Security Directory

This website has 3 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 2 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 6 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 6 security issue(s) identified for improvement. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 8 security issue(s) identified for improvement. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 5 security issue(s) identified for improvement. Overall security score: 50/100 (unknown risk level).

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

P

Prada Group

pradagroup.com

72

The website exhibits a moderate overall security posture with no critical issues but several high and medium-risk findings that require immediate attention. Notably, the absence of a Content-Security-Policy header and missing security policy documentation significantly increase exposure to web-based attacks and regulatory non-compliance. GDPR-related gaps such as the lack of a cookie consent banner and incomplete privacy policies present legal and reputational risks. The NIS2 compliance is notably poor, with critical deficiencies in incident response, security frameworks, and business continuity planning, which could severely impact operational resilience. Email security and network security postures are relatively strong, demonstrating effective controls in those areas. SSL/TLS configuration needs improvement to avoid potential trust and data integrity issues. Addressing these weaknesses will reduce vulnerability to cyber threats, enhance regulatory compliance, and protect customer trust and business continuity. Prioritizing remediation in governance, policy, and security headers will yield the highest business value and risk reduction.

The website demonstrates a generally strong security posture with no critical or high-risk issues detected, and excellent scores in SSL/TLS and network security. However, several medium-level issues related to compliance and configuration gaps pose potential risks, particularly in regulatory adherence and email security. The absence of essential security headers and GDPR compliance gaps could expose the business to data protection risks and regulatory penalties. Similarly, the lack of DKIM records and disabled DNSSEC weakens email authentication and DNS integrity, increasing susceptibility to phishing and DNS spoofing attacks. Low-risk issues such as missing CAA records indicate room for improvement in certificate management. Overall, while immediate threats are manageable, addressing these medium-level issues will enhance the security posture, reduce risk exposure, and support compliance with evolving regulations like NIS2. Prioritizing these improvements aligns security with business objectives and helps safeguard reputation and customer trust.

The website demonstrates a generally solid security posture with no critical vulnerabilities detected, and strong SSL/TLS implementation ensures secure data transmission. However, the presence of a high-risk exposed FTP service significantly increases the attack surface, posing potential data breach and unauthorized access risks. Medium-level issues such as lack of security headers, incomplete GDPR and NIS2 compliance, and suboptimal email security configurations indicate gaps in regulatory adherence and threat mitigation. DNS health is moderately strong but could be improved by enabling DNSSEC and configuring CAA records to prevent domain hijacking and unauthorized certificate issuance. The exposure of SSH services, while common, requires careful access controls to avoid exploitation. Addressing these findings will reduce risk, improve compliance posture, and enhance customer trust. Overall, the website is secure but requires targeted remediation to mitigate high-impact vulnerabilities and strengthen regulatory compliance.

The website's overall security posture presents significant concerns, particularly with critical network exposure that could lead to severe data breaches. While SSL/TLS protocols are well-implemented, key areas such as security headers, GDPR compliance, and email security require immediate attention. The exposure of critical database services like MySQL and PostgreSQL to the internet dramatically increases the risk of unauthorized access and data compromise. Additionally, missing DNS security features like DNSSEC and CAA records weaken domain integrity and increase susceptibility to spoofing attacks. The absence of DKIM records undermines email authenticity, potentially impacting deliverability and increasing phishing risks. Medium-level issues, including failure in security headers and compliance frameworks, suggest gaps in defense-in-depth strategies. Immediate remediation of critical and medium risks is crucial to safeguard business reputation, ensure regulatory compliance, and protect sensitive customer data. Proactive security enhancements will also support operational resilience and maintain customer trust in the digital platform.

The website's overall security posture shows no critical vulnerabilities but includes one high-risk issue and several medium-level concerns that warrant prompt attention. The presence of an exposed FTP service poses a significant risk, as FTP transmits data in plaintext and is a common attack vector for credential theft and unauthorized access. Medium-level issues related to missing security headers, incomplete GDPR and NIS2 compliance, absence of DKIM records, and lack of DNSSEC implementation indicate gaps in both regulatory adherence and technical defenses. While SSL/TLS configuration is strong, foundational DNS security settings like CAA records are not fully configured. Addressing these issues will reduce the attack surface, enhance data protection, and improve regulatory compliance, which is crucial for maintaining customer trust and avoiding potential legal penalties. Overall, the site is moderately secure but requires immediate remediation of high-risk elements and progressive improvements in compliance and DNS security.

