently weak, with numerous critical and high-risk vulnerabilities exposing the business to significant threats including data breaches, regulatory fines, and operational disruptions. Critical services such as Telnet, SMB, MSSQL, MySQL, PostgreSQL, Redis, and MongoDB are openly exposed, posing immediate risk of compromise. Security headers are inadequately configured, leaving the site vulnerable to clickjacking, cross-site scripting, and data leakage attacks. GDPR compliance is poor, with no cookie policy or consent mechanisms in place, increasing legal and reputational risks. The absence of a formal information security framework, incident response plan, and security policies under NIS2 requirements indicates a lack of preparedness for cyber incidents. SSL/TLS configurations are suboptimal, including weak keys and impending certificate expiration, undermining data encryption and trust. Although email security and DNS health show relatively better scores, critical network security gaps must be addressed urgently to protect business assets and maintain customer trust.

D

DotLoop LLC

dotloop.com

74

The website demonstrates a generally strong network and email security posture, with high scores in networkSecurity (100/100) and emailSecurity (95/100). However, significant gaps exist in compliance and governance areas, particularly related to GDPR and NIS2 regulations, where scores are notably low (43/100 and 25/100 respectively). Critical business risks stem from missing cookie policies and consent mechanisms, lack of information security frameworks, and absent incident response and business continuity plans. Security headers are partially implemented but lack essential protections like Content-Security-Policy, increasing exposure to web-based attacks. SSL/TLS configurations are good overall but require timely certificate renewal and improved HSTS settings. DNS health is solid but could be enhanced by enabling DNSSEC. Addressing these deficiencies is crucial to mitigate regulatory non-compliance risks, protect customer data, and ensure operational resilience against security incidents.

C

Contentful

contentfulstatus.com

68

The website exhibits significant security gaps, particularly in compliance, email security, and incident management frameworks, which pose substantial risks to business operations and regulatory adherence. Critical and high severity issues, such as the absence of email authentication and missing key security headers, expose the organization to phishing attacks, data breaches, and clickjacking vulnerabilities. GDPR compliance is notably weak, with no cookie policy or consent mechanism, risking regulatory fines and eroding customer trust. The lack of documented information security and incident response policies under NIS2 directives indicates unpreparedness for cyber incidents, threatening operational resilience. Although network security and SSL/TLS configurations show strengths, weaknesses in DNS security and HTTP security headers reduce overall protection. Addressing these issues promptly will reduce exposure to cyber threats, improve regulatory compliance, and enhance customer confidence. Prioritizing governance and technical controls will support sustainable security posture improvements. Incremental remediation aligned with business priorities is essential to mitigate risks effectively.

C

Christie's International Real Estate

christiesrealestate.com

66

The website demonstrates a moderate to low overall security posture with no critical issues but several high and medium severity gaps that expose the business to compliance risks, data exposure, and operational disruptions. Key weaknesses include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of foundational NIS2 security management practices like incident response and security policy documentation. While network security and SSL/TLS configurations score relatively well, the absence of strict transport security (HSTS) and DNSSEC adoption weaken the defense-in-depth strategy. Email security is adequate but can be improved by enabling DKIM. Addressing these issues is imperative to reduce regulatory risks, protect customer data, and ensure business continuity. Overall, the website requires urgent enhancements in security governance, privacy compliance, and HTTP security controls to meet industry standards and protect brand reputation.

C

Culture Montréal

culturemontreal.ca

56

The website's overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key security headers are missing, weakening protections against common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy or cookie policies and absence of consent mechanisms, which could lead to legal penalties and reputational damage. The lack of a formal information security framework, incident response plans, and security documentation under NIS2 regulations further heightens operational risk and regulatory exposure. Critical network services like MySQL and FTP are exposed publicly, representing immediate high-risk attack vectors. Email security is relatively strong but could be improved with stricter DMARC enforcement and reporting. SSL/TLS configurations require attention to avoid certificate expiry and enable HSTS for improved transport security. Overall, urgent remediation is needed to reduce exposure, ensure compliance, and safeguard customer trust.

