Security Directory

C

Cisco Meraki

meraki.com

63

The website security assessment reveals a concerning overall security posture, with no critical issues but multiple high and medium severity gaps primarily in security headers, GDPR compliance, and NIS2 regulatory requirements. The absence of key HTTP security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy exposes the site to common web attacks like clickjacking, cross-site scripting, and protocol downgrade attacks. GDPR compliance is significantly lacking, including no privacy or cookie policies and missing consent mechanisms, which risks regulatory fines and reputational damage. Furthermore, the absence of an information security framework, security policies, incident response procedures, and vulnerability disclosure mechanisms indicates immature security governance and preparedness. While email security, SSL/TLS, DNS health, and network security show relatively strong scores, foundational web security and compliance weaknesses present substantial business risks. Immediate remediation of compliance and security policy gaps will reduce legal exposure and enhance customer trust. Overall, the organization must prioritize establishing formal security frameworks and policies alongside implementing critical security headers and GDPR controls to strengthen its security and legal standing.

V

Vodafone Institut

vodafone-institut.de

71

The website demonstrates a generally strong posture in network security, email security, SSL/TLS, and DNS health, indicating robust foundational controls. However, it exhibits critical gaps in GDPR compliance, notably operating as an EU business without adequate privacy measures, which exposes the organization to significant legal and financial risks. The absence of key NIS2 cybersecurity framework elements, including incident response, security policies, and vulnerability disclosure, further heightens exposure to operational and regulatory threats. Security headers and mixed content issues suggest potential vulnerabilities to client-side attacks, albeit at a lower risk level. Overall, the site’s security is uneven, with high risks concentrated in regulatory compliance and governance areas that directly impact business continuity and reputation. Immediate attention is required to remediate compliance deficits and establish formalized security governance. Failure to address these could result in regulatory penalties, data breaches, and damage to customer trust. Strengthening these areas will align the business with industry best practices and reduce potential liabilities.

E

EarthX

earthx.org

65

The website demonstrates a generally moderate security posture with no critical issues but several high and medium risks that could impact business continuity, customer trust, and regulatory compliance. Key deficiencies include missing critical security headers and lack of foundational security policies such as incident response and business continuity planning. GDPR compliance gaps like the absence of a cookie consent banner and incomplete privacy documentation pose legal and reputational risks. The NIS2 framework adoption is notably weak, indicating insufficient organizational security governance and readiness. Email security and SSL/TLS configurations are adequate but require improvements to prevent phishing and data interception. DNS and network security show solid implementation, which reduces exposure to certain attack vectors. Overall, immediate attention to security headers, policy frameworks, and regulatory compliance is vital to strengthen defenses and maintain stakeholder confidence.

W

WorkSpan, Inc.

workspan.com

70

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but multiple high and medium severity issues significantly undermine its overall security and regulatory compliance. Key weaknesses include missing critical HTTP security headers, lack of GDPR-compliant cookie policies, and an absence of foundational NIS2 security governance such as incident response and security documentation. While email security, SSL/TLS, DNS health, and network security show strong performance, gaps in security headers and compliance frameworks expose the business to risks including clickjacking, cross-site scripting, data privacy violations, and regulatory penalties. The absence of a formal information security framework and incident response procedures increases exposure to operational disruption and reputational damage. Immediate remediation is essential to strengthen defenses and meet legal obligations. Addressing these issues will reduce the risk of data breaches, improve customer trust, and ensure regulatory compliance, safeguarding business continuity and brand reputation.

O

Ooshman

ooshman.au

59

The website demonstrates significant security gaps, particularly in foundational security headers, privacy compliance, and information security governance, resulting in a poor overall security posture. While network security and email security score relatively well, critical vulnerabilities such as missing Strict-Transport-Security and Content-Security-Policy headers expose the site to data interception and cross-site scripting attacks. The absence of GDPR compliance elements like privacy and cookie policies presents legal and reputational risks. Additionally, missing NIS2-related documentation and incident response procedures indicate a lack of preparedness for cyber incidents, increasing operational risk. Weak SSL key lengths and impending certificate expiration further undermine secure communications. Addressing these high and medium priority issues is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity. Immediate remediation will reduce potential breach impact, enhance customer trust, and align with industry standards.