The website exhibits a mixed security posture with strong email security and SSL/TLS implementations but critical vulnerabilities in DNS configuration and domain registration. The failure in DNS resolution and domain registration issues pose immediate risks of service disruption, potential hijacking, and loss of customer trust. Medium-level issues in security headers, GDPR, NIS2 compliance, and network security indicate gaps that could expose the business to regulatory penalties and cyber threats. The absence of DNSSEC further increases susceptibility to DNS spoofing and man-in-the-middle attacks. Addressing these vulnerabilities promptly is essential to maintain operational continuity, regulatory compliance, and customer confidence. While network security is relatively strong, the low DNS health score is a significant concern that demands urgent attention. Overall, the site’s security foundation is uneven, requiring prioritized remediation to mitigate critical risks and align with industry standards.

I

Inforoutes 06

inforoutes06.fr

57

The website's overall security posture reveals significant gaps, particularly in privacy compliance and core security controls. Critical issues include the absence of essential email authentication, exposing the organization to phishing risks, and non-compliance with GDPR regulations despite operating in the EU, which could result in legal penalties and reputational damage. The lack of security policies, incident response procedures, and vulnerability disclosure mechanisms indicates immature information security governance. Missing key HTTP security headers such as Content-Security-Policy and X-Frame-Options increase exposure to common web attacks like clickjacking and cross-site scripting. Additionally, the presence of a high-risk exposed FTP service and issues within SSL/TLS configurations further elevate the risk profile. While DNS and network security show moderate maturity, critical controls require immediate attention. Addressing these findings will enhance regulatory compliance, reduce cyber risk, and protect customer trust.

The website exhibits a mixed security posture with strong email, SSL/TLS, and network security measures, reflected in high module scores. However, significant gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and absence of essential security governance documents. A critical issue flagged is operating as an EU business without adequate privacy safeguards, exposing the organization to regulatory fines and reputational damage. Medium-level security header deficiencies and DNS configuration gaps further increase the risk surface. While foundational technical controls are solid, the lack of formalized incident response, business continuity, and vulnerability disclosure processes signals immature security management. This combination represents a substantial compliance and operational risk that must be addressed promptly to safeguard customer trust and avoid legal penalties. Immediate attention to privacy, policy documentation, and incident readiness will provide the greatest business value and risk reduction.

The website exhibits significant security and compliance gaps, particularly in privacy and incident management frameworks, posing considerable risks to business reputation and regulatory compliance. Critical deficiencies in GDPR adherence, such as the absence of a privacy policy, cookie policy, and consent mechanisms, expose the business to potential legal penalties and loss of customer trust. The lack of a security policy framework, incident response procedures, and vulnerability disclosure processes undermines the organization's ability to manage and respond to cyber threats effectively. Weak HTTP security headers and mixed content issues indicate vulnerabilities to web-based attacks, potentially compromising user data integrity. Exposure of high-risk services like FTP increases the attack surface and opens pathways for unauthorized access. While email security and DNS health are relatively stronger, they do not compensate for the fundamental gaps in governance and technical controls. Immediate remediation is required to address compliance and critical security flaws to safeguard business continuity and customer confidence. Overall, the security posture is inadequate for operating securely within the EU regulatory environment and against evolving cyber threats.