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but multiple high and medium-risk issues, particularly in security headers, GDPR compliance, and NIS2 regulatory adherence. Key gaps include missing essential HTTP security headers such as Strict-Transport-Security and Content-Security-Policy, exposing the site to man-in-the-middle and cross-site scripting attacks. GDPR compliance is poor, lacking privacy and cookie policies and consent mechanisms, risking regulatory penalties and reputational damage. Similarly, the absence of documented information security frameworks, incident response procedures, and security contact points undermines operational resilience and regulatory compliance under NIS2. Email security controls like DMARC and DKIM are partially implemented but need enforcement to prevent phishing risks. SSL/TLS and DNS configurations are relatively strong but can be further improved by enabling HSTS and DNSSEC. Network security posture is solid, indicating good infrastructure controls. Addressing these issues promptly will reduce legal risks, enhance customer trust, and strengthen overall cyber resilience.

D

D-EDGE

fastbooking.com

65

The website's overall security posture reveals significant gaps in key areas critical to protecting business assets and customer trust. While no critical vulnerabilities were detected, there are multiple high and medium severity issues, particularly concerning missing security headers, GDPR compliance, and lack of formalized security frameworks. The absence of essential security headers like Strict-Transport-Security and Content-Security-Policy exposes users to elevated risks from man-in-the-middle and cross-site scripting attacks. GDPR compliance deficiencies, including no cookie consent banner and incomplete privacy policies, pose regulatory and reputational risks, especially in EU markets. The lack of incident response procedures and security policy documentation indicates immature organizational security governance, increasing potential downtime and breach impact. Email security and network infrastructure are relatively stronger but still require improvements to prevent phishing and spoofing threats. Immediate remediation will bolster customer confidence, reduce compliance risks, and lower the likelihood and impact of cyber incidents.

A

Andbank

andbank.es

55

The website's security posture is currently weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Critical and high-severity issues dominate the assessment, especially in privacy compliance (GDPR) and foundational web security headers, indicating gaps in legal and technical safeguards. The absence of key security headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to man-in-the-middle and cross-site scripting attacks. Lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks, especially for EU customers. The missing security framework, incident response procedures, and vulnerability disclosure policies reflect immature security governance, increasing exposure to prolonged or unmitigated incidents. Exposure of high-risk services such as FTP further elevates the attack surface. While email security, SSL/TLS, DNS health, and network security show moderate maturity, they still require improvements. Immediate attention to these issues will reduce risk, support regulatory compliance, and enhance customer trust.

The website's overall security posture shows significant vulnerabilities in foundational security controls, privacy compliance, and incident preparedness, despite no critical issues detected. High-severity gaps in HTTP security headers expose the site to common web attacks such as clickjacking, content injection, and data interception. There is a notable absence of GDPR compliance elements like privacy policies and cookie consent mechanisms, posing legal and reputational risks. Furthermore, the lack of an information security framework, incident response procedures, and business continuity planning indicates immature security governance, increasing the impact of potential security incidents. While email security and TLS/DNS configurations are relatively strong, expiring SSL certificates and missing HSTS reduce the effectiveness of encryption protections. The presence of an exposed high-risk FTP service significantly raises the risk of unauthorized data access. Overall, immediate remediation is needed to protect customer data, ensure regulatory compliance, and reduce operational risks from cyber threats.

