Security Directory

X

Xodo

xodo.com

79

The website demonstrates a generally strong security posture in areas such as email security, SSL/TLS configuration, and network security, all scoring 100/100. However, critical gaps exist in compliance with GDPR and NIS2 regulations, with the NIS2 module scoring particularly low at 25/100, indicating insufficient governance and incident management frameworks. Missing key security headers and cookie consent mechanisms expose the site to client-side vulnerabilities and regulatory risks. The absence of documented security policies, incident response procedures, and vulnerability disclosure processes could lead to unmanaged security incidents and reputational damage. DNS security is moderately strong but can be improved by enabling DNSSEC and configuring CAA records. Overall, the site is operationally secure but requires urgent attention to governance, compliance, and security process maturity to mitigate legal and operational risks. Addressing these issues will enhance customer trust, legal compliance, and resilience against cyber threats.

V

Vodafone Institut

vodafone-institut.de

71

The website demonstrates a generally strong posture in network security, email security, SSL/TLS, and DNS health, indicating robust foundational controls. However, it exhibits critical gaps in GDPR compliance, notably operating as an EU business without adequate privacy measures, which exposes the organization to significant legal and financial risks. The absence of key NIS2 cybersecurity framework elements, including incident response, security policies, and vulnerability disclosure, further heightens exposure to operational and regulatory threats. Security headers and mixed content issues suggest potential vulnerabilities to client-side attacks, albeit at a lower risk level. Overall, the site’s security is uneven, with high risks concentrated in regulatory compliance and governance areas that directly impact business continuity and reputation. Immediate attention is required to remediate compliance deficits and establish formalized security governance. Failure to address these could result in regulatory penalties, data breaches, and damage to customer trust. Strengthening these areas will align the business with industry best practices and reduce potential liabilities.

V

Vodafone Stiftung Deutschland gGmbH

vodafone-stiftung.de

71

The website exhibits a generally strong technical security posture in areas such as email security, SSL/TLS configuration, and network security. However, there are significant compliance and governance gaps, particularly related to GDPR and the NIS2 directive, exposing the business to legal and regulatory risks in the EU. Critical issues include missing privacy measures for EU users and the absence of a structured information security framework, incident response, and business continuity planning. Medium-level technical issues like missing security headers, mixed content, and lack of DNSSEC further weaken the security posture. The lack of cookie policy and consent mechanisms also jeopardizes user trust and compliance. Overall, while foundational security controls are present, urgent attention is needed on data privacy, regulatory compliance, and formalizing security policies to mitigate risk and avoid potential fines or reputational damage. Addressing these gaps will enhance legal compliance, customer confidence, and resilience against cyber threats.

The website's overall security posture is currently weak, with critical deficiencies in privacy compliance and security policy implementation. The absence of key HTTP security headers exposes the site to common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. GDPR compliance is critically lacking, with no privacy or cookie policies and no consent mechanisms, putting the business at high regulatory and reputational risk, especially given its EU operations. Furthermore, the lack of documented information security frameworks, incident response, and business continuity plans indicates immature security governance, increasing vulnerability to operational disruptions. While email security, SSL/TLS configurations, DNS health, and network security show relatively strong scores, gaps remain such as missing DKIM and DNSSEC that should be addressed. Immediate remediation is crucial to reduce legal liabilities, protect customer data, and enhance overall resilience against cyber threats. Prioritizing these improvements will significantly improve trust and reduce the likelihood of costly incidents.

A

Apryse

apryse.com

68

The website demonstrates a generally strong network and SSL/TLS security posture, scoring 100/100 in these areas, which reduces risk from external network threats and ensures secure data transmission. However, significant deficiencies exist in GDPR compliance and NIS2 security governance, with scores of 25/100 in both, indicating major regulatory and operational risks. High-severity issues such as missing privacy and cookie policies, lack of cookie consent mechanisms, and absence of incident response and security policy documentation expose the business to legal penalties and potential operational disruptions. Security headers are partially implemented but require strengthening to prevent common web-based attacks like clickjacking and MIME-type sniffing. Email security is relatively strong but requires improvements in DMARC enforcement to prevent phishing attacks. Immediate attention to regulatory compliance and formalizing security governance will mitigate legal exposure and enhance incident resilience. Overall, the website is vulnerable to compliance violations and operational risks despite good technical network defenses.

A

Apryse

pdfjs.express

56

The website's overall security posture is weak, with significant gaps in foundational security controls and regulatory compliance. Critical issues in email authentication pose severe risks of phishing and domain spoofing, potentially damaging brand reputation and customer trust. Missing key security headers expose the site to common web-based attacks such as clickjacking and cross-site scripting. GDPR non-compliance, including absence of privacy and cookie policies, risks regulatory penalties and undermines customer data protection assurances. The lack of an information security framework, incident response, and business continuity planning indicates poor operational resilience and readiness to handle security incidents. While network security and SSL/TLS configurations are relatively strong, critical gaps such as missing HSTS and DNSSEC reduce overall trustworthiness and increase vulnerability to man-in-the-middle attacks. Immediate remediation is necessary to protect customer data, meet regulatory requirements, and safeguard business reputation. Without swift action, the business faces elevated risk of data breaches, regulatory fines, and loss of customer confidence.

