Security Directory

I

ITECO Oil Field Supply Group

iteco-supply.com

38

The website's security posture is critically weak, exposing the business to substantial risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability that jeopardizes all data transmissions, undermining user trust and violating GDPR and NIS2 requirements. Key security headers are largely missing, increasing susceptibility to common web attacks like clickjacking and cross-site scripting. The lack of fundamental GDPR compliance elements such as a Privacy Policy, Cookie Policy, and Consent Banner further exposes the company to legal penalties. Network services like FTP and SSH are unnecessarily exposed, elevating the risk of unauthorized access. Email security is moderately strong, but critical DNS security measures such as DNSSEC are absent. Overall, urgent remediation is required to protect customer data, ensure compliance with industry regulations, and maintain business continuity.

O

OptimaT

optimat.be

46

The website's security posture is currently at high risk, with multiple critical and high-severity issues that directly impact business operations and regulatory compliance. Notably, the absence of HTTPS encryption exposes sensitive data to interception, undermining user trust and violating legal requirements such as GDPR and NIS2. Missing key security headers (Strict-Transport-Security, X-Frame-Options, Content-Security-Policy) increases vulnerability to common web attacks. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses significant legal and reputational risks, especially for EU customers. Additionally, the organization lacks foundational information security frameworks, incident response procedures, and business continuity plans, indicating immature security governance. Although email security and network security show moderate to good standing, critical gaps in SSL/TLS and GDPR compliance drastically overshadow these positives. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and secure business operations. The overall security readiness score reflects urgent need for comprehensive security improvements and policy implementations.

A

ADOM

africasie.mc

44

The website’s current security posture is critically weak, exposing the business to significant risks from data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is a fundamental flaw that jeopardizes all data in transit, violating GDPR and NIS2 requirements and undermining user trust. Essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy are missing, leaving the site vulnerable to common web attacks like clickjacking and cross-site scripting. GDPR compliance is severely lacking, with no privacy policy or cookie consent mechanisms, increasing legal exposure. The lack of a formal information security framework, incident response, and business continuity plans further weakens the organization's resilience to cyber incidents. While network security and email security show some strengths, critical gaps in encryption and policy documentation overshadow these positives. Immediate remediation is vital to protect sensitive data, meet legal obligations, and maintain customer confidence. Without urgent action, the business risks costly breaches and regulatory fines that could impact operations and brand reputation.

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruption. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and integrity of data in transit. Missing core security headers and email authentication mechanisms increase the risk of phishing, clickjacking, and cross-site scripting attacks. GDPR compliance is severely lacking, with no cookie policies or consent mechanisms, risking regulatory penalties. The lack of an information security framework, incident response procedures, and business continuity planning indicates poor organizational preparedness against cyber incidents. Additionally, the exposure of high-risk services like FTP and SSH without adequate controls further increases attack surface. While DNS health is relatively better, critical gaps remain that could facilitate DNS spoofing or interception. Immediate remediation is essential to protect customer data, maintain trust, and meet legal obligations.

S

Sonepar

sonepar.com

50

The website's overall security posture is currently inadequate, with critical vulnerabilities posing significant risks to business operations and regulatory compliance. The absence of HTTPS encryption, highlighted as a critical issue across multiple modules, severely compromises data confidentiality and user trust. GDPR compliance is notably poor, with no cookie policy or consent mechanism in place, exposing the organization to legal and financial penalties. Security governance is weak, lacking essential frameworks, policies, and incident response procedures, which undermines the ability to manage and respond to cyber threats effectively. While email security and network security show relatively strong performance, foundational web security controls such as security headers are only moderately implemented. The combination of missing critical headers and weak DNS security measures further increases exposure to attacks like data leakage and DNS spoofing. Immediate remediation is essential to protect sensitive customer data, maintain regulatory compliance, and safeguard the company’s reputation.