The website demonstrates a moderate security posture with no critical vulnerabilities currently detected; however, there are multiple high and medium risk issues that could expose the business to regulatory non-compliance and cyber threats. Significant gaps exist in privacy compliance, including missing privacy and cookie policies and absence of a consent banner, which expose the business to GDPR fines and reputational damage. The lack of documented information security and incident response policies indicates immature cybersecurity governance, increasing risk during security incidents. Network security weaknesses, such as exposed FTP service and missing DNSSEC, further heighten the risk of unauthorized access and data interception. While email security and SSL/TLS implementations are generally strong, some SSL and HSTS configurations require improvement to maintain secure communications. The overall security headers configuration is suboptimal, missing key protections like Content-Security-Policy, increasing risk of content injection attacks. Immediate attention to governance, privacy compliance, and network service exposure will significantly reduce business risk and improve regulatory adherence. Strengthening these areas will bolster customer trust and reduce potential financial and operational impacts from security incidents.

The website's overall security posture shows significant vulnerabilities in foundational security controls, privacy compliance, and incident preparedness, despite no critical issues detected. High-severity gaps in HTTP security headers expose the site to common web attacks such as clickjacking, content injection, and data interception. There is a notable absence of GDPR compliance elements like privacy policies and cookie consent mechanisms, posing legal and reputational risks. Furthermore, the lack of an information security framework, incident response procedures, and business continuity planning indicates immature security governance, increasing the impact of potential security incidents. While email security and TLS/DNS configurations are relatively strong, expiring SSL certificates and missing HSTS reduce the effectiveness of encryption protections. The presence of an exposed high-risk FTP service significantly raises the risk of unauthorized data access. Overall, immediate remediation is needed to protect customer data, ensure regulatory compliance, and reduce operational risks from cyber threats.

The website's overall security posture is concerning, with no critical vulnerabilities detected but multiple high and medium priority issues that could significantly impact business operations and compliance. Key gaps in security headers leave the site vulnerable to common web attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is notably weak, lacking essential privacy documents and user consent mechanisms, exposing the business to regulatory fines and reputational damage. The absence of a documented information security framework, incident response procedures, and security policies indicates immature cybersecurity governance, increasing risk in the event of a breach. SSL/TLS and DNS configurations are generally acceptable but require improvements to maintain trust and secure communications. The exposure of high-risk services like FTP presents a direct avenue for attackers to compromise systems. While email security is robust, overall network and website security need urgent attention to protect data, ensure regulatory compliance, and sustain customer confidence.

S

SupplHi S.r.l. Società Unipersonale

supplhi.com

63

The website demonstrates a moderate security posture with no critical vulnerabilities but several high and medium risk issues that warrant immediate attention. Key deficiencies exist in security header implementations, GDPR compliance, and adherence to NIS2 requirements, potentially exposing the business to regulatory, reputational, and operational risks. The absence of essential headers like Content-Security-Policy and X-Frame-Options increases susceptibility to web-based attacks such as clickjacking and cross-site scripting. GDPR-related gaps, including missing cookie policies and consent mechanisms, expose the company to legal penalties and erode customer trust. NIS2 compliance is particularly weak, lacking formal security frameworks, incident response plans, and documented policies, which could impair the company’s ability to handle cyber incidents effectively. Email security measures are moderate but require improvements to prevent phishing and spoofing threats. SSL/TLS and DNS configurations are relatively strong but need minor updates to maintain robustness. Overall, the organization should prioritize closing regulatory gaps and enhancing web security controls to protect its assets and reputation.

The website's security posture is currently weak, with critical gaps in privacy compliance, network security, and foundational security headers. Critical services like MySQL are exposed, significantly increasing the risk of data breaches and unauthorized access. The absence of GDPR-required policies and consent mechanisms puts the business at high legal and reputational risk, especially as it operates within the EU. Security headers are largely missing or misconfigured, leaving the site vulnerable to common web attacks such as clickjacking, XSS, and content injection. The lack of an established information security framework, incident response procedures, and vulnerability disclosure policies indicates immature cybersecurity governance. While email security and DNS health show moderate strength, SSL/TLS implementation needs improvement to ensure secure communications. Immediate remediation is necessary to reduce risk exposure and ensure regulatory compliance, protecting both customer data and business continuity.