F

Follow Up Boss

followupboss.com

71

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, significant gaps exist in compliance and governance areas, particularly GDPR and NIS2 requirements. While foundational network and email security controls are strong, missing security headers and incomplete security policies expose the business to potential data privacy risks and regulatory penalties. The absence of a cookie policy, consent mechanisms, and incident response procedures presents considerable legal and operational risks, especially as data privacy regulations tighten. Insufficient documentation of security frameworks and contact points undermines stakeholder trust and readiness to respond to incidents. Addressing these issues promptly will enhance regulatory compliance, reduce exposure to data breaches, and improve overall security resilience. The organization should prioritize establishing formal security policies, GDPR compliance measures, and incident response capabilities to protect business continuity and reputation. Investment in these areas will mitigate risks of fines, customer dissatisfaction, and operational disruption.

The website demonstrates a strong overall security posture with no critical or high severity issues detected. Key foundational protections such as email security, SSL/TLS configurations, and network security are fully compliant and robust, scoring 100/100. However, medium-level concerns exist around security headers, GDPR compliance, NIS2 requirements, and DNS health, notably the absence of DNSSEC. These medium issues highlight potential vulnerabilities in regulatory compliance and domain security that could expose the business to data privacy risks and domain spoofing attacks. Low severity items, such as missing CAA records, further indicate opportunities to enhance domain certificate management. Addressing these gaps will strengthen regulatory alignment, improve trust with users, and mitigate risks from DNS-based threats. Prioritizing these improvements ensures the website remains resilient against evolving cyber threats and regulatory scrutiny.

A

Actyus | Fintech venture capital

actyus.com

63

The website demonstrates a moderate overall security posture with no critical issues but multiple high-severity vulnerabilities predominantly in governance, compliance, and configuration areas. Key deficiencies exist in GDPR compliance, including missing privacy and cookie policies and absence of a consent banner, exposing the organization to regulatory and reputational risks. Security headers are inadequately configured, increasing exposure to common web-based attacks such as clickjacking and cross-site scripting. The lack of a formal information security framework, incident response procedures, and security policy documentation indicates immature cybersecurity governance, which could delay breach detection and response. Email security and DNS health are relatively strong, though improvements in DMARC enforcement and DNSSEC could further reduce phishing and spoofing risks. SSL/TLS configuration issues, including weak key length and imminent certificate expiration, present risks to secure communications and customer trust. Network security posture is solid, providing a stable foundation for other improvements. Addressing these issues promptly will reduce regulatory exposure, enhance customer trust, and strengthen overall risk management.

V

VolkerRail

volkerrail.nl

51

The website exhibits critical vulnerabilities that severely impact its security posture, notably the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust. Compliance with GDPR is critically deficient, with missing privacy measures, cookie consent, and policy elements, risking significant legal and financial penalties for operating as an EU business without proper safeguards. The lack of an information security framework, incident response procedures, and security policies further amplifies operational risks and regulatory non-compliance under NIS2 requirements. While network security and email security show strengths, foundational issues such as weak security headers and DNS security gaps must be addressed to prevent exploitation. Overall, the site is at high risk of data breaches, legal repercussions, and reputational damage unless urgent remediation occurs. Immediate focus on encryption, privacy compliance, and security governance is essential to protect business interests and customer trust. The current security posture scores indicate critical gaps in GDPR, NIS2, and SSL/TLS domains that require rapid attention. Addressing these will significantly improve compliance, resilience, and stakeholder confidence.

S

SCC

scc.com

51

The website's overall security posture is currently inadequate, with critical deficiencies that expose the business to significant risks. The absence of HTTPS encryption represents a severe vulnerability, impacting data confidentiality, user trust, and regulatory compliance. Furthermore, the lack of a privacy policy, cookie policy, and consent mechanisms places the business at high risk of GDPR non-compliance, potentially resulting in regulatory penalties and reputational damage. The site also lacks foundational information security governance elements such as security policies, incident response procedures, and business continuity planning, severely weakening its resilience to cyber threats. While network and email security show strong performance, critical gaps in encryption and legal compliance overshadow these strengths. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and comply with relevant regulations such as GDPR and NIS2. Addressing these issues will significantly reduce legal liabilities and enhance overall cyber defense capabilities.