V

Vertex Pharmaceuticals

vrtx.com

42

The website's overall security posture is currently weak and exposes the business to significant risks, especially regarding data protection and regulatory compliance. Critical issues such as the absence of HTTPS encryption severely compromise data confidentiality and trustworthiness. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses legal and reputational risks. Additionally, essential cybersecurity frameworks and incident response plans required by NIS2 are missing, indicating unpreparedness for cyber incidents. Email security protocols are partially implemented but require strengthening to prevent phishing and spoofing attacks. DNS-related vulnerabilities, including potential subdomain takeover and missing DNSSEC, increase attack surface exposure. While network security is strong, foundational security controls like security headers are incomplete, further increasing vulnerability to common web-based attacks. Immediate remediation is crucial to safeguard customer data, ensure regulatory compliance, and protect brand reputation.

F

Frank Europe GmbH

frankeurope.com

53

The website's overall security posture presents significant concerns, particularly regarding foundational protections and regulatory compliance. Critical issues such as the lack of HTTPS encryption severely expose user data to interception and compromise trust. GDPR compliance is markedly deficient, posing legal and reputational risks due to missing cookie policies, consent mechanisms, and inadequate privacy documentation. The absence of a formal information security framework and incident response plans under NIS2 regulations further escalates operational and compliance vulnerabilities. While network security and email security scores are relatively strong, the missing security headers and weak configurations increase susceptibility to web-based attacks. DNS health is adequate but could be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is essential to protect sensitive data, maintain customer confidence, and avoid regulatory penalties. Addressing these gaps will also enhance the company’s resilience against cyber threats and align security practices with industry standards.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected, but several high and medium risk issues pose significant compliance and operational risks. Key deficiencies exist in GDPR compliance, including absence of privacy and cookie policies and lack of consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of a documented information security framework, incident response procedures, and security policies under NIS2 guidance further elevates operational risk and may impact business continuity. Security headers are partially implemented but require strengthening to prevent common web-based attacks. Email security is adequate but could be improved to prevent phishing and spoofing. TLS and DNS configurations are generally solid but need timely certificate renewal and enhanced protections like DNSSEC. Network security posture is strong. Addressing these issues promptly will reduce regulatory exposure, enhance customer trust, and improve resilience against cyber threats.

M

Miells - Christie's

miells.com

63

The website's overall security posture reveals significant weaknesses in compliance, network security, and incident preparedness, posing considerable legal and operational risks. While foundational protections such as email security and some security headers score moderately well, critical exposure of backend services like MySQL and FTP dramatically increase the risk of unauthorized access and data breaches. The absence of GDPR-mandated policies and consent mechanisms exposes the business to regulatory penalties and reputational damage. Additionally, the lack of a formal information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. SSL/TLS configurations are suboptimal and could undermine user trust and data confidentiality. DNS security measures are partially implemented but could be strengthened. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and safeguard business continuity.

The website demonstrates a concerning security posture with no critical vulnerabilities but a significant number of high and medium severity issues across multiple domains. Key gaps include missing essential security headers, lack of GDPR compliance elements such as privacy and cookie policies, and absence of a formal information security framework aligned with NIS2 requirements. Network exposure of high-risk services like FTP further elevates the risk of unauthorized access or data compromise. Email and DNS security are relatively stronger but still show room for improvement. The SSL/TLS configuration is adequate but requires timely certificate renewal and enabling HSTS for better protection. Overall, the current state exposes the business to regulatory penalties, reputational damage, and increased risk from common web-based attacks. Immediate remediation efforts should focus on closing compliance gaps and strengthening perimeter defenses to mitigate potential breaches and legal liabilities.

D

DreamCatcher

dreamcatcher.mc

61

The website demonstrates notable security weaknesses primarily in its HTTP security headers, GDPR compliance, and adherence to the NIS2 cybersecurity framework, resulting in a low overall security posture in these critical areas. While there are no critical vulnerabilities detected, multiple high and medium severity issues expose the business to risks such as data breaches, regulatory fines, reputational damage, and operational disruptions. The absence of essential security headers like Strict-Transport-Security and Content-Security-Policy increases susceptibility to man-in-the-middle and cross-site scripting attacks. Non-compliance with GDPR requirements, including missing privacy and cookie policies and lack of a consent banner, elevates legal risk and undermines customer trust. Deficiencies in NIS2-related documentation and procedures reflect inadequate organizational readiness for incident response and business continuity. Conversely, strong network security and good email, SSL/TLS, and DNS configurations provide a solid foundation to build upon. Addressing these gaps promptly will significantly improve security resilience, regulatory compliance, and stakeholder confidence.

