Security Directory

S

Seven.One Entertainment Group GmbH

seven.one

68

Seven.One Entertainment Group GmbH is a leading German media and entertainment company specializing in TV broadcasting, streaming, advertising products, content production, and event and artist management. It operates multiple well-known TV and digital brands and is a subsidiary of ProSiebenSat.1 Media SE. The website demonstrates a mature digital presence with modern technologies such as Liferay CMS, React, and integrated marketing and consent management tools. However, a critical security weakness is the absence of a valid SSL certificate, exposing users to potential risks. The company maintains comprehensive privacy and cookie policies with GDPR compliance and uses consent-based tracking. Overall, the business is positioned strongly in the German media market with a broad portfolio and professional digital infrastructure but needs urgent improvements in security configuration.

D

D4Sign

d4sign.com.br

64

D4Sign is Brazil's leading electronic and digital signature platform, offering a comprehensive SaaS solution that integrates advanced AI capabilities to streamline document signing and contract management. The company serves a broad audience including businesses and individuals, providing secure authentication methods linked to government data for enhanced trust and legal compliance. Technically, the website is built on WordPress with multiple modern plugins and integrates various marketing and analytics tools, hosted on AWS. However, the current SSL/TLS configuration is invalid, posing a significant security risk. The company demonstrates strong market presence with over 500,000 companies trusting its services and certifications such as Great Place To Work and sustainability seals. Privacy and cookie policies are comprehensive and GDPR compliant, with active consent mechanisms.

K

KM Business Information Canada Ltd.

lexpert.ca

64

Lexpert.ca is a leading Canadian legal directory and media platform operated by KM Business Information Canada Ltd. It specializes in providing comprehensive rankings, directories, and news related to lawyers and law firms across various business law sectors including energy, finance, technology, mining, infrastructure, litigation, insolvency, and mergers and acquisitions. The platform targets Canadian businesses seeking qualified legal professionals and offers digital editions, newsletters, and event coverage to support its audience. Technically, the website leverages a modern tech stack including Bootstrap, jQuery, Algolia search, and HubSpot integrations, hosted behind Cloudflare for performance and security. Despite a slow page load time, the site is mobile-optimized and SEO-friendly with consistent branding and good content quality. Security-wise, the site employs a valid SSL certificate, strict DMARC policy, and SPF records, but lacks DNSSEC and HSTS enforcement. The presence of multiple third-party marketing and analytics scripts indicates extensive user tracking, balanced by a robust cookie consent mechanism. Overall, Lexpert.ca demonstrates a mature digital presence with room for security enhancements and performance optimization.

Q

Qwist GmbH

qwist.com

63

Qwist GmbH is a leading open finance platform operating primarily in the DACH and Iberian markets, offering a comprehensive suite of B2B2X financial technology products. Their key offerings include digital account and portfolio switching, open banking compliance solutions, financial data analytics, and digital lending integration. The company positions itself as the #1 open finance company in its region, serving major banks and financial institutions with a strong investor backing from Finch Capital and Finleap. Technically, the website is built on WordPress with the Divi theme and leverages modern marketing and analytics tools such as HubSpot, Matomo, and SalesLoft. The site employs GDPR-compliant cookie consent via Cookiebot and maintains a valid SSL certificate, although some security enhancements like HSTS and DNSSEC are absent. Performance is moderate with good mobile optimization and SEO practices. From a security perspective, Qwist demonstrates solid foundational practices including SPF and DMARC email protections and encrypted communications. However, the absence of advanced DNS security measures and a public security or incident response policy suggests room for improvement. No critical vulnerabilities were detected in the current analysis. Overall, Qwist presents a professional and trustworthy digital presence aligned with its market leadership in open finance. Strategic security enhancements and transparency in incident response would further strengthen its risk posture and customer confidence.

P

PlentyONE GmbH

plentyone.com

61

PlentyONE GmbH operates a leading cloud-native all-in-one e-commerce ERP platform that connects brands, manufacturers, and retailers to over 150 global marketplaces. The company offers a scalable and flexible SaaS solution complemented by strategic consulting and operational support services. Their market position is strong, with over 55,000 users and significant transaction volumes, positioning them as a key player in the e-commerce sector. Technically, the website is built on HubSpot CMS, leveraging AWS hosting and Cloudflare CDN, with extensive use of marketing and analytics tools such as Google Analytics, HubSpot, and Cookiebot for privacy compliance. Security posture is generally good with modern TLS protocols and OCSP stapling, but improvements are recommended in HTTP security headers and DNS security. The website demonstrates excellent design, content quality, and user experience, supported by comprehensive cookie consent mechanisms and privacy policies. Overall, PlentyONE shows a mature digital presence with a strong focus on compliance and customer engagement.

P

PlentyONE GmbH

plentysystems.com

56

PlentyONE GmbH operates a cloud-native all-in-one e-commerce ERP platform that connects brands, manufacturers, and retailers with over 150 marketplaces globally. The company holds a strong market position with 55,000 users and significant transaction volumes, offering comprehensive services including multi-channel sales, order management, product data management, and strategic growth consulting. Technically, the website is built on HubSpot CMS, integrates multiple marketing and analytics tools such as Google Analytics, HubSpot, and Cookiebot, and is hosted on AWS infrastructure. However, the site currently lacks a valid SSL certificate and modern TLS support, which poses a critical security risk. The company demonstrates good privacy compliance with GDPR-aligned policies and cookie consent mechanisms. Strategic improvements in security posture, especially SSL/TLS implementation and security headers, are recommended to enhance trust and protect user data.