D

Dimco

dimco.mc

49

The website's overall security posture is critically weak, primarily due to the complete absence of HTTPS encryption, exposing all data transmissions to interception and manipulation. The lack of essential security headers such as Strict-Transport-Security and Content-Security-Policy further increases vulnerability to common web-based attacks like man-in-the-middle and cross-site scripting. Additionally, the site fails to comply with GDPR requirements by not providing a privacy policy, cookie policy, or consent mechanisms, risking significant regulatory penalties and reputational damage. From a NIS2 directive perspective, there is a notable absence of documented security policies, incident response procedures, and security contact information, indicating poor organizational readiness for cyber incidents. Although email and network security settings are strong, these strengths are overshadowed by foundational security and compliance gaps. DNS configurations are somewhat healthy but can be improved with DNSSEC and CAA records to enhance domain authenticity and prevent certificate misuse. Immediate remediation is crucial to mitigate data breach risks, regulatory fines, and loss of customer trust, which can severely impact business continuity and growth.

A

Albanu

albanu.mc

41

The website's security posture is currently poor with multiple critical and high-risk vulnerabilities identified, exposing the business to significant cyber threats and regulatory non-compliance. The absence of HTTPS encryption is a fundamental and critical weakness, undermining data confidentiality and integrity. Key security headers are missing or misconfigured, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, presents legal and reputational risks, especially for customer data protection. Network security is compromised by exposure of high-risk services like FTP and SSH, which can be exploited for unauthorized access. Additionally, the absence of essential security governance documents and incident response procedures indicates immature security management practices. Immediate remediation is necessary to protect customer trust, comply with regulations, and safeguard business operations. Prioritizing these issues will reduce the risk of data breaches and potential financial and legal consequences.

S

Starlight Analytics

starlightanalytics.com

74

Starlight Analytics demonstrates a moderate security posture with strong email security and network defenses but exhibits significant gaps in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements. The absence of critical policies and headers exposes the business to regulatory risks and potential security vulnerabilities that could impact customer trust and operational resilience.

D

Dietsmann

dietsmann.com

60

The website dietsmann.com currently exhibits significant security and compliance gaps, particularly in web security headers, GDPR compliance, and information security governance, placing the business at risk of data breaches, regulatory penalties, and reputational damage. While foundational network security and email security are relatively strong, critical improvements are needed urgently to protect sensitive data and meet regulatory requirements.

P

Privatam

privatam.com

57

The website https://privatam.com exhibits significant security weaknesses, particularly in foundational security headers, GDPR compliance, and organizational security policies, resulting in a high overall risk despite the absence of critical vulnerabilities. Immediate attention is required to address missing security controls and regulatory requirements to protect user data, maintain trust, and avoid potential legal and reputational damage.

A

Avis Budget Group

avisbudgetgroup.com

64

The website exhibits significant security gaps, particularly in HTTP security headers, GDPR compliance, and organizational security policies, which poses regulatory, reputational, and operational risks. While network security and email configurations are relatively strong, the absence of critical security controls and documentation undermines the overall security posture and exposes the business to potential data breaches and compliance violations.

F

Foundation Marketing

foundationinc.co

66

The website foundationinc.co currently exhibits significant security and compliance gaps, with critical omissions in security headers, GDPR compliance, and organizational security policies that expose the business to data breaches, regulatory penalties, and reputational damage. While network security and email security show relative strength, the overall security posture is weak and requires urgent remediation to protect sensitive data and ensure regulatory adherence.

The website authority.builders currently exhibits significant security weaknesses, particularly in governance, compliance, and foundational security controls, resulting in a poor overall security posture. While network and email security are relatively strong, critical gaps in GDPR compliance, incident response, and SSL/TLS configurations expose the business to regulatory, reputational, and operational risks.

Verifone.com demonstrates significant security and compliance gaps, particularly in web security headers and data privacy policies, which expose the business to reputational, legal, and operational risks. While the network and email security measures appear robust, critical omissions in GDPR compliance and incident response frameworks undermine trust and regulatory adherence.

Atelio.com currently exhibits significant security gaps primarily in web security headers, GDPR compliance, and organizational security policies, which collectively pose risks to user trust, regulatory compliance, and operational resilience. While network and email security are strong, the absence of key security controls and policies undermines the site’s overall security posture and may expose the business to reputational damage and regulatory penalties.