The website demonstrates a moderate security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to compliance and cybersecurity risks. Key weaknesses are evident in GDPR compliance, lacking essential cookie policies and consent mechanisms, which may lead to regulatory penalties and customer trust erosion. The absence of a formal information security framework, documented security policies, and incident response procedures significantly increases operational risk and hampers effective breach management. Security headers are partially implemented, missing critical controls like Content-Security-Policy, which raises the risk of cross-site scripting attacks. Email and network security are relatively strong, but SSL/TLS and DNS configurations require improvements to prevent potential interception or spoofing. Immediate attention to GDPR and NIS2 compliance gaps is essential to maintain legal compliance and safeguard business continuity. Overall, strengthening governance and technical controls will enhance resilience against cyber threats and regulatory scrutiny.

S

Stajvelo

stajvelo.com

68

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory penalties, and operational disruptions. While no critical vulnerabilities were detected, several high-severity issues, particularly missing key security headers and absence of essential security policies, indicate weak defense mechanisms. Compliance with GDPR and NIS2 regulations is notably insufficient, risking legal and reputational damage. Network security concerns, such as exposed high-risk services like FTP, further increase the attack surface. SSL/TLS and email security configurations are relatively strong but require minor improvements. Immediate attention to security governance, incident response, and user privacy controls is essential to protect customer data and ensure business continuity. Investing in these areas will reduce risk exposure and strengthen stakeholder trust. Overall, the business should treat these findings as urgent priorities to maintain regulatory compliance and operational resilience.

M

MONACO INTERNATIONAL CONGRÉS & SÉMINAIRE

mics.mc

63

The website's overall security posture shows no critical vulnerabilities but exhibits multiple high and medium risk issues that pose significant risks to business operations and regulatory compliance. Key deficiencies include missing essential security headers, inadequate GDPR compliance especially around cookie policies, and a lack of formal security governance aligned with NIS2 requirements. The exposure of high-risk services such as FTP and missing incident response procedures further elevate the risk profile. While email security, SSL/TLS, and DNS health scores are relatively strong, shortcomings in security headers and network security could enable attacks like clickjacking, XSS, and data leakage. The absence of a security policy and vulnerability disclosure mechanism increases exposure to undetected threats and weakens stakeholder trust. Immediate remediation is essential to avoid regulatory penalties, data breaches, and reputational damage. Strengthening security governance and technical controls will enhance resilience and customer confidence.

T

Tennant Metals

tennantmetals.com.au

75

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but several high and medium-risk issues that could expose the business to significant risks. Key security headers are missing, such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy, increasing susceptibility to common web attacks like clickjacking and man-in-the-middle attacks. Compliance gaps related to GDPR and NIS2 frameworks highlight insufficient data protection policies, lack of incident response procedures, and absence of documented security policies, which could lead to regulatory penalties and operational disruptions. While SSL/TLS and DNS configurations are generally strong, the absence of HSTS and DNSSEC reduces communication security and trustworthiness. The company benefits from strong email and network security, but overall low scores in governance and security policy areas present material business risks. Immediate remediation is necessary to prevent data breaches, maintain customer trust, and ensure regulatory compliance. Addressing these weaknesses will enhance resilience, reduce liability, and safeguard the organization’s reputation.