K

KM Business Information UK Ltd

mpamag.com

82

Mortgage Introducer, operated by KM Business Information UK Ltd, is a leading UK-based media platform specializing in mortgage industry news, insights, and expert advice. The website offers a broad range of content including news articles, premium subscription content, mortgage broker software reviews, and industry resources targeting mortgage brokers and financial professionals. It maintains a strong market position as a trusted source within the UK mortgage sector, supported by a consistent brand and a professional online presence. Technically, the site leverages a modern tech stack including Bootstrap, jQuery, Algolia search, HubSpot analytics, and Google Ad Manager for advertising. However, the site suffers from an invalid SSL certificate and lacks advanced security configurations such as DNSSEC and HSTS, which impacts its security posture. The security best practices include a strict DMARC policy and SPF records, but the absence of a valid SSL certificate and missing security headers reduce overall trust. The website employs extensive user tracking and marketing tools, including Facebook Pixel and Bombora, indicating a mature digital marketing strategy but raising privacy considerations. Overall, the site is professional and content-rich but requires urgent security improvements to protect user data and enhance trust.

C

CDR Austria

cdr-austria.com

60

CDR Austria is a specialized platform and network focused on Digital Ethics and Corporate Digital Responsibility, serving as a hub for knowledge exchange, education, and collaboration among businesses, academia, and society in Austria. The organization positions itself as Austria's largest network for sustainable digitalization, offering services such as training, events, and project support to foster trust and ethical digital transformation. Technically, the website is built on WordPress with Elementor and integrates marketing and analytics tools like HubSpot, but suffers from performance issues and lacks a valid SSL certificate, which impacts security and user trust. The security posture is weak due to missing HTTPS and modern TLS protocols, although SPF records and DNS configurations are properly set. Overall, while the business demonstrates strong market positioning and trust indicators through partnerships and compliance with GDPR, it requires urgent improvements in security infrastructure to protect user data and enhance credibility.

S

Sympla Internet Soluções S.A.

sympla.com.br

69

Sympla Internet Soluções S.A. operates the largest event ticketing and management platform in Brazil, offering services for event creation, promotion, and ticket sales. The company holds a strong market position as a leader in the Brazilian event e-commerce sector, targeting both event organizers and attendees. Their platform supports a wide range of event types including shows, courses, and cultural events, with a comprehensive digital presence and strong brand recognition. Technically, Sympla leverages modern web technologies such as React with Next.js, hosted on AWS infrastructure, and integrates multiple marketing and analytics tools to optimize user engagement and business intelligence. Security-wise, the platform employs robust TLS configurations, SPF and DMARC email protections, and uses a consent management system for cookies, though there is room for improvement in HTTPS hardening and DNS security. Overall, Sympla demonstrates a mature digital infrastructure and a high level of professionalism, with a good balance of user experience, content quality, and trust indicators.

4

42matters AG

42matters.com

77

42matters AG is a technology company specializing in mobile and connected TV (CTV) app intelligence solutions. Their offerings include a comprehensive app market explorer, APIs for real-time app data access, and bulk file dumps for large-scale data ingestion. Positioned as a leading provider in the app intelligence market, 42matters serves a diverse clientele including ad tech firms, cybersecurity companies, SDK developers, and marketing agencies. The company is part of the Similarweb family, enhancing its market reach and capabilities. Technically, the website is built on a modern Next.js and React framework, hosted on Amazon AWS infrastructure. It employs multiple analytics and marketing tools such as Google Tag Manager, HubSpot, Microsoft Clarity, and Visual Website Optimizer, indicating a mature digital marketing and analytics strategy. Performance is moderate with room for optimization, and mobile responsiveness is good. SEO practices are well implemented with comprehensive metadata and Open Graph tags. From a security perspective, the site uses a valid Amazon-issued SSL certificate but lacks advanced TLS protocol support and security headers like HSTS, DNSSEC, and CAA records. No explicit security or incident response policies are publicly available, which may represent an area for improvement. The cookie consent mechanism is robust and GDPR compliant, reflecting good privacy practices. Overall, 42matters demonstrates a strong market position with excellent content quality and trust indicators. Security posture is adequate but could be enhanced by adopting additional best practices. Strategic recommendations include improving TLS support, enabling DNSSEC, and publishing detailed security policies to bolster trust and compliance.

InHire is a Brazilian technology company specializing in recruitment and selection software, offering an ATS platform designed by recruiters for recruiters. The company positions itself strongly in the recruitment software market with over 1500 recruiters using its platform, emphasizing features such as AI-driven candidate screening, LinkedIn hunting extensions, personalized career pages, and comprehensive data analytics. The website reflects a mature digital marketing and analytics infrastructure, leveraging tools like HubSpot, Google Analytics, Hotjar, and multiple ad networks to optimize user engagement and lead generation. Technically, the site is hosted on Cloudflare and built using Webflow CMS, with a valid SSL certificate and HSTS enabled, though TLS protocols are outdated and DNS security features like DNSSEC and CAA are not implemented. Security posture is solid with no detected vulnerabilities, but there is room for improvement in modernizing SSL/TLS configurations and publishing formal security policies. Overall, the website demonstrates high professionalism, excellent content quality, and strong trust indicators, though it lacks explicit phone or email contact details and a terms of service page.