I

International University of Monaco

monaco-executive-education.com

67

The website exhibits a mixed security posture with strong network security and SSL/TLS configurations but significant gaps in compliance and core security policies. Critical and high-severity issues primarily surround email authentication, regulatory compliance (GDPR and NIS2), and absence of formal security documentation and procedures. The lack of email authentication poses immediate risks of phishing and email spoofing, undermining brand trust and deliverability. GDPR compliance deficiencies, including missing cookie policies and consent banners, expose the business to potential legal penalties and reputational damage. The absence of an information security framework, incident response plan, and vulnerability disclosure process under NIS2 indicates a maturity gap in organizational security governance. While technical controls like DNS and SSL are generally solid, missing headers and policy configurations reduce defense-in-depth effectiveness. Addressing these vulnerabilities is critical to safeguarding customer data, ensuring regulatory compliance, and maintaining operational resilience. Immediate action will mitigate risks, enhance customer trust, and support long-term business continuity.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected, which reduces immediate risk of severe exploitation. However, significant gaps exist in compliance with GDPR and NIS2 regulations, particularly concerning privacy policies, cookie management, and documented security frameworks. Missing or weak security headers and incomplete SSL/TLS configurations leave the site vulnerable to man-in-the-middle attacks and data exposure. The absence of incident response and business continuity plans poses risks to operational resilience during security incidents. Network and email security settings are strong, which is a positive foundation. Immediate remediation in legal compliance and security policy documentation is essential to avoid regulatory penalties and reputational damage. Addressing SSL/TLS and header-related weaknesses will enhance user trust and protect sensitive information. Overall, the business should prioritize closing compliance gaps and reinforcing core security controls to safeguard assets and customer data effectively.

V

Volcanic

volcanic.co.uk

76

The website demonstrates a generally strong technical security foundation with perfect SSL/TLS and network security scores, and good email and DNS configurations. However, significant shortcomings exist in governance and compliance areas, particularly regarding NIS2 and GDPR requirements, which expose the business to regulatory risks and potential operational disruptions. The absence of critical security policies, incident response plans, and clear security contact information severely undermines the organization's ability to manage security incidents effectively. Additionally, missing security headers and weak email authentication configurations increase vulnerability to attacks such as cross-site scripting and email spoofing. The lack of a cookie consent banner and potentially non-compliant privacy policies also risk non-compliance with GDPR, potentially resulting in legal penalties and reputational damage. Overall, while technical controls are mostly robust, governance and compliance gaps present the most urgent business risks. Addressing these will improve resilience, regulatory compliance, and customer trust.

N

NOVAX®PHARMA

novaxpharma.com

42

The website's overall security posture is poor, with critical vulnerabilities exposing it to significant risks including data interception, regulatory non-compliance, and potential breaches. The absence of HTTPS encryption is a critical failure that undermines all data confidentiality and integrity, making user data vulnerable to interception and tampering. Missing essential security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options increase the risk of web-based attacks like clickjacking, cross-site scripting, and content injection. Compliance with GDPR and NIS2 regulations is severely lacking, with missing privacy policies, cookie consent mechanisms, and documented security procedures, exposing the organization to potential legal penalties and reputational damage. The presence of high-risk exposed services like FTP further elevates the risk profile by offering attackers easy entry points. While email security scores well, other core security domains require urgent remediation. Immediate focus is needed on encryption, policy documentation, and service hardening to protect business operations and customer trust.

V

Valeo

valeo.com

54

The website's overall security posture is currently poor, with critical deficiencies severely impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical risk, exposing all data in transit to interception and undermining user trust. The site lacks essential GDPR compliance elements, including a privacy policy and cookie consent mechanisms, increasing legal exposure. Furthermore, there is no evidence of adherence to the NIS2 directive, with missing information security frameworks, incident response plans, and security policies. While email and network security scores are strong, foundational web security controls like Content-Security-Policy headers are missing or weak. DNS health is moderately good but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is required to protect customer data, comply with regulations, and mitigate reputational and financial risks. Without urgent action, the business risks significant security incidents and regulatory penalties.

R

Riviera Marine S.A.M.

rivieramarine.mc

47

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and trust, and violating GDPR and NIS2 requirements. Missing essential security headers such as Strict-Transport-Security and Content-Security-Policy further increase exposure to common web attacks like clickjacking and cross-site scripting. The lack of a cookie consent banner and incomplete GDPR compliance could result in legal penalties and reputational damage. Additionally, no formal security frameworks, incident response processes, or business continuity plans are in place, leaving the organization ill-prepared for security incidents. The exposure of high-risk services like FTP introduces unnecessary attack vectors. While email security and DNS health show relatively better scores, critical gaps remain. Immediate remediation is crucial to protect customer data, maintain regulatory compliance, and safeguard business continuity.