B

Braque

braque.ca

52

The website demonstrates significant security weaknesses across multiple domains, presenting substantial risks to the business. Critical and high-severity findings include exposed critical services like MySQL and FTP, missing essential security headers, and lacking fundamental information security policies, which collectively leave the organization vulnerable to data breaches and compliance violations. The absence of GDPR-required elements such as privacy and cookie policies indicates regulatory non-compliance risks, potentially leading to fines and reputational damage. Email security and DNS health exhibit moderate maturity but require improvements to prevent phishing and domain spoofing. SSL/TLS configurations are suboptimal, with expiring certificates and mixed content issues that may undermine user trust and data confidentiality. Network security is particularly concerning due to exposed critical services without adequate protections. Overall, the organization is at high risk of cyber incidents, regulatory penalties, and customer trust erosion, necessitating urgent remediation efforts and governance improvements.

A

Alcantara S.p.A.

alcantara.com

67

The website demonstrates a concerning overall security posture with critical gaps in foundational security controls, particularly in web security headers, GDPR compliance, and adherence to NIS2 regulatory requirements. While no critical vulnerabilities were identified, multiple high-severity issues expose the business to risks such as data breaches, regulatory penalties, and reputational damage. Key deficiencies include absence of essential HTTP security headers, lack of documented security policies, and missing GDPR cookie consent mechanisms. Email security, SSL/TLS, DNS health, and network security show relatively strong performance, mitigating some risk vectors. However, the insufficient information security framework and incident response preparedness significantly reduce resilience against cyber incidents. Immediate remediation is needed to strengthen compliance, protect customer data, and ensure business continuity. Addressing these issues will enhance trust, reduce legal exposure, and align with industry best practices.

F

Finaxy Group

finaxygroup.com

43

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and data integrity, impacting GDPR and NIS2 compliance. Key security headers are either missing or misconfigured, increasing the risk of cross-site scripting (XSS), clickjacking, and content injection attacks. The lack of privacy and cookie policies along with missing consent mechanisms exposes the company to legal penalties under data protection regulations. Furthermore, insufficient information security governance, including missing incident response and business continuity plans, indicates poor preparedness against cyber threats. While network security and email security show strengths, they are overshadowed by critical gaps in web security and compliance. Immediate remediation is required to protect sensitive customer data, maintain trust, and meet regulatory requirements. Without urgent action, the business is vulnerable to legal actions, data loss, and operational disruptions.

The website's security posture is currently poor, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical vulnerabilities such as the absence of HTTPS encryption and missing core security headers leave user data and communications unprotected. The lack of privacy policies and cookie consent mechanisms violates GDPR requirements, increasing legal exposure. Additionally, key information security controls and incident response procedures are missing, indicating immature cybersecurity governance. Exposure of high-risk services like FTP further increases attack surface and potential compromise. While email security and DNS health show some strengths, these are overshadowed by critical gaps in encryption and compliance. Immediate remediation is essential to safeguard customer trust, comply with regulations, and protect business continuity. Without urgent action, the organization risks severe financial and operational consequences from cyber incidents or regulatory penalties.

M

Michael Jensen

communicate-network-consult.net

43

The website's overall security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant cybersecurity risks and regulatory non-compliance. The absence of HTTPS encryption is a critical vulnerability that jeopardizes data confidentiality and undermines customer trust, directly impacting business reputation and compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking and cross-site scripting. There is a complete lack of fundamental privacy and security policies, including GDPR-mandated cookie and privacy policies, which could lead to legal penalties and loss of customer confidence. Exposure of critical services like MySQL and FTP without proper protections presents a high risk of data breaches. DNS and network configurations are suboptimal, with DNSSEC not enabled and insecure services exposed. Although email security is strong, the absence of incident response and business continuity plans leaves the organization vulnerable to prolonged downtime during security incidents. Immediate remediation is critical to protect both business operations and customer data integrity.

K

KeeSystem

keesystem.com

35

The website's overall security posture is critically weak, exposing it to significant risks including data breaches, regulatory penalties, and service disruptions. The absence of HTTPS encryption is a fundamental flaw, compromising data confidentiality and user trust. Key security headers are missing or misconfigured, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking legal consequences and reputational damage. Network security is inadequate with critical services like MySQL and FTP exposed publicly, heightening the risk of unauthorized access. Incident response and information security frameworks are either absent or insufficient, limiting the organization’s ability to detect and respond to threats. Email security measures such as DMARC and DKIM are partially implemented but need strengthening to prevent phishing and spoofing. Immediate remediation is essential to safeguard business operations, comply with regulations, and maintain customer trust.

