Security Directory

U

Uber

uberhealth.com

0

The website's overall security posture shows strengths in network security and SSL/TLS configurations, with high scores in these areas reflecting robust technical defenses. However, significant gaps exist in compliance and governance, particularly concerning GDPR and NIS2 requirements, which pose substantial legal and operational risks. Missing privacy policies, cookie consent mechanisms, and third-party privacy assessments expose the business to regulatory penalties and reputational damage. The absence of formal information security frameworks, incident response plans, and security policies indicates a lack of preparedness for cyber incidents, increasing the risk of prolonged disruptions. Security headers and email security need improvements to enhance data protection and mitigate phishing risks. DNS health is generally solid but could be strengthened by enabling DNSSEC and configuring CAA records. Addressing these issues promptly will reduce compliance risks, improve customer trust, and enhance overall resilience against cyber threats.

U

Uber Freight

uberfreight.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities but multiple high and medium-level issues that expose the business to significant risks. Key deficiencies exist in HTTP security headers, which leave the site susceptible to common web attacks like clickjacking, XSS, and data interception. GDPR compliance is notably weak, lacking core privacy elements such as a privacy policy, cookie policy, and consent mechanisms, which can result in regulatory penalties and reputational damage. The absence of a documented information security framework, incident response, and business continuity planning highlights operational risks in managing security incidents. While email security and network security show strong maturity, the gaps in SSL/TLS configurations and DNS settings further reduce overall resilience. Immediate remediation is required to protect user data, ensure regulatory compliance, and maintain customer trust. Proactive security governance and policy documentation are essential to meet NIS2 directives and strengthen organizational security posture.

B

BPAY Pty Ltd

bpay.com.au

0

The website demonstrates a moderate overall security posture with no critical issues detected, but several high and medium-risk vulnerabilities that pose significant risks to business operations and compliance. Key deficiencies exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, exposing the organization to regulatory penalties and potential data breaches. The absence of privacy and cookie policies, as well as missing consent mechanisms, undermines trust and legal compliance with data protection laws. Weak SSL/TLS configurations and mixed content issues threaten secure data transmission and user confidentiality. Network security and email security are strong points, reflecting good foundational controls in those areas. However, the lack of incident response procedures and security documentation hampers the organization's ability to effectively manage and respond to cyber incidents. Immediate remediation efforts should focus on closing compliance gaps, strengthening encryption standards, and improving security policy frameworks to safeguard business continuity and reputation.

N

NZX Wealth Technologies

nzxwt.nz

0

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but multiple high and medium severity issues, particularly in compliance and policy enforcement. Key weaknesses include missing essential security headers, lack of GDPR compliance, absence of a formal information security framework, and poor DNS health. These gaps expose the business to data privacy risks, reputational damage, and potential regulatory penalties. Email security is moderately strong but can be improved. Network security and SSL/TLS configurations are generally well implemented, which mitigates some risk. However, the lack of incident response and business continuity planning raises concerns about resilience to cyber incidents. Urgent attention to governance, privacy policies, and DNS configurations is required to strengthen defense and regulatory compliance. Overall, the site is vulnerable to web-based attacks and non-compliance fines that could impact business continuity and customer trust.

S

SuperLife

superlife.co.nz

0

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but multiple high and medium-risk issues that could expose the business to significant risks. Key gaps exist in security headers implementation, GDPR compliance, and adherence to the NIS2 cybersecurity framework, indicating potential regulatory non-compliance and increased risk of data breaches. The SSL/TLS configuration is suboptimal, with an expiring certificate posing a near-term availability risk. While network security and email security are relatively strong, foundational aspects such as incident response, security policies, and cookie management need urgent attention. The absence of critical headers like Content-Security-Policy and X-Frame-Options increases the risk of cross-site scripting and clickjacking attacks. GDPR-related deficiencies, including missing cookie consent and insufficient privacy policy, may lead to legal penalties and reputational damage. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

S

Smartshares Limited

smartinvest.co.nz

0

The website's overall security posture reveals significant gaps, particularly in foundational security headers, GDPR compliance, and NIS2 regulatory adherence. While there are no critical vulnerabilities, multiple high-severity issues expose the business to risks such as data breaches, regulatory penalties, and reputational damage. Missing key HTTP security headers and an impending SSL certificate expiration undermine secure communications and user trust. GDPR compliance deficiencies, including the absence of a cookie policy and consent mechanisms, present legal and operational risks, especially in European markets. The lack of documented information security and incident response policies indicates insufficient preparedness against cyber incidents. On a positive note, the network security and email security modules score relatively well, showing strengths in these areas. Immediate remediation is needed to protect sensitive data, ensure regulatory compliance, and maintain customer confidence.