B

Balt Group

balt.fr

50

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation risks. Compliance with GDPR and NIS2 regulations is severely deficient, risking significant legal penalties and reputational damage. Key security headers are mostly missing, increasing vulnerability to clickjacking, cross-site scripting, and content injection attacks. Absence of essential policies such as incident response and security frameworks further heightens operational risks. Although DNS and email security show moderate strength, they cannot compensate for fundamental flaws in transport security and regulatory compliance. Network security posture is strong, indicating underlying infrastructure may be well-managed, but website-level controls are inadequate. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory adherence. Without urgent action, the business faces data breaches, compliance fines, and loss of customer confidence.

M

MARK

meyerbergman.com

53

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust and regulatory compliance. Key security headers are partially missing, reducing protection against common web attacks. GDPR compliance is severely lacking, with no cookie policy or consent mechanism, and insufficient privacy documentation, risking legal penalties and reputational damage. The NIS2-related controls are almost entirely absent, indicating a lack of fundamental security governance, incident response, and business continuity planning. While email and network security are strong, the critical gaps in encryption and governance overshadow these strengths. DNS security is moderate but could be improved to further harden the domain against tampering. Immediate remediation is necessary to protect customer data, comply with regulations, and maintain business continuity and trust.

B

Barnes I Valeri Agency

valeri-agency.com

43

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, compliance violations, and operational disruptions. The absence of HTTPS encryption, a fundamental security control, affects multiple compliance areas such as GDPR and NIS2, undermining user trust and legal standing. Key security headers vital for protecting against web-based attacks are missing, increasing vulnerability to exploits like clickjacking and content injection. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory penalties and reputational damage. The NIS2 framework requirements are largely unmet, with no documented security policies, incident response plans, or vulnerability disclosure processes, elevating risks of prolonged security incidents. Although email security and DNS health show relatively better scores, critical gaps such as non-enforced DMARC and disabled DNSSEC remain. The exposure of high-risk services like FTP further amplifies attack vectors. Immediate remediation is essential to protect customers, preserve brand integrity, and avoid legal consequences.

A

ASTERIA

asteria.mc

50

The website’s overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks. The absence of HTTPS encryption is the most critical flaw, compromising data confidentiality, user trust, and regulatory compliance, particularly GDPR and NIS2 mandates. Security headers are inadequately implemented, increasing susceptibility to common web attacks such as clickjacking and cross-site scripting. GDPR compliance is severely lacking, missing essential elements like cookie policies and consent mechanisms, which could lead to legal penalties and reputational damage. The NIS2-related gaps, including missing incident response and security policy documentation, suggest immature cybersecurity governance. While email and network security show better maturity, critical foundational controls such as vulnerability disclosure and business continuity planning are missing. Immediate remediation is essential to protect sensitive data, ensure compliance, and maintain customer confidence. Without urgent improvements, the business faces heightened risk of breaches, regulatory fines, and operational disruption.

M

Manens S.p.A.

manens-tifs.it

48

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Key security headers that mitigate various web attacks are largely missing, increasing the risk of cross-site scripting, clickjacking, and content sniffing attacks. Compliance with GDPR and NIS2 regulations is significantly lacking, posing legal and reputational risks, particularly due to missing cookie consent mechanisms, insufficient privacy policies, and lack of incident response and security documentation. Although email security and network security are relatively strong, critical deficiencies in web security and regulatory compliance overshadow these strengths. The absence of an information security framework and business continuity planning further jeopardizes operational resilience. Immediate remediation is essential not only to protect sensitive data and privacy but also to maintain customer trust and avoid substantial regulatory penalties. Without prompt and focused improvements, the business faces heightened exposure to cyber threats and compliance violations.