The website's overall security posture is concerning, with multiple critical and high-severity issues spanning technical security controls, compliance, and policy documentation. Key technical vulnerabilities include missing essential HTTP security headers, weak SSL/TLS configurations, and critical gaps in email authentication. Compliance deficiencies are significant, particularly the absence of GDPR-required documents such as privacy and cookie policies, and missing consent mechanisms, which expose the business to regulatory and reputational risks. Furthermore, the lack of a documented information security framework, incident response plans, and security policies indicates immature security governance and preparedness. Although network security and DNS health are relatively strong, foundational controls such as HSTS and DNSSEC are not fully implemented. Immediate remediation is necessary to reduce risks of data breaches, regulatory penalties, and operational disruptions. Addressing these issues will enhance trust, improve resilience, and support compliance with evolving cybersecurity mandates such as NIS2.

The website's overall security posture reveals significant gaps, particularly in compliance, information security governance, and transport layer protections. While no critical vulnerabilities were identified, multiple high-severity issues expose the business to regulatory, reputational, and data protection risks. Key weaknesses include missing essential HTTP security headers, lack of GDPR-required policies and consent mechanisms, and absence of a formal information security framework aligned with NIS2 requirements. The SSL/TLS configuration shows vulnerabilities that could enable interception or downgrade attacks. On a positive note, network security and DNS health are relatively strong, but improvements in email security and certificate management are needed. Immediate remediation is crucial to reduce exposure to data breaches, regulatory fines, and customer trust erosion. Strengthening these areas will enhance resilience and demonstrate commitment to cybersecurity best practices and legal compliance.

I

INFIBEAM AVENUES

ccavenue.us

61

The website's overall security posture reveals significant gaps, particularly in critical areas such as email authentication, security headers, GDPR compliance, and information security governance. The presence of a critical email security issue (no email authentication configured) combined with several high-severity missing security headers exposes the website to risks like phishing, data interception, and clickjacking. GDPR compliance is weak, lacking cookie policies and consent mechanisms, which can lead to regulatory penalties and damage to customer trust. Additionally, the absence of documented security policies, incident response, and business continuity planning poses serious operational risks. While SSL/TLS and network security modules score relatively better, foundational security controls like HSTS and DNSSEC are not fully implemented. The low scores in NIS2 compliance indicate insufficient alignment with essential EU cybersecurity directives, impacting legal standing and resilience. Immediate remediation is crucial to protect business assets, maintain customer confidence, and ensure regulatory compliance.

C

CCAvenue

ccavenue.ae

66

The website demonstrates a moderate overall security posture with no critical issues detected but several high and medium-severity vulnerabilities that could expose the business to regulatory, reputational, and operational risks. Notably, GDPR compliance is weak, lacking essential cookie policies and consent mechanisms, increasing potential legal liabilities in privacy regulations. The absence of a formal information security framework, incident response procedures, and security policies indicates immature governance and preparedness, which could hinder effective breach management. Security headers are partially implemented but missing key protections like Content-Security-Policy, leaving the site vulnerable to client-side attacks. Email security configurations such as DMARC and DKIM require improvement to prevent phishing and spoofing threats. While SSL/TLS and DNS health scores are relatively strong, mixed content issues and missing DNSSEC reduce overall trustworthiness. Network exposure of services like SSH presents an additional attack surface. Addressing these issues will significantly enhance the security posture and reduce business risks related to compliance, data breaches, and service disruption.

I

INFIBEAM AVENUES

ccavenue.sa

65

The website demonstrates a concerning overall security posture with multiple high and medium severity issues, particularly in security headers, GDPR compliance, and NIS2 regulatory readiness. Critical vulnerabilities are absent, which is positive, but the absence of essential security headers and incomplete GDPR cookie management expose the business to data breaches and regulatory fines. The lack of documented security policies, incident response procedures, and security contact points under NIS2 requirements significantly increases operational risk and potential downtime. While email security and DNS health are relatively strong, foundational SSL/TLS configurations and network exposure issues require attention. Addressing these gaps will reduce legal, reputational, and operational risks. Immediate remediation is recommended to safeguard customer data, ensure regulatory compliance, and maintain trust. This will support sustainable business growth and reduce the likelihood of cyber incidents impacting business continuity.

The website's overall security posture shows no critical vulnerabilities but reveals significant gaps in key areas, notably in compliance with GDPR and NIS2 regulations. Security headers are inadequately implemented, exposing the site to risks such as man-in-the-middle attacks and content injection. The absence of privacy and cookie policies, along with a missing cookie consent banner, heightens legal and reputational risks related to data privacy. Lack of documented information security frameworks, incident response, and business continuity plans indicates insufficient preparedness for cyber incidents, which could lead to prolonged downtime and data breaches. Email, SSL/TLS, DNS, and network security demonstrate relatively strong configurations, though some improvements are needed. Immediate attention to regulatory compliance and foundational security controls is essential to mitigate legal liabilities and protect business continuity. Addressing these issues will enhance customer trust, reduce exposure to cyber threats, and align the organization with industry best practices.