Z

Zoonou Limited

zoonou.com

66

Zoonou Limited is a UK-based software testing and quality assurance company, uniquely positioned as the UK's only employee-owned software testing firm. Established in 2007, it has delivered over 5,000 projects and holds multiple certifications including B Corp, ISO 9001, ISO 27001, and Cyber Essentials Plus. The company offers a comprehensive suite of services spanning QA strategy, delivery, accessibility, cybersecurity, and test automation, targeting private, public, and third sector organizations. Their business model emphasizes employee ownership and social responsibility, aligning with their B Corp certification and commitment to inclusivity and accessibility. Technically, Zoonou employs modern web technologies including React, HubSpot marketing and analytics tools, and Umbraco CMS. The site is hosted via UK2.net and integrates multiple third-party services for marketing and analytics. While the SSL certificate is valid and strong, the site currently lacks support for modern TLS protocols, which is a notable security gap. Performance metrics indicate a slower load time, suggesting opportunities for optimization. From a security perspective, the company demonstrates good practices such as HSTS enforcement and absence of known SSL vulnerabilities. However, the lack of DNSSEC, CAA records, and a published vulnerability disclosure policy or security.txt file indicates areas for improvement. No explicit incident response or security contact information was found, which could impact responsiveness to security events. Overall, Zoonou presents a professional, trustworthy, and socially responsible brand with solid technical infrastructure but with room to enhance its security posture and performance. Strategic improvements in TLS support, DNS security, and transparency around vulnerability management would strengthen their risk profile and client confidence.

G

Getdemo

getdemo.com.br

64

Getdemo is a Brazilian technology company offering a SaaS platform for interactive product demonstrations, targeting B2B software buyers and sales teams. Positioned as the first interactive product demo platform in Brazil, it aims to enhance sales processes through personalized and scalable demos. The website is built on the Wix platform, leveraging modern web technologies including React 18 and various marketing and analytics tools such as Google Tag Manager, HubSpot, and LinkedIn Insight. While the site employs a valid SSL certificate and integrates multiple tracking and marketing services, it lacks advanced security configurations like DNSSEC, CAA records, and HSTS, which could be improved to enhance security posture. The performance is relatively slow with a large page size, and mobile optimization is basic. Privacy policies are present but basic, with no explicit terms of service or incident response policies found. Overall, the site demonstrates a good level of professionalism and trustworthiness but would benefit from enhanced security and compliance measures.

F

Fortress Consulting Group

gofortress.com

60

Fortress Consulting Group is a medium-sized, award-winning branding, web design, advertising, and marketing agency based in Chicago, Illinois. The company specializes in digital marketing and brand strategy, serving businesses seeking to enhance their brand presence and market reach. Their key services include branding, corporate identity, web and digital experience, advertising, social media marketing, SEO, content marketing, and more. The agency positions itself as a strategic partner for brand success with a strong portfolio and client base. Technically, the website is built on WordPress using Elementor, integrated with multiple marketing and analytics tools such as HubSpot, Google Analytics, Facebook and TikTok pixels, and Lead Forensics. The site shows good SEO and accessibility practices but suffers from slow performance and lacks modern TLS protocol support. Security posture is basic with valid SSL but missing DNSSEC and security headers. Cookie consent mechanisms are implemented, supporting GDPR compliance. Overall, the company demonstrates a professional and trustworthy online presence with room for technical and security improvements.

M

Mercos

mercos.com

64

Mercos is a Brazilian software company specializing in B2B sales automation and e-commerce solutions tailored for industries, distributors, and commercial representatives. Positioned as one of the most utilized sales systems in the market, Mercos offers a comprehensive suite of services including sales force automation, B2B e-commerce portals, AI-powered order processing, payment systems, and video call sales features. The company targets medium-sized businesses seeking to streamline their sales operations and integrate seamlessly with existing ERP systems. Their market presence is reinforced by over 8,700 clients and 52,000 users, highlighting strong adoption and trust within their niche. Technically, Mercos leverages modern web technologies such as React and JavaScript, hosted on Amazon Web Services infrastructure with CloudFront CDN for content delivery. The site integrates multiple marketing and analytics tools including Google Tag Manager, HubSpot, RD Station, and Visual Website Optimizer, indicating a mature digital marketing strategy. Performance is optimized with preloading scripts and responsive design, ensuring good mobile experience and SEO. From a security perspective, Mercos maintains a valid SSL certificate issued by Amazon but currently lacks support for modern TLS protocols and advanced security headers. DNS security features like DNSSEC and CAA are not enabled, and no explicit security or incident response policies are publicly disclosed. While no critical vulnerabilities are detected, the absence of cookie consent mechanisms and limited privacy compliance features suggest areas for improvement. Overall, Mercos presents a robust business and technical foundation with excellent user experience and market positioning. However, enhancing security configurations, privacy compliance, and transparency around incident response would strengthen their risk posture and customer trust.