G

Gemsport

safesoccergoal.com

62

The website demonstrates significant security gaps, particularly in foundational security controls such as missing critical HTTP security headers and inadequate SSL/TLS configurations. Compliance with GDPR and NIS2 regulations is notably insufficient, with absent privacy and cookie policies, no incident response or security policy documentation, and lack of business continuity planning, exposing the organization to regulatory and reputational risks. Although no critical vulnerabilities were identified, the presence of high-risk services like an exposed FTP server significantly increases the attack surface. The email security posture is strong, indicating well-implemented email protections. Overall, the website's security maturity is low, with urgent need for policy development, technical hardening, and compliance measures to mitigate potential data breaches, legal penalties, and operational disruptions. Addressing these issues promptly will enhance customer trust, reduce liability, and improve resilience against cyber threats. The current state leaves the business vulnerable to data exposure, phishing, and service interruptions, which could have severe financial and reputational impacts if exploited.

P

Promar

promar-offshore.com

64

The website demonstrates a moderate security posture with no critical vulnerabilities but multiple high and medium-risk issues that can expose the business to significant risks. Key deficiencies exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity regulations, signaling potential legal, reputational, and operational risks. The absence of privacy and cookie policies, along with missing consent mechanisms, may lead to non-compliance with data protection laws, risking fines and loss of customer trust. Security policy documentation, incident response procedures, and business continuity plans are notably lacking, reducing preparedness for cyber incidents. SSL/TLS certificate renewal is urgent to avoid service disruption and trust erosion. While email and network security are strong, improvements are needed in DNS and transport security configurations. Addressing these gaps will enhance the website’s resilience, ensure regulatory compliance, and protect business continuity and customer confidence.

S

SAFINCO

safinco.com

60

The website's overall security posture reveals significant gaps, particularly in governance, privacy compliance, and essential security headers, exposing the business to regulatory risks and potential cyber threats. While there are no critical vulnerabilities, the presence of 11 high and 9 medium severity issues highlights urgent areas for remediation. Notably, missing privacy policies and consent mechanisms put the organization at risk of GDPR non-compliance, which could lead to costly fines and reputational damage. The absence of a formal information security framework, incident response procedures, and security policies under NIS2 requirements further exposes the business to operational disruptions and regulatory scrutiny. Security headers are inadequately configured, increasing exposure to web-based attacks like clickjacking and cross-site scripting. Additionally, the exposure of an FTP service represents a high-risk attack vector that could enable unauthorized access or data leakage. Overall, this assessment underscores the need for immediate governance improvements, privacy compliance actions, and technical hardening to safeguard the business and its customers.

C

Colibri

cmf.mc

65

The website's overall security posture reveals significant gaps, particularly in compliance, email security, and foundational security policies. Critical and high-severity issues, such as the absence of email authentication and missing key security headers, expose the business to increased risk of data breaches, phishing, and regulatory penalties. GDPR compliance is notably weak, lacking essential elements like a cookie policy and consent mechanisms, which could lead to legal ramifications and loss of customer trust. The NIS2 framework-related deficiencies highlight an immature security governance structure, increasing vulnerability to cyber incidents and impacting business resilience. While network security and DNS health show relative strength, critical SSL/TLS issues such as a self-signed certificate undermine secure communications. Immediate remediation of these vulnerabilities is crucial to protect sensitive data, meet regulatory requirements, and maintain customer confidence. Addressing these issues will also improve the organization's overall risk management and incident response capabilities.

G

Gobierno de México

fovissste.gob.mx

88

The website demonstrates a generally solid security foundation with strong SSL/TLS and network security scores, indicating effective encryption and resilient network defenses. However, critical vulnerabilities exist in email security due to the complete lack of email authentication mechanisms, exposing the business to risks such as email spoofing, phishing, and brand impersonation. Medium-level gaps in security headers, GDPR compliance, NIS2 adherence, and DNS security (lack of DNSSEC) further increase exposure to data breaches, regulatory penalties, and cyber threats. The absence of DKIM records weakens email integrity, while missing CAA records indicate incomplete DNS safeguards. Addressing these weaknesses will significantly reduce the risk of reputational damage, regulatory fines, and cyber attacks. Prioritizing email authentication and compliance measures will yield the highest business impact. Overall, the organization is advised to urgently remediate critical issues and progressively enhance medium-severity deficiencies to maintain customer trust and regulatory compliance.