N

National Payments Corporation of India

upichalega.com

62

The website's overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Key deficiencies include the absence of core email authentication protocols, lack of a documented information security framework, and missing critical security headers, which collectively weaken both technical defenses and compliance standing. GDPR compliance gaps, such as missing cookie policies and consent mechanisms, increase the risk of regulatory penalties and customer trust erosion. While network security and DNS health show relative strength, foundational controls like SSL/TLS key management and incident response procedures are inadequate. Immediate remediation is needed to protect sensitive data, uphold legal requirements, and ensure business continuity. Addressing these issues will enhance customer confidence and reduce exposure to cyber threats. The current state suggests the need for a prioritized security improvement plan integrating policy, technical, and compliance measures.

C

CCAvenue

ccavenue.com

66

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but several high and medium risk issues that could expose the business to significant threats. Key deficiencies exist in foundational web security headers, GDPR compliance, and adherence to NIS2 regulations, indicating potential legal and operational risks. Missing security headers like Content-Security-Policy and X-Frame-Options increase vulnerability to common web attacks such as clickjacking and cross-site scripting. GDPR gaps, including absent cookie policies and consent mechanisms, expose the business to regulatory fines and reputational damage. The lack of documented security policies, incident response, and business continuity plans points to unpreparedness for cyber incidents, potentially leading to extended downtime or data breaches. SSL certificate expiration soon poses imminent risk of service disruption and loss of customer trust. While email security and network security are relatively strong, enhancements like enabling DNSSEC and securing exposed services are needed. Overall, urgent remediation is required to protect business operations, ensure regulatory compliance, and maintain customer confidence.

This website has 7 security issue(s) identified for improvement. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

R

RBL Bank

rblbank.com

71

The website demonstrates a strong foundation in network and email security, with high scores in these areas indicating robust protection against common threats. However, critical gaps exist in compliance with GDPR and NIS2 regulations, reflected by multiple high-severity issues such as missing privacy and cookie policies, lack of incident response and security documentation, and absence of a formal information security framework. These deficiencies expose the business to regulatory fines, reputational damage, and operational risks in the event of security incidents. Additionally, weaknesses in SSL/TLS implementation and DNS configuration could undermine data confidentiality and integrity. While no critical vulnerabilities were found, the presence of numerous high-risk issues necessitates immediate attention to avoid compliance breaches and security incidents. Addressing these concerns will strengthen legal compliance, improve customer trust, and enhance overall resilience against cyber threats. Priority should be given to establishing comprehensive privacy policies, security governance, and incident handling processes. Renewing and upgrading SSL certificates and enabling DNSSEC will further solidify technical defenses.

P

paytmonline.in

paytmonline.in

60

The website's overall security posture is concerning, with multiple critical and high-severity issues identified that expose the business to significant risks. Key security headers are missing, undermining protection against common web-based attacks such as clickjacking, MIME sniffing, and cross-site scripting. GDPR compliance is notably poor, with absence of essential privacy and cookie policies, which may lead to regulatory fines and reputational damage. The lack of a formal information security framework, incident response procedures, and security policy documentation indicates insufficient governance aligned with NIS2 requirements, increasing vulnerability to cyber incidents. Email authentication is critically deficient, exposing the business to phishing and spoofing attacks. SSL certificate expiration is imminent, risking service disruption and loss of trust. While network security and DNS health are relatively strong, they do not compensate for the broader systemic weaknesses. Immediate remediation is essential to protect customer data, maintain compliance, and safeguard business continuity.

The overall security posture of the website reveals critical vulnerabilities primarily associated with DNS configuration and domain registration, which pose significant risks to availability and trustworthiness. While encryption protocols (SSL/TLS) and email security are robust, critical DNS resolution failures and domain registration issues threaten the site's accessibility and expose it to potential hijacking or downtime. Medium-level concerns around security headers and compliance frameworks such as GDPR and NIS2 indicate gaps in data protection and regulatory adherence. The network security stance appears relatively strong, but the failed network scan suggests incomplete visibility into external exposures. Low-level issues like missing CAA records further reduce defenses against certificate misuse. Immediate remediation of DNS and domain registration problems is essential to maintain business continuity and protect customer trust. Overall, the site requires urgent attention to DNS health and compliance to align with industry standards and regulatory requirements.

The website's overall security posture reveals significant vulnerabilities that could severely impact business operations and reputation. Critical issues in DNS health, including DNS resolution failures and domain registration problems, pose immediate risks of service disruption and potential domain takeover. The absence of email authentication mechanisms, notably no DKIM record and no configured email authentication, increases susceptibility to phishing and spoofing attacks, threatening customer trust and brand integrity. Medium-level issues in security headers, GDPR compliance, and network security indicate gaps in protective controls and regulatory adherence. While SSL/TLS implementation is strong, the failure in security headers and lack of DNSSEC weaken defense-in-depth strategies. Addressing these issues promptly is essential to safeguard business continuity, protect customer data, and maintain compliance with regulatory requirements. Overall, the company must prioritize remediation efforts to mitigate high-impact risks and strengthen its security framework.