The website's overall security posture exhibits significant vulnerabilities primarily due to the absence of HTTPS encryption, which poses a critical risk to data confidentiality and user trust. Key compliance failures with GDPR and NIS2 regulations, including missing privacy and cookie policies, consent mechanisms, and security framework documentation, expose the business to regulatory penalties and reputational damage. While network and email security appear robust, critical security headers are either missing or weakly configured, increasing the risk of cross-site scripting and clickjacking attacks. The lack of vulnerability disclosure and incident response policies further limits the organization’s ability to manage and remediate security incidents effectively. DNS security settings are partially implemented but could be strengthened to prevent domain-related attacks. Immediate remediation is required to secure communication channels and ensure compliance, thereby protecting customer data and maintaining business continuity. Addressing these issues will enhance trust, reduce legal exposure, and improve resilience against cyber threats.

V

VolkerRail

volkerrail.nl

51

The website exhibits critical vulnerabilities that severely impact its security posture, notably the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust. Compliance with GDPR is critically deficient, with missing privacy measures, cookie consent, and policy elements, risking significant legal and financial penalties for operating as an EU business without proper safeguards. The lack of an information security framework, incident response procedures, and security policies further amplifies operational risks and regulatory non-compliance under NIS2 requirements. While network security and email security show strengths, foundational issues such as weak security headers and DNS security gaps must be addressed to prevent exploitation. Overall, the site is at high risk of data breaches, legal repercussions, and reputational damage unless urgent remediation occurs. Immediate focus on encryption, privacy compliance, and security governance is essential to protect business interests and customer trust. The current security posture scores indicate critical gaps in GDPR, NIS2, and SSL/TLS domains that require rapid attention. Addressing these will significantly improve compliance, resilience, and stakeholder confidence.

4

403 Forbidden

carredor-monaco.com

45

The website's current security posture is critically weak, exposing the business to significant operational, compliance, and reputational risks. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and trust, violating GDPR and NIS2 mandates. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, XSS, and content injection. The lack of privacy and cookie policies, along with missing consent mechanisms, puts the business at risk of regulatory penalties under data protection laws. There is no formal information security framework, incident response, or business continuity planning, which impairs the organization's ability to effectively manage and recover from cyber incidents. While network security and email security show some strengths, the overall environment lacks foundational protections. Immediate remediation is needed to secure communications, comply with legal requirements, and establish governance around cybersecurity. Failure to address these issues promptly could lead to data breaches, legal fines, loss of customer trust, and business disruption.

The website's overall security posture is critically weak, with multiple critical and high-severity issues identified. Most notably, the absence of HTTPS encryption exposes all data transfers to interception and manipulation, severely undermining user trust and regulatory compliance. The lack of essential security headers and privacy policies increases vulnerability to attacks such as clickjacking, cross-site scripting, and data leakage. Compliance with GDPR and NIS2 is significantly deficient, risking substantial legal and financial penalties. While email and network security aspects show relative strength, foundational security controls are missing or poorly implemented. This leaves the organization exposed to cyber threats, reputational damage, and operational disruption. Immediate remediation is vital to protect customer data, maintain business continuity, and meet regulatory requirements. Without rapid improvements, the business faces increased risk from cyber incidents and compliance failures.

The website's overall security posture is currently weak, with critical deficiencies in encryption, compliance, and security governance. The absence of HTTPS encryption represents a critical risk, exposing data in transit to interception and undermining user trust. Key GDPR compliance elements such as cookie policies and consent mechanisms are missing, putting the organization at risk of regulatory penalties. Security headers are inconsistently implemented, leaving the site vulnerable to common web attacks. Additionally, foundational security frameworks, incident response procedures, and business continuity planning are lacking, which could impair the organization's ability to detect, respond to, and recover from security incidents. While email security and network security perform well, these strengths do not offset the critical vulnerabilities present. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and preserve brand reputation. Investing in security governance and encryption will yield the highest business value and risk reduction.