L

Loja Integrada

lojaintegrada.com.br

64

Loja Integrada is a large Brazilian e-commerce platform provider enabling over 2.7 million online stores to create and manage their businesses with ease. The platform offers a comprehensive suite of services including dropshipping, marketing automation, payment and logistics integrations, and a rich app marketplace. The website is built on WordPress with Elementor and integrates multiple marketing and analytics tools such as HubSpot, VWO, Google Analytics, TikTok Pixel, and Microsoft Clarity, reflecting a mature digital infrastructure. Security measures include a valid Amazon-issued SSL certificate and Google reCAPTCHA integration, although advanced security headers and DNSSEC are not enabled. The site demonstrates good privacy and cookie policy compliance with active consent mechanisms. Overall, Loja Integrada presents a professional, trustworthy, and well-branded online presence with extensive user tracking and marketing capabilities.

A

ad agents GmbH

ad-agents.com

66

ad agents GmbH is a well-established digital marketing agency based in Germany, specializing in online and performance marketing services. Founded in 2006, the company offers a comprehensive portfolio including search engine advertising, SEO, Amazon marketplace services, affiliate management, social media advertising, consulting, analytics, and product data management. The agency serves a broad business audience seeking to enhance their digital marketing performance nationally and internationally. The website reflects a mature digital presence with excellent content quality, strong branding consistency, and multiple trust indicators such as client testimonials and industry certifications. Technically, the site is built on WordPress with modern performance optimizations and integrates advanced marketing and analytics tools like HubSpot, Usercentrics CMP, and eTracker. Security posture is good with valid SSL, HSTS enabled, and SPF records configured, though TLS protocols are currently disabled, which is a notable gap. Privacy compliance is well addressed with GDPR-aligned cookie consent mechanisms. Overall, the company demonstrates a strong market position with a professional and trustworthy online presence.

S

Sendmarc

sendmarc.com

69

Sendmarc is a technology company specializing in DMARC email security and domain protection solutions. Positioned as a leading DMARC management platform, it serves enterprises, governments, SMEs, MSPs, OEMs, and partners globally. The company offers a comprehensive suite of services including DMARC management, Lookalike Domain Defense, Breach Detection, BIMI, and a dedicated DMARC platform for MSPs. Their business model is SaaS-based with a strong partner ecosystem and a focus on email security compliance and branding. Technically, the website is built on WordPress with Elementor, leveraging Cloudflare for hosting and security. The site demonstrates excellent SEO, mobile optimization, and accessibility, supported by marketing and analytics tools such as HubSpot and Google Tag Manager. Security posture is strong with multiple security headers and certifications like SOC 2 Type 2 and ISO/IEC 27001:2022, although TLS protocols are not currently enabled, and DNSSEC is absent. Overall, Sendmarc presents a professional, trustworthy, and technically mature digital presence with room for security protocol enhancements.

C

Cludo ApS

cludo.com

66

Cludo ApS is a medium-sized technology company based in Denmark specializing in AI-powered site search solutions. Their platform enhances website search experiences by leveraging AI technologies such as AI Chat and AI Summary, targeting website owners and marketing teams globally. The company positions itself as a trusted partner with over 1000+ websites using their services, supported by strong customer testimonials and partner endorsements. Technically, Cludo utilizes a modern tech stack including HubSpot CMS, Cloudflare hosting, and integrates multiple marketing and analytics tools such as Google Analytics 4 and Microsoft Clarity. Security posture is solid with HSTS and content security policies in place, though the absence of modern TLS protocols and DNSSEC indicates room for improvement. Overall, Cludo demonstrates a mature digital presence with good privacy compliance and user experience, but could enhance security transparency and incident response readiness.

N

NetXposure, Inc.

netx.net

71

NetXposure, Inc. operates the NetX digital asset management platform, targeting enterprises and organizations across diverse industries such as fashion, professional sports, corporations, higher education, museums, MarTech, and tourism. The company offers a SaaS model complemented by professional onboarding and full-service DAM solutions, positioning itself as a high performer with strong customer support and a modern UI. Technically, the website is built on HubSpot CMS, leveraging multiple marketing and analytics tools including Google Analytics, Hotjar, and Bing UET, and is hosted behind Cloudflare. Security posture is solid with strict security headers and a valid SSL certificate, though it lacks modern TLS protocol support and visible incident response or security policies. The absence of a cookie consent mechanism and limited GDPR compliance indications suggest areas for improvement. Overall, the company demonstrates a mature digital presence with good market positioning but could enhance its security and privacy transparency to align with best practices.

B

BGaming

bgaming.com

69

BGaming is a Malta-based leading online casino game provider specializing in the development and distribution of certified casino games including slots, lottery, card, and crash games. With a strong market presence supported by over 2,000 global clients and partnerships with major platforms, BGaming offers a comprehensive suite of iGaming solutions and marketing tools designed to enhance player engagement and operator success. The company holds ISO/IEC 27001:2013 certification and complies with international gambling regulations, ensuring high standards of security and fairness. The website demonstrates a mature digital infrastructure leveraging modern web technologies, analytics, and marketing integrations to support business growth and customer interaction. Security posture is solid with valid SSL certificates and security headers, though improvements in TLS protocol support and HSTS implementation are recommended. Overall, BGaming presents a professional, trustworthy, and technically sound online presence aligned with industry best practices.