The website demonstrates a generally strong security posture with no critical or high severity issues detected, reflecting solid foundational controls in place. Key strengths include perfect scores in SSL/TLS implementation and network security, indicating robust encryption and resilient infrastructure. However, several medium-level concerns related to security headers, GDPR compliance, NIS2 directives, email authentication, and DNS security require attention to mitigate potential risks. The absence of DKIM records and DNSSEC increases susceptibility to email spoofing and DNS-based attacks, which could impact brand reputation and regulatory compliance. Additionally, failure in security headers and GDPR/NIS2 assessments suggests gaps in policy enforcement and data protection measures. Low severity issues such as missing CAA records, though less urgent, should still be addressed to enhance overall domain security. Addressing these areas will improve regulatory compliance, reduce attack surfaces, and strengthen trust with customers and partners.

R

RuPay

rupay.co.in

66

The website demonstrates a moderate overall security posture with no critical vulnerabilities but several high and medium-risk issues that pose significant compliance and operational risks. Key gaps are evident in GDPR compliance, including the absence of privacy and cookie policies, consent mechanisms, and third-party privacy assurances, exposing the business to legal and reputational risks. Additionally, the lack of a formal information security framework and incident response procedures indicates immature organizational security governance, increasing the risk of ineffective breach management. Weaknesses in SSL/TLS configuration and missing critical security headers reduce the site’s defense against common web-based attacks. While network security and email authentication score well, DNS and header configurations require improvement to prevent data interception and spoofing. Addressing these issues will strengthen trust with customers, ensure regulatory compliance, and reduce exposure to cyber threats. Immediate focus on compliance and security policy documentation is essential to safeguard business continuity and avoid penalties.

P

PayU

payu.in

73

The website demonstrates a generally stable security posture with no critical vulnerabilities detected. However, significant gaps exist in compliance and governance areas, particularly around GDPR and NIS2 regulations, which expose the business to legal and operational risks. Missing key security headers and inadequate privacy practices indicate a potential for increased susceptibility to common web attacks and regulatory penalties. Email and network security are strong points, suggesting effective perimeter defenses and communication controls. The absence of documented security policies, incident response plans, and vulnerability disclosure mechanisms further heightens the risk of prolonged breaches and reputational damage. Improvements in DNS security and SSL/TLS configurations will enhance trust and reduce attack surface. Overall, while technical defenses are reasonably solid, urgent attention to governance and compliance frameworks is critical to safeguard the business and maintain regulatory alignment.

C

Cleartrip

cleartrip.ae

67

The website demonstrates a moderate security posture with no critical vulnerabilities but multiple high and medium risks predominantly related to policy, compliance, and configuration gaps. Key deficiencies exist in compliance with GDPR and NIS2 regulations, including the absence of privacy and cookie policies, consent mechanisms, and formal security frameworks or incident response procedures. Missing security headers such as Content-Security-Policy and X-Content-Type-Options increase the risk of client-side attacks like XSS and MIME sniffing. While the network security and SSL/TLS configurations are generally strong, several foundational controls including email authentication (DKIM), DNSSEC, and security documentation are lacking or insufficient. These gaps expose the business to regulatory fines, reputational damage, and potential operational disruption. Immediate remediation will improve legal compliance, reduce attack surface, and build stakeholder trust. Establishing formal security governance and transparency will be crucial for long-term resilience and regulatory adherence. Overall, the organization should prioritize closing compliance and configuration deficiencies to strengthen its cybersecurity maturity and protect customer data effectively.

The website's security posture is concerning due to multiple critical vulnerabilities that threaten availability, authenticity, and regulatory compliance. The most severe issues involve DNS health failures, including DNS resolution failure, absence of name servers, and domain registration problems, which can lead to complete website downtime and loss of user trust. Email security is also critically weak, lacking proper authentication mechanisms like DKIM and SPF, increasing the risk of phishing and email spoofing attacks. Medium-level deficiencies in security headers, GDPR and NIS2 compliance, and network security scans indicate gaps that could be exploited or result in regulatory penalties. While SSL/TLS is well-configured, this alone cannot mitigate the underlying infrastructure and authentication weaknesses. The absence of DNSSEC and CAA records further exposes the domain to DNS attacks and misuse of SSL certificates. Immediate attention is needed to restore DNS functionality, configure email authentication, and address compliance failures to protect the business’s brand reputation and operational continuity. Overall, the current state poses a significant risk to both security and compliance, requiring prioritized remediation efforts.

The website demonstrates a generally stable security posture with no critical vulnerabilities detected, and strong performance in network security, SSL/TLS configuration, and email security. However, there are significant compliance and governance gaps, particularly related to GDPR and NIS2 regulations, which present legal and operational risks. The absence of foundational policies such as Privacy Policy, Cookie Policy, and Cookie Consent mechanisms exposes the business to regulatory penalties and damages customer trust. Key security governance elements like incident response procedures, security policy documentation, and information security frameworks are missing, increasing the risk of ineffective breach handling and prolonged downtime. Security headers are inconsistently implemented, weakening defenses against common web attacks. While technical controls like DNS health and email security are adequate, the lack of vulnerability disclosure and business continuity planning hinders proactive risk management. Prioritizing compliance and incident preparedness will enhance both the security posture and the organization’s resilience against threats and regulatory scrutiny.