R

Riviera Marine S.A.M.

rivieramarine.mc

47

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and trust, and violating GDPR and NIS2 requirements. Missing essential security headers such as Strict-Transport-Security and Content-Security-Policy further increase exposure to common web attacks like clickjacking and cross-site scripting. The lack of a cookie consent banner and incomplete GDPR compliance could result in legal penalties and reputational damage. Additionally, no formal security frameworks, incident response processes, or business continuity plans are in place, leaving the organization ill-prepared for security incidents. The exposure of high-risk services like FTP introduces unnecessary attack vectors. While email security and DNS health show relatively better scores, critical gaps remain. Immediate remediation is crucial to protect customer data, maintain regulatory compliance, and safeguard business continuity.

The website's security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical flaw impacting secure communications, user trust, and search engine ranking. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is severely lacking, with no privacy or cookie policies and no consent mechanisms, exposing the business to potential legal penalties. The lack of documented information security frameworks, incident response plans, and vulnerability disclosure policies indicates immature security governance. DNS configuration issues further weaken the infrastructure's resilience to attacks. However, email security and network security are relatively strong areas. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain operational continuity.

B

Balt Group

balt.fr

50

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation risks. Compliance with GDPR and NIS2 regulations is severely deficient, risking significant legal penalties and reputational damage. Key security headers are mostly missing, increasing vulnerability to clickjacking, cross-site scripting, and content injection attacks. Absence of essential policies such as incident response and security frameworks further heightens operational risks. Although DNS and email security show moderate strength, they cannot compensate for fundamental flaws in transport security and regulatory compliance. Network security posture is strong, indicating underlying infrastructure may be well-managed, but website-level controls are inadequate. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory adherence. Without urgent action, the business faces data breaches, compliance fines, and loss of customer confidence.

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, exposing all data in transit to interception and manipulation. Multiple essential security headers are missing, increasing the risk of cross-site scripting, clickjacking, and data leakage attacks. Compliance with GDPR and NIS2 regulations is severely lacking, with no privacy or cookie policies, no cookie consent mechanisms, and missing documentation for security and incident response, posing significant legal and reputational risks. While the network security and email security show relatively better scores, foundational issues such as missing HTTPS and poor security governance overshadow these strengths. The site is vulnerable to data breaches, regulatory penalties, and customer trust degradation unless urgent remediation occurs. Immediate action is needed to establish encryption, implement security headers, and formalize security policies. Without these, the business risks financial loss, regulatory fines, and long-term brand damage. Overall, the website is not currently secure enough to protect sensitive user data or comply with mandatory security standards.

B

Barnes I Valeri Agency

valeri-agency.com

43

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, compliance violations, and operational disruptions. The absence of HTTPS encryption, a fundamental security control, affects multiple compliance areas such as GDPR and NIS2, undermining user trust and legal standing. Key security headers vital for protecting against web-based attacks are missing, increasing vulnerability to exploits like clickjacking and content injection. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory penalties and reputational damage. The NIS2 framework requirements are largely unmet, with no documented security policies, incident response plans, or vulnerability disclosure processes, elevating risks of prolonged security incidents. Although email security and DNS health show relatively better scores, critical gaps such as non-enforced DMARC and disabled DNSSEC remain. The exposure of high-risk services like FTP further amplifies attack vectors. Immediate remediation is essential to protect customers, preserve brand integrity, and avoid legal consequences.

M

Musictime

musictime.cz

40

The website's overall security posture is critically weak, exposing the business to significant legal, operational, and reputational risks. The absence of HTTPS encryption is a severe vulnerability, compromising data confidentiality and trust, especially for EU customers subject to GDPR. Key security headers are missing, increasing susceptibility to web-based attacks such as cross-site scripting and clickjacking. GDPR compliance is lacking, including no privacy or cookie policies and no consent mechanisms, risking regulatory penalties. The absence of an information security framework, incident response plans, and vulnerability disclosure processes indicates immature security governance. Email authentication is incomplete, raising the likelihood of phishing and spoofing attacks. Additionally, exposing high-risk services like FTP further amplifies the attack surface. Immediate remediation is essential to safeguard customer data, ensure regulatory compliance, and protect business continuity.