S

SalesHood

saleshood.com

74

The website demonstrates a generally stable network and email security posture, with no critical vulnerabilities identified. However, significant gaps exist in compliance with GDPR and NIS2 regulations, reflected by low scores in these areas and several high-severity issues. The absence of essential documentation such as cookie policies, consent mechanisms, security frameworks, and incident response procedures exposes the business to regulatory fines and reputational damage. Medium-level issues like expiring SSL certificates, mixed content, and missing security headers further increase the risk of data breaches and undermine user trust. While foundational network security is strong, the lack of proactive governance and transparency measures hinders overall security maturity. Addressing these shortcomings is critical to ensuring regulatory compliance, safeguarding customer data, and maintaining business continuity. Immediate focus on policy development and compliance will mitigate liability and enhance stakeholder confidence.

F

Faethm by Pearson

faethm.ai

72

The website demonstrates a moderate overall security posture with no critical vulnerabilities but multiple high and medium risk issues, particularly in compliance and security governance areas. Significant gaps exist in GDPR compliance, including the absence of a cookie consent banner and potentially non-compliant privacy policy, exposing the business to regulatory penalties. The lack of a documented information security framework, incident response procedures, and security policies indicates weak organizational security maturity, risking operational disruptions and regulatory non-compliance under NIS2. Technical security controls such as missing key security headers, weak SSL key length, and expiring certificates expose the site to common web-based attacks and reduce user trust. DNS and network security are relatively strong, but improvements like enabling DNSSEC would further enhance resilience. The company’s email security posture is excellent, reducing risks from phishing and email-borne threats. Addressing these gaps will improve regulatory compliance, reduce attack surface, and protect business continuity and reputation. Immediate focus on governance and privacy compliance paired with technical enhancements is recommended to mitigate high-impact risks.

A

Advania

advania.se

60

The website exhibits significant security shortcomings that pose substantial business and regulatory risks. Critical gaps in GDPR compliance, including the absence of privacy, cookie policies, and consent mechanisms, expose the company to legal penalties and reputational damage, especially as an EU-based business. The lack of a formal information security framework, incident response procedures, and security policy documentation further undermines operational resilience and regulatory adherence under NIS2 requirements. Security headers are inadequately implemented, increasing susceptibility to common web attacks such as clickjacking and XSS. SSL/TLS configurations are weak, with expiring certificates and insufficient key strength, threatening secure data transmission. While network security and DNS health are relatively strong, email security is robust but overshadowed by other critical deficiencies. Immediate remediation is necessary to mitigate legal exposure, protect customer data, and maintain business continuity.

A

Advania

advania.no

66

The website demonstrates a moderate overall security posture with no critical vulnerabilities but multiple high and medium-risk issues that could expose the business to regulatory penalties, reputational damage, and security breaches. Key weaknesses are evident in compliance with GDPR and NIS2 requirements, including the absence of privacy policies, cookie consent mechanisms, and formal security frameworks. Missing essential security headers and weak SSL configurations increase the risk of web-based attacks and data interception. While network and email security are robust, the gaps in policy documentation and incident response readiness pose significant operational risks. Immediate attention to regulatory compliance and cryptographic standards is necessary to protect customer data and ensure business continuity. Overall, the environment requires a focused remediation plan to elevate both security controls and governance policies to industry standards. Addressing these issues proactively will reduce legal exposure and enhance customer trust.

A

Advania

advania.fi

60

The website's overall security posture is concerning, with critical and high-severity issues particularly in privacy compliance and information security management. The absence of fundamental GDPR elements such as a Privacy Policy, Cookie Policy, and Consent Banner exposes the business to legal and regulatory risks, especially as it operates in the EU market. Additionally, missing key security headers and lack of a formal information security framework indicate vulnerabilities to common web-based attacks and operational risks. While SSL/TLS configuration and network security posture are strong, deficiencies in email security and DNS settings further weaken the defense-in-depth strategy. The lack of incident response and business continuity planning raises concerns about the organization's readiness to handle security incidents. Immediate remediation is required to mitigate potential financial, reputational, and compliance damages. Prioritizing privacy compliance and establishing a robust security governance framework will provide significant risk reduction and stakeholder confidence.

A

Advania

advania.dk

59

The website's overall security posture is concerning, with critical and high-severity issues predominantly in GDPR compliance, security headers, and information security governance. The absence of basic privacy policies and consent mechanisms exposes the business to regulatory and reputational risks, especially within the EU. Security headers are inadequately configured, increasing the risk of common web-based attacks such as clickjacking and content spoofing. Furthermore, missing security framework documentation, incident response plans, and vulnerability disclosure policies indicate a lack of mature cybersecurity governance, elevating operational risks. SSL/TLS weaknesses and expiring certificates further threaten secure communications and user trust. While email security and network security show strong scores, critical gaps in legal compliance and technical controls must be addressed urgently. Immediate remediation will reduce legal liabilities, protect customer data, and strengthen overall resilience against cyber threats.