C

Cleartrip

cleartrip.com

70

The website demonstrates a strong foundation in core network, email, and SSL/TLS security, evidenced by high scores in these areas. However, significant gaps exist in web security headers, GDPR compliance, and adherence to NIS2 security standards, exposing the business to regulatory risks and potential reputational damage. Critical privacy policies and user consent mechanisms are missing, which can lead to non-compliance fines and loss of customer trust. The absence of an incident response plan and security policy documentation further increases operational risk in the event of a security breach. Additionally, missing key HTTP security headers weakens defenses against common web-based attacks. While DNS security is generally healthy, the lack of DNSSEC implementation leaves potential vulnerabilities unmitigated. Overall, the website requires urgent attention to governance, compliance, and web security controls to minimize legal, financial, and operational risks.

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, several high and medium-risk issues reveal significant gaps in compliance and security governance. Most notably, the absence of essential GDPR policies and consent mechanisms presents legal and reputational risks, especially concerning data privacy regulations. The lack of a documented information security framework, incident response plans, and business continuity strategies further exposes the organization to operational threats and potential regulatory non-compliance under NIS2 requirements. While technical controls like email security, SSL/TLS, DNS health, and network security are relatively strong, the weakness in HTTP security headers reduces defense against web-based attacks. Immediate attention is needed to address missing security documentation and privacy controls to mitigate regulatory penalties and strengthen customer trust. Proactive remediation will enhance resilience against cyber incidents and align the business with evolving regulatory landscapes. Overall, prioritizing governance, privacy compliance, and header security will significantly improve the organization's risk profile and operational security.

The website exhibits significant security and compliance gaps, particularly in GDPR adherence and NIS2 regulatory requirements, resulting in a low overall security posture. Critical issues include the absence of email authentication and a missing Content-Security-Policy header, increasing risks of phishing and cross-site attacks. The lack of a cookie policy and consent banner further exposes the business to regulatory penalties and reputational damage. While network security and SSL/TLS configurations are relatively strong, foundational controls such as incident response, security policies, and vulnerability disclosure are missing, impeding effective risk management. Insufficient email security measures also raise the likelihood of email spoofing and phishing. Immediate remediation is essential to prevent data breaches, ensure regulatory compliance, and maintain customer trust. Addressing these gaps will strengthen the business's resilience against cyber threats and regulatory scrutiny.

I

IndiaIdeas.com Limited (BillDesk)

billdesk.com

75

The website demonstrates a generally solid technical security foundation with strong email security, SSL/TLS configurations, and network security posture. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, with multiple high-severity issues such as missing privacy and cookie policies, absence of consent mechanisms, and lack of formal security and incident response documentation. These gaps expose the business to legal, reputational, and operational risks, including potential regulatory fines and loss of customer trust. Security headers are moderately configured but require improvements to enhance browser security controls. DNS security is adequate but could be strengthened by enabling DNSSEC and configuring CAA records. Prioritizing compliance and governance-related issues will align security efforts with business risk management and regulatory requirements. Addressing these deficiencies will create a more resilient security posture and support sustainable business operations.

I

IMDb.com, Inc.

boxofficemojo.com

68

The website demonstrates a moderate security posture with no critical issues found but several high and medium severity vulnerabilities that require immediate attention. Key weaknesses lie in missing essential HTTP security headers, lack of GDPR compliance measures, and inadequate adherence to NIS2 security frameworks. These gaps expose the business to risks such as clickjacking, cross-site scripting, regulatory non-compliance, and operational disruption due to lack of incident response and security policies. On a positive note, email security, SSL/TLS configuration, DNS health, and network security show strong performance, reducing exposure to common attack vectors. However, the absence of cookie consent mechanisms and security documentation significantly increases legal and operational risks. Addressing these issues promptly will improve customer trust, regulatory compliance, and overall resilience against cyber threats. Prioritizing governance and policy-based controls alongside technical fixes is critical for sustainable security posture enhancement.

I

Indus Appstore Private Limited

indusappstore.com

75

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, several high and medium risk issues undermine its overall resilience and regulatory compliance. Key weaknesses are evident in governance and compliance areas, notably the absence of GDPR cookie policies and consent mechanisms, as well as lack of documented security policies aligned with NIS2 requirements. Security headers are partially implemented, exposing the site to potential client-side attacks. While SSL/TLS and email security are strong, impending certificate expiration and missing DNSSEC reduce trust and resilience. The absence of incident response and business continuity plans further increases operational risk. Immediate remediation of compliance and governance gaps is essential to avoid regulatory penalties and reputational damage. Strengthening security headers and enabling DNSSEC alongside proactive certificate management will enhance technical defenses and stakeholder confidence.