A

Athos Partners

athospartners.com

45

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory fines, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting secure data transmission and compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to clickjacking, cross-site scripting, and other web-based attacks. The lack of a cookie policy and consent mechanisms further exposes the organization to GDPR non-compliance and potential legal penalties. Additionally, the absence of documented security policies, incident response plans, and vulnerability disclosure processes indicates immature security governance. While email security and network security are relatively strong, foundational web security controls and regulatory compliance require urgent attention. Immediate remediation will protect customer data, ensure legal compliance, and enhance trust with stakeholders.

C

CNI MARINE SERVICES

cnimarine.com

34

The website’s current security posture is critically weak, exposing the business to significant legal, operational, and reputational risks. The absence of HTTPS encryption is a severe vulnerability affecting data confidentiality and user trust, while missing key security headers leave the site exposed to multiple web-based attacks such as clickjacking and cross-site scripting. GDPR compliance is lacking, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties. Additionally, critical backend services like MySQL and PostgreSQL are exposed publicly, increasing the risk of unauthorized access and data breaches. The lack of fundamental security policies, incident response, and business continuity planning indicates immature security governance. DNS and email security measures are moderately implemented but require improvement. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

M

Monte Carlo Capital

montecarlocap.com

42

The website's security posture is currently at high risk due to critical vulnerabilities, most notably the absence of HTTPS encryption, which compromises data confidentiality and integrity. Multiple missing security headers expose the site to common web attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses significant legal and reputational risks, especially in regulated markets. Deficiencies in NIS2-related controls, such as missing incident response procedures and security policies, indicate inadequate preparedness for cyber incidents. While network security and email security show relatively better scores, critical gaps in SSL/TLS and DNS configurations undermine overall security. Immediate remediation is necessary to protect user data, maintain trust, and avoid regulatory penalties. The current state may deter customers and partners concerned about data protection and compliance.

H

Hoozin

hoozin.com

40

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability that undermines data confidentiality and trust, while missing essential security headers leave the site open to common web attacks such as clickjacking and cross-site scripting. GDPR compliance is severely lacking, with no cookie policy or consent mechanisms, creating legal exposure and reputational damage risks. Network security is compromised by the exposure of high-risk services like FTP and MySQL without adequate protections, increasing the attack surface. The lack of incident response, security policies, and business continuity planning under the NIS2 framework indicates immature security governance. Although email security and DNS health score relatively well, these strengths do not offset the critical deficiencies elsewhere. Immediate remediation is required to protect customer data, maintain regulatory compliance, and safeguard business continuity. Without urgent action, the organization risks financial penalties, loss of customer trust, and potential service outages.

H

Hallmark

hallmark.com

49

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines compliance with GDPR and NIS2 regulations. While network security and DNS health show relatively strong practices, significant gaps exist in governance, incident response, and data protection policies. Missing GDPR elements such as cookie consent and comprehensive privacy policies put the business at legal and reputational risk. The lack of a security framework and incident response procedures further increases vulnerability to cyberattacks and operational disruptions. Email security configurations are partial but require improvements to prevent phishing and spoofing. Security headers are suboptimal, potentially exposing the site to cross-site scripting and other attacks. Immediate remediation is required to protect customer data, maintain regulatory compliance, and safeguard business continuity.

A

Arcus Consulting LLP

arcus.uk.com

41

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental flaw impacting data confidentiality and trustworthiness. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy policy or cookie consent mechanisms, risking legal penalties and loss of customer trust. The lack of an information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. Email security measures like DMARC and DKIM are insufficient, raising the risk of phishing and spoofing attacks. Exposure of high-risk services like FTP further amplifies vulnerability to unauthorized access. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the business’s reputation.