A

Advania

advania.com

65

The website demonstrates a moderate security posture with no critical vulnerabilities detected; however, multiple high and medium severity issues indicate significant gaps in both technical and compliance areas. Key concerns include missing essential security headers, weak SSL/TLS configurations, and poor GDPR compliance such as absence of privacy and cookie policies, which expose the business to legal and reputational risks. Additionally, the lack of an information security framework and incident response procedures under NIS2 regulations suggests unpreparedness for cyber incidents, increasing operational risk. While network security and email security are strong points, foundational policies and controls require urgent attention to safeguard data and maintain regulatory compliance. Addressing these vulnerabilities will reduce the risk of data breaches, regulatory penalties, and customer trust erosion. Immediate remediation efforts should focus on compliance documentation, security policy implementation, and improving encryption standards. Overall, the business must prioritize governance, risk management, and technical controls to strengthen its cybersecurity resilience and regulatory standing.

C

Casted

casted.us

69

The website demonstrates a moderate security posture with no critical vulnerabilities but several high and medium severity issues that could expose the business to regulatory, reputational, and operational risks. Key deficiencies exist in GDPR compliance, NIS2 security governance, and SSL/TLS configurations, which could lead to legal penalties and undermine customer trust. Missing essential security headers increase the risk of web-based attacks such as clickjacking and cross-site scripting. The absence of incident response and security policies indicates immature cybersecurity governance, potentially prolonging recovery times after an incident. Although email and network security are strong, foundational security practices require urgent attention to safeguard sensitive customer data and ensure regulatory compliance. Immediate remediation will strengthen the company's defenses, reduce legal exposure, and improve overall resilience. Prioritizing these gaps aligns security efforts with business continuity and customer trust imperatives.

V

Virtuous Software

virtuous.org

69

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected but multiple high and medium priority issues that expose it to significant risk. Key weaknesses lie in missing essential security headers, lack of GDPR compliance measures, and inadequate implementation of NIS2 security frameworks, which collectively threaten data protection and regulatory adherence. SSL/TLS configurations need urgent improvement due to weak key lengths and impending certificate expirations, increasing susceptibility to interception. DNS and network security are relatively strong, and email security is excellent, providing a solid foundation in those areas. However, the absence of incident response procedures and security policy documentation highlights a lack of preparedness for security incidents. The missing cookie policy and consent mechanisms further expose the business to legal and reputational risks under data privacy regulations. Addressing these issues promptly will strengthen the website’s defenses, ensure compliance, and safeguard customer trust.

C

Consensus Sales, LLC

goconsensus.com

73

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity vulnerabilities that require urgent attention. Key gaps exist in security headers, GDPR compliance, and especially in adherence to NIS2 requirements, indicating insufficient information security governance and incident response preparedness. Missing Content-Security-Policy and Permissions-Policy headers expose the site to client-side attacks, while the absence of a cookie consent banner and incomplete privacy documentation risk regulatory non-compliance and potential fines. SSL/TLS and network security are strong areas, but upcoming certificate expiry and missing DNSSEC present risks to data integrity and trust. Email security shows room for improvement with missing DKIM signatures, which could affect email authenticity. Addressing these issues will strengthen both the technical defenses and regulatory compliance, reducing the risk of data breaches, reputational damage, and legal penalties.

W

WorkSpan, Inc.

workspan.com

70

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but multiple high and medium severity issues significantly undermine its overall security and regulatory compliance. Key weaknesses include missing critical HTTP security headers, lack of GDPR-compliant cookie policies, and an absence of foundational NIS2 security governance such as incident response and security documentation. While email security, SSL/TLS, DNS health, and network security show strong performance, gaps in security headers and compliance frameworks expose the business to risks including clickjacking, cross-site scripting, data privacy violations, and regulatory penalties. The absence of a formal information security framework and incident response procedures increases exposure to operational disruption and reputational damage. Immediate remediation is essential to strengthen defenses and meet legal obligations. Addressing these issues will reduce the risk of data breaches, improve customer trust, and ensure regulatory compliance, safeguarding business continuity and brand reputation.

A

Acentra Health

acentra.com

65

The website's overall security posture reveals significant gaps in compliance and foundational security controls, particularly concerning regulatory requirements and cryptographic protections. While no critical vulnerabilities were found, multiple high and medium severity issues pose material risks to data privacy, legal compliance, and customer trust. Key weaknesses include missing security headers, lack of GDPR-compliant cookie policies and consent mechanisms, absence of formal information security and incident response frameworks, and weak SSL/TLS configurations. Conversely, network security and DNS health show relatively strong scores, indicating some effective controls are in place. The deficient NIS2 compliance score highlights the urgent need for documented security policies and incident handling procedures. Immediate remediation will reduce exposure to data breaches, regulatory penalties, and reputational damage. Investment in security governance and cryptographic standards is needed to align with industry best practices and legal mandates.