The website demonstrates a generally solid security foundation with no critical or high-risk issues detected, and strong scores in SSL/TLS and network security modules. However, several medium-level concerns, particularly around security headers, GDPR compliance, NIS2 regulation adherence, email authentication, and DNS security, expose gaps that could impact data privacy, regulatory compliance, and trustworthiness. The absence of key email security measures like DKIM increases the risk of email spoofing, potentially harming brand reputation and customer trust. DNSSEC is not enabled, leaving DNS queries vulnerable to manipulation or spoofing attacks. Additionally, failure to configure security headers may increase exposure to common web vulnerabilities. Addressing these medium and low-level issues will strengthen the overall security posture, enhance regulatory compliance, and reduce potential attack surfaces. Prioritizing these actions will help protect business assets and maintain customer confidence in an evolving threat landscape.

G

Gadgets 360 French

gadgets360.fr

57

The website's overall security posture reveals significant gaps, particularly in privacy compliance and information security governance. Critical GDPR violations, including the absence of a privacy policy, cookie policy, and consent mechanisms, expose the business to regulatory fines and reputational damage within the EU market. Additionally, there is a lack of fundamental security policies and incident response procedures as per NIS2 requirements, indicating a weak organizational security framework. Email authentication is critically deficient, increasing the risk of phishing and domain spoofing attacks. While network security and SSL/TLS configurations are relatively strong, key HTTP security headers are missing or misconfigured, weakening protection against common web vulnerabilities. DNS security practices like DNSSEC and CAA records are also lacking, which could facilitate domain hijacking or certificate fraud. Overall, these deficiencies present significant compliance, operational, and security risks that should be addressed promptly to safeguard the business and customer trust.

The website demonstrates a moderate to poor overall security posture with no critical issues found but multiple high and medium severity gaps, primarily in security headers, data privacy compliance, and organizational security policies. Key deficiencies include missing essential HTTP security headers, absent GDPR-required privacy controls, and a lack of foundational information security documentation aligned with NIS2 standards. While email security, SSL/TLS, DNS health, and network security score relatively high, the absence of strict transport security measures and privacy compliance poses significant legal and reputational risks. The business is vulnerable to common web attacks such as clickjacking, XSS, and data leakage, and may face regulatory penalties due to non-compliance with GDPR and NIS2. Immediate attention to governance, policy establishment, and technical controls is necessary to protect customer data and maintain trust. Addressing these issues will also strengthen resilience against cyber incidents and support regulatory alignment. Proactive remediation will reduce potential financial, operational, and reputational damages from security breaches and compliance failures.

P

Paytm

paytmwallet.com

65

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but it faces significant risks in compliance and information security governance. High-priority issues include missing essential headers that protect against clickjacking and cross-site scripting, as well as the absence of GDPR-required documentation such as Privacy and Cookie Policies and consent mechanisms. Furthermore, the site lacks foundational NIS2-aligned security policies and incident response processes, exposing the business to regulatory and operational risks. While email security, SSL/TLS, DNS health, and network security show reasonably strong scores, several medium-level weaknesses like expiring SSL certificates and missing vulnerability disclosure policies remain. The overall compliance score is low, indicating urgent need for attention to privacy and security governance. Addressing these gaps will reduce legal exposure, improve customer trust, and enhance defense against cyber threats.

The website demonstrates a generally strong security posture with no critical or high-level issues detected, reflecting effective baseline protections. Key strengths include excellent email security, SSL/TLS configuration, and robust network security. However, medium-level issues related to missing or misconfigured security headers, GDPR compliance, NIS2 regulatory alignment, and DNS health (notably the absence of DNSSEC) present moderate risks. These gaps could expose the organization to data privacy challenges, regulatory non-compliance, and potential DNS-based attacks. Low-risk findings such as missing CAA records are minor but should be addressed to maintain defense-in-depth. Overall, while the infrastructure is solid, addressing medium-level concerns will enhance compliance, resilience, and customer trust. Proactive remediation of these areas will safeguard the business and support evolving regulatory requirements.

The website exhibits a generally strong security posture, with no critical or high severity issues detected. Key areas such as SSL/TLS and email security are fully compliant, scoring 100/100, ensuring encrypted communication and secure email handling. Network security also demonstrates robust controls. However, there are four medium-level concerns primarily related to missing or inadequate security headers, GDPR compliance, NIS2 regulatory alignment, and DNSSEC absence. These gaps may expose the business to regulatory risks, data protection vulnerabilities, and potential DNS-based attacks. Addressing these medium issues proactively will help mitigate risks, maintain customer trust, and ensure compliance with evolving cybersecurity standards. Overall, the website is secure but requires targeted improvements to strengthen defenses and regulatory adherence.

A

Amazon.com, Inc.

amazonpay.in

70

The website demonstrates a generally strong technical security foundation with excellent SSL/TLS and network security postures and solid email security and DNS health scores. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, posing substantial legal, reputational, and operational risks. Critical deficiencies include the absence of key privacy policies, cookie consent mechanisms, and comprehensive security governance documentation such as incident response and security policies. Security header configurations are suboptimal but represent a lower risk compared to compliance failures. The lack of vulnerability disclosure policies and business continuity planning further exposes the organization to prolonged downtime and unaddressed security incidents. Addressing these compliance and governance issues is essential to mitigate regulatory penalties, build customer trust, and ensure resilience against cyber threats. Immediate remediation will strengthen the overall security posture and align the organization with industry best practices and legal requirements.