M

Monaco Mediax

sportelmonaco.com

47

The website sportelmonaco.com exhibits a critically weak security posture, primarily due to the lack of HTTPS encryption and missing essential security headers, exposing it to severe data interception and injection attacks. Additionally, significant GDPR and NIS2 compliance gaps pose legal and operational risks, threatening customer trust and regulatory penalties.

C

Columbus Hotel Monte-Carlo

columbushotels.com

38

The website columbushotels.com currently exhibits a critically poor security posture, mainly due to the complete lack of HTTPS encryption and several missing foundational security controls. This exposes the business to significant risks including data breaches, regulatory non-compliance (notably GDPR), and reputational damage. Immediate action is required to establish secure communications and implement essential security policies and headers.

The website classicmaritimeinc.com exhibits a critically poor security posture, primarily due to the lack of HTTPS encryption and absence of fundamental security headers. This exposes the business to significant risks including data interception, legal non-compliance with GDPR and NIS2 regulations, and vulnerability to common web attacks, potentially damaging customer trust and regulatory standing.

D

Dazerolab SARL

dazerolab.com

47

The website dazerolab.com exhibits a severely deficient security posture, primarily due to the absence of HTTPS encryption and critical security headers, exposing it to data interception, injection attacks, and compliance violations. Additionally, the site lacks fundamental GDPR and NIS2 regulatory safeguards, significantly increasing legal and operational risks for the business.

C

Crédit Agricole CIB

ca-cib.com

46

The website ca-cib.com exhibits a severely deficient security posture, with critical vulnerabilities including the absence of HTTPS encryption and major gaps in compliance with GDPR and NIS2 regulations. These issues expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. Immediate remediation is essential to safeguard sensitive data and ensure legal compliance.

I

INDEPEND

independ.com.br

38

The website independ.com.br exhibits a critically weak security posture with multiple high and critical severity issues, notably lacking HTTPS encryption and essential security headers. This exposes the business to significant risks including data breaches, regulatory non-compliance (GDPR, NIS2), and potential service disruptions. Immediate remediation is necessary to protect customer data, maintain trust, and comply with legal requirements.

The website http://interplast-uae.com exhibits a critical security posture with no HTTPS encryption and multiple high-risk vulnerabilities, exposing the business to data breaches, regulatory non-compliance, and reputational damage. The absence of essential security headers and policies significantly increases the risk of cyberattacks and non-compliance with GDPR and NIS2 regulations. Immediate remediation is necessary to protect sensitive data, ensure legal compliance, and maintain stakeholder trust.

G

Groupe Marzocco

satri.mc

45

The website satri.mc currently exhibits a critically weak security posture, primarily due to the complete lack of HTTPS encryption and absence of fundamental security headers, exposing it to data interception and various web attacks. Additionally, it fails to meet GDPR compliance requirements and lacks core information security policies, posing significant legal and operational risks to the business.

S

Saipem

saipem.com

73

The website has a generally moderate security posture with no critical vulnerabilities detected, but significant gaps exist in compliance (GDPR) and organizational security frameworks (NIS2). Key issues such as missing security headers, lack of cookie consent mechanisms, and absence of formal security and incident response policies expose the business to regulatory risks and potential operational disruptions.

B

Britesyde Distribution

britesyde.com

46

The website britesyde.com currently exhibits a critically weak security posture with multiple high and critical risk issues across key areas including SSL/TLS, network services, and compliance with GDPR and NIS2 frameworks. The presence of invalid SSL certificates, exposed critical services, and missing essential security headers significantly elevates the risk of data breaches and regulatory non-compliance, potentially impacting customer trust and business continuity.

M

Monaco Economic Board

meb.mc

65

The website https://meb.mc exhibits significant security and compliance gaps, particularly in web security headers, data privacy compliance (GDPR), and information security management (NIS2). While network and email security show strength, critical omissions such as missing security policies, privacy notices, and headers expose the business to regulatory penalties, data breaches, and reputational damage.