C

CNECT

cnectgpo.com

65

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk vulnerabilities across key domains. Significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity standards, exposing the business to regulatory, reputational, and operational risks. Missing essential headers like Strict-Transport-Security and Content-Security-Policy weaken defense against common web attacks. GDPR-related deficiencies, including lack of a cookie policy and consent mechanisms, risk non-compliance penalties. The absence of documented security policies, incident response, and business continuity plans under NIS2 further increases exposure to cyber threats and operational disruptions. SSL/TLS configurations are suboptimal with weak key length and upcoming certificate expiry, potentially compromising secure communications. Encouragingly, network security and email security show relatively strong scores, indicating some foundational controls are in place. Immediate remediation focused on regulatory compliance and critical security controls will substantially reduce risk and improve trustworthiness.

B

Bricz

bricz.com

64

The website demonstrates significant security and compliance gaps, particularly in foundational security headers and regulatory adherence, which expose the business to increased risk of data breaches, regulatory penalties, and reputational damage. Although no critical vulnerabilities were found, multiple high and medium risk issues related to missing security headers, incomplete GDPR compliance, and absence of essential NIS2 security frameworks indicate inadequate protection and governance. Email security and network security show relatively strong posture, but weaknesses in SSL/TLS management and DNS configuration could impact trust and data integrity. Immediate attention is needed to establish security policies, incident response capabilities, and enforce data protection measures to align with industry standards and regulations. The low scores in security headers, GDPR, and NIS2 compliance highlight urgent areas that require remediation to safeguard customer data, maintain regulatory compliance, and ensure business continuity. Overall, the website’s security posture is currently insufficient for high-risk operational environments and requires prioritized remediation to reduce exposure and improve stakeholder confidence.

S

ShowingTime+

showingtime.com

67

The website demonstrates a moderate overall security posture with strong network security and solid SSL/TLS and email security implementations. However, significant gaps exist in compliance and governance areas, particularly concerning GDPR and NIS2 regulatory requirements, which present considerable legal and reputational risks. The absence of fundamental privacy policies, cookie consent mechanisms, and incident response procedures exposes the business to potential regulatory penalties and customer trust erosion. Missing critical security headers like X-Frame-Options increases susceptibility to web-based attacks such as clickjacking. While core infrastructure like DNS and SSL is generally well-managed, some improvements are needed to maintain robust protection. Immediate focus on establishing comprehensive privacy and security policies, alongside addressing critical security headers, will substantially improve risk posture. Without remediation, these vulnerabilities could lead to data breaches, compliance violations, and operational disruptions impacting business continuity and customer confidence.

O

Osano, Inc.

trusthub.com

71

The website demonstrates a generally stable security posture with no critical vulnerabilities detected and strong scores in SSL/TLS and network security. However, significant gaps exist in compliance-related areas, notably GDPR and NIS2 regulatory requirements, which expose the business to legal and operational risks. Missing cookie policies, consent mechanisms, and privacy policy issues create potential non-compliance liabilities under data protection laws. Additionally, the absence of documented security policies, incident response procedures, and security contact information undermines the organization's ability to effectively manage security incidents and regulatory audits. Security headers are partially implemented but lack key protections, increasing the risk of clickjacking and cross-site scripting. Email security is reasonably well configured but can be improved with DKIM and DMARC enhancements. DNS security is good but would benefit from enabling DNSSEC and configuring CAA records to prevent unauthorized certificate issuance. Overall, the company should prioritize compliance maturity and governance to reduce business risk while reinforcing technical controls.

The overall security posture of the website is solid with no critical issues detected, and strong performance in email security, SSL/TLS, and network security modules. However, there are notable medium and high-risk concerns primarily related to DNS configuration and regulatory compliance. The most pressing issue is an unregistered MX record, which can lead to email delivery failures and potential exposure to phishing or spoofing attacks. Additionally, failure to enable DNSSEC and configure CAA records weakens DNS integrity and increases exposure to domain hijacking. The absence of key security headers and incomplete GDPR and NIS2 compliance analyses indicate gaps that could impact regulatory adherence and increase vulnerability to certain web-based attacks. Addressing these issues will significantly improve security posture, regulatory compliance, and trust with customers and partners. Immediate remediation of DNS configuration issues is critical to maintaining business continuity and safeguarding brand reputation.

U

USLI

usli.ca

63

The website's overall security posture reveals significant vulnerabilities, particularly in foundational security controls and regulatory compliance. While no critical issues were found, numerous high and medium severity gaps exist, notably in security headers, GDPR compliance, and adherence to NIS2 requirements. The absence of key HTTP security headers like Strict-Transport-Security and Content-Security-Policy exposes the site to common web attacks such as clickjacking and cross-site scripting. GDPR non-compliance, especially lacking cookie policies and consent mechanisms, risks substantial legal and reputational damage. NIS2 deficiencies, including missing security policies and incident response plans, indicate unpreparedness for managing cybersecurity incidents. However, email security, SSL/TLS configurations, DNS health, and network security demonstrate comparatively better maturity. Immediate remediation is essential to mitigate risk exposure, protect customer data, and align with regulatory frameworks. Addressing these weaknesses will enhance trust, reduce liability, and strengthen the organization's cybersecurity resilience.