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Key issues such as absence of HTTPS encryption and critical security headers severely undermine data confidentiality and integrity. The lack of GDPR compliance mechanisms, including missing cookie policies and consent banners, heightens the risk of legal penalties. Furthermore, the absence of documented security policies, incident response procedures, and vulnerability disclosure processes indicates immature security governance. Although email security and network security show moderate to good scores, these strengths are overshadowed by fundamental weaknesses in encryption and compliance. Immediate remediation is essential to protect customer data, maintain trust, and comply with regulatory frameworks such as GDPR and NIS2. Without urgent action, the business is vulnerable to cyberattacks and financial liabilities.

The website's overall security posture is critically weak, exposing the business to significant operational, reputational, and regulatory risks. Key deficiencies include the complete lack of HTTPS encryption, absence of fundamental security headers, and no adherence to GDPR and NIS2 regulatory requirements despite operating in the EU. Critical network services such as SMB, MySQL, and FTP are exposed, increasing the attack surface and vulnerability to data breaches and unauthorized access. The absence of privacy policies and cookie consent mechanisms further jeopardizes compliance and customer trust. Security governance appears undeveloped, with no documented policies or incident response plans. While email security and DNS health show moderate strength, they are overshadowed by critical lapses in core website and network security controls. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and uphold customer confidence.

2

2PM Monaco

2pmmonaco.com

45

The website's security posture is critically weak, with multiple severe vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is the most critical flaw, undermining data confidentiality and integrity. Key security headers are largely missing, increasing susceptibility to common web attacks such as clickjacking, XSS, and content injection. Compliance with GDPR and NIS2 regulations is severely inadequate, notably lacking privacy policies, cookie consent mechanisms, and documented security and incident response procedures. While email and network security show strengths, the overall security framework is fragmented and insufficient for protecting sensitive data or maintaining customer trust. Immediate remediation is essential to mitigate potential legal liabilities and safeguard business continuity. Addressing these issues will not only enhance security but also improve customer confidence and regulatory compliance. Without urgent action, the organization remains exposed to high-impact cyber threats and operational disruptions.

J

JCC Consulting

jcc.com

45

The website's overall security posture is critically weak, primarily due to the complete absence of HTTPS encryption, exposing all data transmissions to interception and manipulation. Compliance with GDPR and NIS2 regulations is severely lacking, with missing cookie policies, consent mechanisms, and critical security governance documentation like incident response and security policies. Security headers are insufficiently implemented, increasing the risk of web-based attacks such as XSS and content injection. Email security practices show moderate maturity but require improvements to prevent domain spoofing and phishing. DNS security is relatively strong, but enabling DNSSEC and configuring CAA records would further protect domain integrity. Network security is well maintained, indicating some foundational controls are in place. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and safeguard the business reputation. Failure to act promptly could lead to data breaches, legal penalties, and loss of customer trust.

C

Crédit Agricole Provence Côte d'Azur

ca-pca.fr

48

The website's overall security posture is concerning, with multiple critical and high-severity issues primarily related to GDPR compliance, missing HTTPS encryption, and lack of essential security policies. The absence of HTTPS encryption exposes all data transmissions to interception, posing severe risks to user privacy and trust. GDPR compliance gaps, including missing privacy and cookie policies and no consent mechanisms, expose the business to regulatory penalties and reputational damage, especially as it operates within the EU. Furthermore, the absence of a formal information security framework, incident response procedures, and vulnerability disclosure policies under NIS2 regulations reflects a significant maturity gap in security governance. While network security and DNS health receive relatively high scores, the lack of DNSSEC and DKIM configurations introduces risks for domain spoofing and email phishing. Security headers are generally well implemented but require enhancements to mitigate XSS and data leakage risks. Immediate remediation is critical to protect customer data, ensure regulatory compliance, and maintain business continuity.