S

Shopbop

shopbop.com

65

The website's overall security posture shows no critical vulnerabilities but reveals significant high and medium-risk issues primarily around compliance and security governance. While network security and SSL/TLS configurations are strong, deficiencies in GDPR compliance and NIS2 regulatory adherence present substantial legal and operational risks. Missing privacy and cookie policies, absence of a cookie consent banner, and lack of third-party privacy disclosures expose the business to potential regulatory fines and reputational damage. Security headers are partially implemented, leaving the site vulnerable to common web-based attacks. Email security is relatively strong, though improvements are needed to fully protect against spoofing. DNS configurations require attention, especially to mitigate subdomain takeover risks. Immediate focus on establishing comprehensive security policies, incident response plans, and privacy documentation will enhance regulatory compliance and reduce business risk.

A

Audible

audible.in

67

The website demonstrates a generally strong technical security foundation in areas such as SSL/TLS, network security, and email security, which reduces exposure to common external threats. However, significant gaps exist in security headers implementation and data privacy compliance, with critical omissions like missing Content-Security-Policy and X-Frame-Options headers that increase vulnerability to web-based attacks. The lack of GDPR compliance elements including privacy and cookie policies, consent banners, and third-party privacy disclosures poses legal and reputational risks, especially for customers in regulated regions. Additionally, the absence of a formal information security framework, incident response procedures, and security policy documentation indicates immature internal governance, which could delay threat detection and response. Medium-impact gaps in DNS security and DKIM configuration suggest room for improvement in email and domain protections. Overall, the security posture reflects a need to prioritize privacy compliance and internal security governance to mitigate business risk and maintain customer trust. Immediate remediation of high-severity issues will significantly enhance the website’s resilience against both regulatory and cyber threats.

A

AbeBooks

abebooks.com

71

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, several high and medium-risk issues indicate significant gaps in compliance and information security management. Notably, the absence of a Content Security Policy and incomplete GDPR adherence expose the business to data privacy risks and potential regulatory penalties. The lack of documented security policies, incident response procedures, and vulnerability disclosure protocols highlights weaknesses in organizational security governance. While network security and email security are relatively strong, weaknesses in SSL/TLS configuration and DNS settings present opportunities for exploitation. These deficiencies collectively increase the risk of data breaches, reputational damage, and legal non-compliance, which can have severe business impacts. Addressing these issues promptly will enhance customer trust, regulatory compliance, and overall resilience against cyber threats. Prioritizing governance and compliance-related shortcomings alongside technical controls will deliver the greatest business value. Continuous monitoring and improvement are recommended to maintain and advance security standards.

P

PhonePe

phonepe.com

73

The website exhibits a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to legal, reputational, and operational risks. Key weaknesses are concentrated in GDPR compliance and NIS2 regulatory adherence, indicating gaps in privacy management and information security governance. Missing cookie policies and consent mechanisms risk non-compliance with data protection laws, potentially resulting in fines and customer trust erosion. Additionally, the absence of documented security policies, incident response procedures, and vulnerability disclosure policies undermines the organization's ability to manage and respond to security incidents effectively. Security headers are partially implemented but require strengthening to prevent common web attacks. While email security, SSL/TLS, DNS health, and network security show strong scores, the SSL certificate’s impending expiry and lack of DNSSEC present medium risks. Overall, the website needs focused improvements in regulatory compliance and security governance to safeguard business continuity and customer trust.

The website exhibits a poor overall security posture with critical vulnerabilities that pose significant business risks, including potential data breaches and regulatory non-compliance. Key weaknesses include missing fundamental security headers, absence of GDPR-compliant privacy and cookie policies, and lack of an established information security framework aligned with NIS2 directives. Critically, numerous high-risk and critical network services such as Telnet, SMB, MSSQL, and MongoDB are exposed, greatly increasing the attack surface and risk of unauthorized access or exploitation. The SSL certificate is nearing expiration and HSTS is not enabled, exposing users to potential man-in-the-middle attacks. While email security and DNS health show relative strength, the glaring deficiencies in network security and governance overshadow these positives. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity. Without prompt action, the organization faces heightened risk of cyber incidents that could result in financial losses, reputational damage, and legal penalties.

A

Airtel

airtel.in

69

The website exhibits a moderate security posture with no critical issues but several high and medium-level vulnerabilities primarily related to security headers, GDPR compliance, and NIS2 regulatory requirements. While foundational network security and SSL/TLS configurations are strong, significant gaps exist in privacy policies, incident response, and security governance frameworks. The absence of key HTTP security headers, such as Content-Security-Policy, increases the risk of cross-site scripting and data injection attacks. Non-compliance with GDPR due to missing privacy and cookie policies, as well as consent mechanisms, exposes the business to legal and reputational risks. Furthermore, the lack of documented security policies, incident response plans, and vulnerability disclosure processes undermines the organization's readiness to handle security incidents and regulatory audits. Email security and DNS configurations are generally solid but can be improved to enhance overall trustworthiness. Addressing these gaps will reduce legal exposure, improve customer trust, and strengthen the organization’s cybersecurity resilience.