F

Fabi AS

fabi.no

42

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk. The absence of HTTPS encryption is a critical failure, undermining data confidentiality and user trust, and violating key regulatory requirements such as GDPR and NIS2. There is a lack of foundational security policies and procedures, including incident response, security framework, and vulnerability disclosure, which impairs the organization's ability to detect and respond to threats. Privacy compliance is inadequate, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Security headers are poorly implemented, increasing exposure to common web attacks like clickjacking and cross-site scripting. Email security is incomplete, lacking enforcement of DMARC and missing DKIM records, increasing the risk of phishing and domain spoofing. DNS security is moderately strong but can be improved. Network security posture is good, indicating some positive controls in place. Immediate remediation is essential to protect sensitive data, comply with regulations, and maintain customer trust.

The website's security posture is currently poor and exposes the business to significant risks, including data breaches, regulatory non-compliance, and operational disruptions. Critical vulnerabilities such as the complete lack of HTTPS encryption and exposure of critical services like MySQL and FTP pose immediate threats to data confidentiality and integrity. Missing key security headers and policies increase the likelihood of web-based attacks such as clickjacking, content injection, and cross-site scripting. Additionally, the absence of GDPR compliance elements like privacy policies and cookie consent can lead to regulatory penalties and damage to brand reputation. The lack of defined information security frameworks, incident response, and business continuity planning further exacerbates the organization's exposure to cyber threats and slows recovery from incidents. Email security and DNS configurations are moderately strong but require improvements to align with best practices. Overall, urgent remediation is required across infrastructure, compliance, and web application security to protect business assets and customer trust.

R

RG Capital | Allworth Financial

rgcapital.net

66

The website's security posture presents significant risks, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. While network security is strong, several medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, absence of DNSSEC, and incomplete email authentication (no DKIM) indicate gaps in regulatory adherence and protection against common attack vectors. The failure to implement GDPR and NIS2 requirements could lead to legal and financial penalties, impacting business reputation and operations. DNS configuration weaknesses further increase susceptibility to domain spoofing and DNS attacks. Although some areas like network security and CAA records show positive scores, these do not compensate for the critical encryption flaw. Immediate remediation is essential to safeguard customer data, ensure compliance, and maintain trust. A structured approach focusing on encryption, compliance, and authentication will mitigate the most significant risks effectively.

C

Caroline Olds Real Estate

carolineolds.com

68

The website demonstrates a concerning security posture with no critical issues but multiple high and medium risk vulnerabilities, primarily related to missing security headers, insufficient GDPR compliance, and lack of key NIS2 security frameworks. The absence of crucial HTTP security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks, clickjacking, and cross-site scripting risks. GDPR non-compliance, including the lack of a cookie consent banner and incomplete privacy policies, poses legal and reputational risks, especially in jurisdictions enforcing data protection laws. Additionally, the site lacks documented security policies, incident response plans, and business continuity procedures required under the NIS2 directive, increasing operational risk and regulatory exposure. SSL/TLS configurations are suboptimal, with weak key lengths and impending certificate expiry risking data confidentiality and trust. DNS security is moderate but could be strengthened by enabling DNSSEC and configuring CAA records. While email and network security appear robust, the overall low scores in security headers and NIS2 compliance indicate urgent remediation is necessary to protect business assets and maintain customer trust.

S

Starlight Analytics

starlightanalytics.com

74

Starlight Analytics demonstrates a moderate security posture with strong email security and network defenses but exhibits significant gaps in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements. The absence of critical policies and headers exposes the business to regulatory risks and potential security vulnerabilities that could impact customer trust and operational resilience.

U

USLI

usli.com

61

The website usli.com demonstrates significant security weaknesses, particularly in foundational security headers, GDPR compliance, and overall information security governance, resulting in a concerning overall risk posture. While network security and email security are relatively strong, critical gaps in SSL/TLS configuration, security policies, and privacy practices expose the business to potential data breaches, regulatory penalties, and reputational damage.

P

Privatam

privatam.com

57

The website https://privatam.com exhibits significant security weaknesses, particularly in foundational security headers, GDPR compliance, and organizational security policies, resulting in a high overall risk despite the absence of critical vulnerabilities. Immediate attention is required to address missing security controls and regulatory requirements to protect user data, maintain trust, and avoid potential legal and reputational damage.

F

Foundation Marketing

foundationinc.co

66

The website foundationinc.co currently exhibits significant security and compliance gaps, with critical omissions in security headers, GDPR compliance, and organizational security policies that expose the business to data breaches, regulatory penalties, and reputational damage. While network security and email security show relative strength, the overall security posture is weak and requires urgent remediation to protect sensitive data and ensure regulatory adherence.

The website https://events365.com exhibits significant security gaps, particularly in HTTP security headers, GDPR compliance, and information security governance frameworks, leading to a high risk of data exposure and regulatory non-compliance. While network and SSL/TLS configurations are relatively strong, critical omissions in security policies and headers expose the business to potential cyberattacks and legal liabilities.

The website exhibits a generally strong technical security posture in network and SSL/TLS configurations but has significant gaps in governance, compliance, and incident management, particularly related to GDPR and NIS2 requirements. These deficiencies pose regulatory, reputational, and operational risks that could impact business continuity and customer trust.