H

Hoozin

hoozin.com

40

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability that undermines data confidentiality and trust, while missing essential security headers leave the site open to common web attacks such as clickjacking and cross-site scripting. GDPR compliance is severely lacking, with no cookie policy or consent mechanisms, creating legal exposure and reputational damage risks. Network security is compromised by the exposure of high-risk services like FTP and MySQL without adequate protections, increasing the attack surface. The lack of incident response, security policies, and business continuity planning under the NIS2 framework indicates immature security governance. Although email security and DNS health score relatively well, these strengths do not offset the critical deficiencies elsewhere. Immediate remediation is required to protect customer data, maintain regulatory compliance, and safeguard business continuity. Without urgent action, the organization risks financial penalties, loss of customer trust, and potential service outages.

The website's security posture is currently critically deficient, exposing the business to significant security, compliance, and reputational risks. The absence of HTTPS encryption is a fundamental vulnerability that jeopardizes data confidentiality and integrity, undermining user trust and violating key regulations such as GDPR and NIS2. Additionally, the lack of critical security headers like Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy further increases the risk of attacks such as clickjacking, cross-site scripting, and man-in-the-middle exploits. Compliance gaps are evident with missing privacy policies, cookie consent mechanisms, and incomplete GDPR documentation, heightening the risk of regulatory penalties. The absence of a formal information security framework, incident response procedures, and business continuity planning signals a lack of preparedness for security incidents. While some network security measures are well implemented, the overall low scores in core areas require urgent remediation to protect business assets and maintain customer trust. Immediate action is necessary to address these critical vulnerabilities and align with industry standards and legal requirements.

A

Arcus Consulting LLP

arcus.uk.com

41

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental flaw impacting data confidentiality and trustworthiness. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy policy or cookie consent mechanisms, risking legal penalties and loss of customer trust. The lack of an information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. Email security measures like DMARC and DKIM are insufficient, raising the risk of phishing and spoofing attacks. Exposure of high-risk services like FTP further amplifies vulnerability to unauthorized access. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the business’s reputation.

M

Magtor

magtor.tech

34

The website's security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption across the site is the most alarming vulnerability, leaving all data transmissions unprotected and potentially interceptable by attackers. Critical gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and essential security documentation, which could result in hefty regulatory penalties. Email systems lack fundamental authentication protocols, increasing the risk of phishing and spoofing attacks that could damage brand trust. The website also exposes high-risk services like FTP, which are known vectors for compromise. Additionally, basic security headers are misconfigured or absent, increasing susceptibility to common web-based attacks. Overall, the current security state undermines customer trust and business continuity. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the company’s digital assets.

N

Nico Rosberg

nicorosberg.com

38

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key deficiencies include the absence of HTTPS encryption, leading to insecure data transmission, and missing fundamental security headers that protect against common web attacks. Additionally, the lack of GDPR compliance elements—such as privacy policies and cookie consent—poses legal risks and potential fines. Network exposure of critical services like MySQL and FTP further increases the attack surface, making unauthorized access more likely. The organization's security governance is underdeveloped, with no formal information security framework, incident response procedures, or vulnerability disclosure policies in place. Although email security and DNS health show moderate maturity, the overall low scores in core security domains highlight urgent remediation needs. Immediate action is required to safeguard business assets, maintain customer trust, and comply with regulatory requirements.

M

Medtronic

covidien.com

45

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a severe vulnerability impacting data confidentiality and integrity, affecting customer trust and legal compliance, especially under GDPR and NIS2 regulations. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing susceptibility to man-in-the-middle and cross-site scripting attacks. The lack of GDPR compliance elements such as a Privacy Policy, Cookie Policy, and Consent Banner exposes the company to potential fines and customer distrust. The organization also lacks foundational information security documentation, including security policies and incident response procedures, which undermines its ability to effectively manage and respond to security incidents. While network security and DNS health show some strengths, they do not compensate for fundamental flaws in encryption and governance. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Overall, the current state presents a critical risk to both operational security and legal standing.