M

Magtor

magtor.tech

34

The website's security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption across the site is the most alarming vulnerability, leaving all data transmissions unprotected and potentially interceptable by attackers. Critical gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and essential security documentation, which could result in hefty regulatory penalties. Email systems lack fundamental authentication protocols, increasing the risk of phishing and spoofing attacks that could damage brand trust. The website also exposes high-risk services like FTP, which are known vectors for compromise. Additionally, basic security headers are misconfigured or absent, increasing susceptibility to common web-based attacks. Overall, the current security state undermines customer trust and business continuity. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the company’s digital assets.

E

Engineering Search Firm

esf.careers

42

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and missing key security headers leave user data vulnerable to interception and attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including privacy policies and cookie consent mechanisms, further increases legal exposure. Additionally, there is a severe deficiency in adherence to NIS2 requirements, with no security frameworks, incident response plans, or security policies documented. While network security and email security show relatively strong scores, foundational SSL/TLS protections and DNS security features like DNSSEC are inadequate or missing. Immediate remediation is essential to protect sensitive customer information, comply with regulations, and maintain trust. Without swift action, the business risks financial penalties and operational disruptions.

F

Façonnable

faconnable.com

80

The website demonstrates a generally solid security posture with no critical vulnerabilities detected and strong scores in email and network security. However, significant gaps exist in compliance with GDPR and NIS2 regulations, particularly around cookie consent, incident response, and security contact information, which expose the business to legal and operational risks. Security headers are partially configured but lack important protections against common web attacks, potentially increasing exposure to client-side threats. Mixed content and DNS security weaknesses also undermine the integrity and confidentiality of user interactions. While SSL/TLS and network configurations are mostly robust, improvements are needed to fully secure data transmission. Addressing these issues will not only enhance security but also improve regulatory compliance and customer trust. Prioritizing GDPR and NIS2 compliance will mitigate legal risks and strengthen incident readiness. Overall, the site is secure but requires targeted improvements to protect business continuity and reputation effectively.

D

Dietsmann

dietsmann.com

60

The website dietsmann.com currently exhibits significant security and compliance gaps, particularly in web security headers, GDPR compliance, and information security governance, placing the business at risk of data breaches, regulatory penalties, and reputational damage. While foundational network security and email security are relatively strong, critical improvements are needed urgently to protect sensitive data and meet regulatory requirements.

M

Monaco Properties

monacoproperties.mc

59

The website monacoproperties.mc exhibits a weak overall security posture with numerous high-risk vulnerabilities, especially in security header configurations, GDPR compliance, and information security governance. While no critical issues were detected, the presence of multiple high-severity risks, such as missing essential security headers and lack of privacy policies, exposes the business to regulatory fines, reputation damage, and potential cyberattacks.

C

Crew Asia Inc.

crewasia.ph

57

The website https://crewasia.ph exhibits significant security weaknesses, especially in foundational security controls and compliance with regulatory standards, leading to a high overall risk profile. Critical exposures in email authentication, network services, and lack of incident response increase the likelihood of compromise and potential business disruption. Immediate remediation is essential to protect customer data, maintain trust, and comply with legal requirements.

B

Barnet Technologies

barnetpos.com

54

Barnetpos.com currently exhibits a weak security posture, particularly in foundational web security controls and regulatory compliance, exposing the business to potential data breaches, legal risks, and reputational damage. The absence of critical security headers and GDPR compliance measures, combined with outdated cryptographic standards and exposed high-risk services, indicates an urgent need for remediation to protect customer data and maintain trust.

R

Ready Logistics

readylogistics.com

64

ReadyLogistics.com currently exhibits significant security gaps, particularly in web security headers, GDPR compliance, and incident response preparedness, resulting in a high overall risk profile despite no critical vulnerabilities detected. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and reduce exposure to web-based attacks. Strengthening these areas will improve trust with clients and partners and reduce potential legal and financial liabilities.

D

Dealertrack CentralDispatch, LLC

centraldispatch.com

69

CentralDispatch.com exhibits significant security gaps primarily in HTTP security headers, GDPR compliance, and organizational security frameworks, resulting in an overall unknown risk score. While network and email security postures are strong, critical improvements are needed to protect user data, comply with regulations, and establish robust incident response capabilities.