G

Gadgets 360 German

gadgets360.de

53

The website exhibits significant security and compliance gaps, particularly in privacy, email authentication, and regulatory adherence. Critical issues include lack of GDPR compliance for EU operations and absence of essential email authentication mechanisms, exposing the business to legal risks and email-based attacks. Security headers are inadequately configured, increasing vulnerability to common web attacks such as clickjacking and content sniffing. Organizational security policies and incident response plans are missing, which undermines the ability to manage and recover from security incidents effectively. While network security and SSL/TLS configurations are relatively strong, foundational improvements in security frameworks and privacy policies are urgently needed. Overall, the current posture presents substantial risk for data breaches, regulatory penalties, and reputational damage. Immediate remediation is necessary to protect customer data, ensure compliance, and maintain trust. Addressing these issues will help align the business with industry best practices and regulatory requirements.

P

Pricee: Search engine for Shopping and Prices

pricee.com

61

The website's overall security posture is currently weak, with critical gaps in foundational security controls and compliance measures. Key deficiencies include missing essential HTTP security headers, lack of GDPR-mandated privacy and cookie policies, and absence of a formal information security framework aligned with NIS2 requirements. These shortcomings expose the business to significant risks such as data breaches, regulatory penalties, and reputational damage. While network security and SSL/TLS configurations are relatively strong, critical email authentication mechanisms are missing, increasing the risk of phishing and email spoofing. Immediate remediation is required to establish trust with users, ensure regulatory compliance, and protect sensitive data. Without prompt action, the business faces heightened vulnerability to cyberattacks and potential legal liabilities. Addressing these issues will enhance security posture, reduce risk exposure, and support business continuity.

H

hotdeals360.com

hotdeals360.com

60

The website exhibits significant security gaps that could expose the business to data breaches, regulatory fines, and reputational damage. Critical issues around email authentication and lack of incident response capability present high risk for phishing and cyberattacks. Missing key security headers and weak SSL configurations increase vulnerability to common web-based exploits. GDPR compliance deficiencies, including absence of cookie policies and consent mechanisms, risk legal penalties and customer trust erosion. The NIS2 compliance posture is particularly weak, lacking foundational security policies and frameworks required to manage cybersecurity risks effectively. Although network security and DNS health are relatively strong, critical email and web security controls must be addressed promptly. Overall, the security posture requires urgent remediation efforts focusing on policy, authentication, and web security hardening. Failure to act could lead to operational disruptions and regulatory consequences. This assessment should guide prioritized investments in cybersecurity governance and technical controls to safeguard the business.

The website's overall security posture is solid, with no critical or high-severity issues detected, indicating a generally secure environment. The site excels in SSL/TLS implementation and network security, scoring a perfect 100 in both areas, which ensures encrypted and reliable communications. However, medium-level concerns remain around missing or misconfigured security headers, lack of DNSSEC implementation, and failures in GDPR and NIS2 compliance assessments. These gaps could expose the business to data protection risks, regulatory non-compliance penalties, and potential DNS-based attacks. Low-level issues like a complex SPF record and missing CAA records suggest room for improvement in email and DNS trustworthiness. Addressing these medium and low issues will strengthen defenses, reduce risk exposure, and enhance customer trust. Proactively resolving compliance and security header failures is crucial to maintaining regulatory adherence and protecting brand reputation.

S

Site Maintenance

myntra.com

66

The website demonstrates a moderate to weak overall security posture, with no critical vulnerabilities but multiple high and medium-level issues that expose the business to significant risks. Key deficiencies include missing essential security headers, weak SSL/TLS configurations, and poor compliance with GDPR and NIS2 regulatory requirements. The absence of privacy and cookie policies, along with no consent mechanism, poses legal and reputational risks. Lack of documented security policies, incident response plans, and vulnerability disclosure processes increases exposure to potential operational disruptions and regulatory penalties. While network security and email security are relatively strong, foundational security controls need urgent improvement. Addressing these gaps will help protect customer data, maintain regulatory compliance, and enhance trust with stakeholders. Immediate remediation will reduce the risk of data breaches, legal liabilities, and service interruptions.

N

NDTV Shopping

ndtvshopping.com

69

The website demonstrates a moderate overall security posture with strong network security and solid SSL/TLS and DNS configurations. However, critical vulnerabilities exist in email authentication and compliance with GDPR and NIS2 regulations, exposing the business to potential data breaches, regulatory fines, and reputational damage. Missing key security headers, particularly the Content-Security-Policy, increase the risk of cross-site scripting attacks. The absence of a cookie policy and consent mechanism violates GDPR requirements, risking legal penalties and loss of customer trust. Lack of documented security policies, incident response plans, and vulnerability disclosure processes under NIS2 indicates immature security governance and preparedness. Email systems lack proper authentication, making phishing and spoofing attacks more likely. Immediate remediation efforts are necessary to protect sensitive data, maintain regulatory compliance, and uphold customer confidence. Overall, while foundational security controls are solid, critical gaps must be addressed promptly to reduce risk exposure and ensure business continuity.