B

Bouygues Telecom Business C2S

c2s.fr

50

The website's security posture is currently inadequate, with critical vulnerabilities severely undermining trust and compliance. The absence of HTTPS encryption is a critical flaw, exposing data in transit to interception and violating GDPR and NIS2 regulations, which poses substantial legal and reputational risks. Key GDPR compliance failures, including missing privacy and cookie policies and lack of a cookie consent banner, further expose the business to regulatory penalties and customer distrust. The lack of documented information security frameworks, incident response procedures, and security policies indicates poor organizational security maturity, increasing risk of prolonged breaches and operational disruptions. While network security and email security show strengths, foundational issues like missing secure headers and DNS best practices need attention. Immediate remediation of critical and high severity issues is essential to protect sensitive data, maintain customer trust, and avoid costly compliance fines. Overall, the business must prioritize establishing secure communication, regulatory compliance measures, and formal security governance to improve its security posture reliably.

D

dstecheetah

dstecheetah.com

67

The dstecheetah.com website demonstrates significant security gaps, particularly in foundational web security headers, GDPR compliance, and network security, exposing the business to data breaches, regulatory penalties, and operational risks. While email security and DNS health show relative strength, critical exposures like the publicly accessible MySQL service and missing incident response protocols indicate urgent remediation is needed to protect business assets and customer trust.

P

Plexico Créations

plexico.fr

55

The website plexico.fr exhibits significant security and compliance deficiencies that expose the business to legal risks and cyber threats, particularly related to GDPR non-compliance and critical network vulnerabilities. While some foundational security controls like SSL/TLS and DNS health are relatively strong, the lack of key security policies, missing critical HTTP security headers, and exposed high-risk services indicate an urgent need for remediation to protect data, maintain customer trust, and ensure regulatory compliance.

M

Monaco Properties

monacoproperties.mc

59

The website monacoproperties.mc exhibits a weak overall security posture with numerous high-risk vulnerabilities, especially in security header configurations, GDPR compliance, and information security governance. While no critical issues were detected, the presence of multiple high-severity risks, such as missing essential security headers and lack of privacy policies, exposes the business to regulatory fines, reputation damage, and potential cyberattacks.

The Maitland Group website exhibits significant security weaknesses, particularly in fundamental web security headers, GDPR compliance, and network service exposure, which collectively pose substantial risks to data protection and operational integrity. Immediate remediation is critical to protect company reputation, customer trust, and regulatory compliance.

The website https://colibri.mc exhibits significant security gaps, particularly in foundational web security headers, GDPR compliance, and organizational security policies, resulting in a high overall risk exposure despite no critical technical vulnerabilities detected. Immediate attention is needed to address legal compliance and implement essential security controls to protect user data and maintain business reputation.

F

Fédération Patronale et Économique (FPE-CIGA)

federation-patronale.ch

67

The website federation-patronale.ch demonstrates significant security and compliance gaps, particularly in privacy policy adherence and information security governance. While no critical vulnerabilities were found, multiple high-risk issues related to GDPR compliance, security headers, and network exposure pose substantial risks to business reputation and regulatory standing.

S

SMEG

smeg.mc

69

The smeg.mc website demonstrates a strong technical security foundation in SSL/TLS, network security, and DNS health, but exhibits significant compliance and governance gaps, particularly in GDPR and NIS2 regulatory requirements. The absence of privacy policies, consent mechanisms, and documented security frameworks exposes the business to regulatory risks and potential reputational damage. Immediate remediation focusing on compliance and formal security processes is essential to reduce legal liabilities and enhance customer trust.

F

Fnac Darty

fnacdarty.com

72

The website fnacdarty.com demonstrates a solid technical security foundation with strong network and email security, but suffers from significant compliance and governance gaps, particularly in GDPR and NIS2 regulatory requirements. These deficiencies expose the business to legal risks, potential fines, and reputational damage, despite the absence of critical technical vulnerabilities.