M

Manheim by Cox Automotive

mymanheim.com

67

The website mymanheim.com exhibits significant security and compliance gaps, particularly in email authentication, GDPR compliance, and adherence to NIS2 security frameworks. While network security and TLS configurations are relatively strong, critical vulnerabilities in data protection, incident response, and email security pose considerable risks to business operations and reputation.

X

Xtime

xtime.com

71

The security assessment of xtime.com reveals a generally moderate security posture with no critical vulnerabilities but significant high and medium risks that could expose the business to regulatory non-compliance and potential cyber threats. Key gaps in GDPR compliance and foundational security policies, combined with weaknesses in SSL/TLS configuration, present notable risks that should be addressed promptly to protect customer data and maintain trust.

V

VinSolutions

vinsolutions.com

68

The security assessment of vinsolutions.com reveals significant gaps in compliance, cryptographic strength, and incident preparedness, presenting elevated risk exposure despite no critical vulnerabilities. Key weaknesses in GDPR adherence, security policy documentation, and SSL/TLS configurations could impact customer trust and regulatory standing. Immediate remediation is recommended to bolster data protection, secure communications, and incident response capabilities.

E

Enterprise Holdings, Inc.

enterprisecarclub.co.uk

77

The website enterprisecarclub.co.uk demonstrates a generally sound network, email, and SSL/TLS security posture but suffers from critical gaps in web security headers, GDPR compliance, and information security governance aligned with NIS2 standards. These deficiencies expose the business to increased legal risks, potential data breaches, and regulatory non-compliance. Immediate remediation is necessary to strengthen data protection, incident response capabilities, and overall trustworthiness.

E

Enterprise Holdings, Inc.

enterprisecarshare.ca

75

The website https://enterprisecarshare.ca demonstrates a generally strong network and email security posture but exhibits significant gaps in web security headers, GDPR compliance, and critical NIS2 regulatory requirements. These deficiencies expose the business to data privacy risks, regulatory non-compliance penalties, and potential incident management failures. Immediate attention is needed to strengthen security policies, user data protection measures, and incident response capabilities to safeguard brand reputation and ensure legal compliance.

D

Dealer.com

dealer.com

67

The website https://dealer.com exhibits a concerning security posture with multiple high and medium-risk issues, particularly in regulatory compliance (GDPR, NIS2) and transport layer security (SSL/TLS). While network and email security are strong, critical gaps in security headers, incident response, and data protection policies expose the business to regulatory penalties, reputational damage, and potential data breaches.

C

Commute with Enterprise

commutewithenterprise.com

75

The website commutewithenterprise.com demonstrates strong network, SSL/TLS, and email security controls, but suffers from significant gaps in governance and compliance, particularly related to GDPR and NIS2 requirements. Missing critical security policies, headers, and consent mechanisms expose the business to regulatory risks and potential operational disruptions despite a generally secure infrastructure.

The website efleets.com demonstrates a generally strong network, SSL/TLS, email security, and DNS posture but exhibits significant gaps in compliance and governance frameworks, particularly around GDPR and NIS2 regulations. Critical security controls such as Content-Security-Policy headers, incident response procedures, and cookie consent mechanisms are missing, posing considerable business and regulatory risk. Addressing these shortcomings is essential to reduce exposure to data breaches, regulatory penalties, and reputational damage.

E

Enterprise CarShare

enterprisecarshare.com

74

The website demonstrates a generally stable network and email security posture but suffers from significant gaps in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements. Missing key security headers and policies increase exposure to data privacy risks and regulatory non-compliance, potentially impacting customer trust and legal standing.

A

ANZ Worldline

anzworldline.com.au

73

The website anzworldline.com.au demonstrates a strong technical security foundation in areas such as network security, SSL/TLS, and email security. However, it exhibits significant compliance and governance deficiencies, particularly related to GDPR and NIS2 requirements, which expose it to regulatory, reputational, and operational risks.