E

Enterprise Rent-A-Car

enterprise.ca

72

The website https://enterprise.ca exhibits significant security gaps, particularly in governance and email security, leading to an unknown overall risk score. While network and SSL/TLS configurations are strong, critical deficiencies in incident response, security policies, and email authentication represent substantial business risks, including potential data breaches, regulatory non-compliance, and reputational damage.

D

DealShield

dealshield.com

65

The overall security posture of dealshield.com is concerning, with a number of high and medium-risk issues primarily related to missing security headers, GDPR non-compliance, and lack of formal security policies. While network security and email security appear strong, critical gaps in web security controls, data protection practices, and incident readiness expose the business to potential data breaches, regulatory fines, and reputational damage.

E

Enterprise Rent-A-Car

enterprise.co.uk

72

The website demonstrates a generally moderate security posture with strong SSL/TLS and network security but suffers from significant gaps in governance, compliance (especially GDPR and NIS2), and critical security headers. These deficiencies expose the business to regulatory risks, potential data breaches, and reputational damage. Immediate remediation of governance frameworks and security controls is essential to mitigate operational and compliance risks.

E

Enterprise Rent-A-Car

enterpriserentacar.ca

70

The website https://enterpriserentacar.ca exhibits significant security gaps, particularly in email security, regulatory compliance (GDPR and NIS2), and HTTP security headers. While network security and SSL/TLS configurations are relatively strong, critical issues such as a permissive SPF record and missing key policies expose the business to risks including email spoofing, data privacy violations, and incident response inefficiencies.

M

Manheim by Cox Automotive

mymanheim.com

67

The website mymanheim.com exhibits significant security and compliance gaps, particularly in email authentication, GDPR compliance, and adherence to NIS2 security frameworks. While network security and TLS configurations are relatively strong, critical vulnerabilities in data protection, incident response, and email security pose considerable risks to business operations and reputation.

E

Enterprise Truck Rental

enterprisetrucks.ca

68

The website enterprisetrucks.ca exhibits significant security gaps, particularly in email authentication, incident response, and compliance with GDPR and NIS2 frameworks, placing the business at elevated risk of data breaches, regulatory penalties, and reputational damage. While network security and SSL/TLS configurations are relatively strong, foundational policies and headers are missing or poorly implemented, undermining overall resilience and trustworthiness.

E

Enterprise Holdings, Inc.

enterprisecarclub.co.uk

77

The website enterprisecarclub.co.uk demonstrates a generally sound network, email, and SSL/TLS security posture but suffers from critical gaps in web security headers, GDPR compliance, and information security governance aligned with NIS2 standards. These deficiencies expose the business to increased legal risks, potential data breaches, and regulatory non-compliance. Immediate remediation is necessary to strengthen data protection, incident response capabilities, and overall trustworthiness.

E

Enterprise Holdings, Inc.

enterprisecarshare.ca

75

The website https://enterprisecarshare.ca demonstrates a generally strong network and email security posture but exhibits significant gaps in web security headers, GDPR compliance, and critical NIS2 regulatory requirements. These deficiencies expose the business to data privacy risks, regulatory non-compliance penalties, and potential incident management failures. Immediate attention is needed to strengthen security policies, user data protection measures, and incident response capabilities to safeguard brand reputation and ensure legal compliance.

C

Commute with Enterprise

commutewithenterprise.com

75

The website commutewithenterprise.com demonstrates strong network, SSL/TLS, and email security controls, but suffers from significant gaps in governance and compliance, particularly related to GDPR and NIS2 requirements. Missing critical security policies, headers, and consent mechanisms expose the business to regulatory risks and potential operational disruptions despite a generally secure infrastructure.

The website efleets.com demonstrates a generally strong network, SSL/TLS, email security, and DNS posture but exhibits significant gaps in compliance and governance frameworks, particularly around GDPR and NIS2 regulations. Critical security controls such as Content-Security-Policy headers, incident response procedures, and cookie consent mechanisms are missing, posing considerable business and regulatory risk. Addressing these shortcomings is essential to reduce exposure to data breaches, regulatory penalties, and reputational damage.