D

DiscoverOrg

discoverorg.com

0

The website exhibits a concerning security posture with no critical issues but multiple high and medium-risk findings, indicating significant gaps in foundational security controls. Key deficiencies include missing essential HTTP security headers, weak SSL/TLS configurations, and inadequate GDPR compliance measures, exposing the business to data breaches and regulatory penalties. The absence of a formal information security framework, incident response, and business continuity plans further increases operational risk and vulnerability to cyber incidents. While email and network security are strong, critical areas like web security headers, SSL/TLS, and compliance require urgent attention to protect sensitive user data and maintain customer trust. DNS security is relatively robust but can be improved with additional configurations. Addressing these issues will reduce the risk of exploitation, improve regulatory compliance, and strengthen overall resilience. Prioritizing governance, technical controls, and privacy policies will provide the best risk reduction and business value.

A

Aramex

aramex.net

0

The website demonstrates a generally strong security posture with no critical or high-severity issues detected. Core protections such as email security, SSL/TLS implementation, and network security are fully compliant and scored at 100%. However, medium-severity gaps exist primarily around security headers, GDPR compliance, NIS2 regulation adherence, and DNS security configurations, notably the absence of DNSSEC. These weaknesses expose the site to potential risks like data privacy non-compliance, increased susceptibility to DNS spoofing attacks, and suboptimal mitigation of common web-based threats. Addressing these areas will enhance regulatory compliance, strengthen defenses against DNS-based and web application attacks, and reduce potential legal and reputational risks. The low-severity issues, such as missing CAA records, while less urgent, should be resolved to maintain comprehensive security hygiene. Overall, the site is well-protected but requires targeted improvements to ensure robust, future-proof security and regulatory alignment.

G

g5search.com

g5search.com

0

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but multiple high and medium risk issues that expose it to potential threats. Key deficiencies include missing essential security headers, absence of GDPR compliance elements such as privacy and cookie policies, and lack of foundational NIS2 security framework documentation and procedures. The DNS configuration poses significant risk due to potential subdomain takeover vulnerabilities, which could lead to unauthorized access or phishing attacks. While email security and SSL/TLS implementations are relatively strong, critical gaps in headers and policy enforcement weaken the site's resilience against common web-based attacks. The absence of incident response and business continuity planning increases operational risk in the event of a security breach. Immediate attention to compliance and infrastructure security improvements will reduce legal exposure and improve customer trust. Overall, the site is vulnerable to both technical exploitation and regulatory penalties unless these issues are addressed promptly.

A

Australia Post

australiapostcollectables.com.au

0

The website demonstrates a generally solid technical security foundation with strong network security, SSL/TLS configurations, and DNS health. However, critical gaps exist in compliance with GDPR and NIS2 regulations, particularly around privacy policies, consent mechanisms, and documented security frameworks. The absence of privacy and cookie policies, along with missing consent banners, exposes the business to regulatory and reputational risks. Lack of incident response procedures and security policy documentation further elevates operational risks in case of security events. Security headers are moderately implemented but can be strengthened to reduce attack surface. Email security is good but could be improved with DKIM implementation to prevent spoofing. Overall, the site is secure from a technical standpoint but requires urgent compliance and governance enhancements to mitigate legal and operational risks.

A

Australia Post

digitalid.com

0

The website demonstrates a generally strong technical security posture in areas such as email security, SSL/TLS configuration, DNS health, and network security, reflecting effective implementation of foundational controls. However, significant gaps exist in compliance and governance domains, notably regarding GDPR and NIS2 requirements, which pose substantial legal, reputational, and operational risks. The absence of a privacy policy, cookie policy, and consent mechanisms undermines user trust and exposes the business to potential regulatory penalties. Furthermore, critical deficiencies in information security frameworks, incident response, and security policy documentation indicate a lack of formalized cybersecurity governance and preparedness. While security header implementations are moderate, enhancements are needed to reduce exposure to web-based threats. Addressing these compliance and governance gaps will be essential to align with industry best practices, regulatory mandates, and customer expectations. Prioritizing these improvements will strengthen both risk management and stakeholder confidence.

A

Australia Post

postbillpay.com.au

0

The website demonstrates a solid foundation in network, email, and SSL/TLS security, indicating good baseline protections. However, significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity frameworks, which together expose the business to legal, reputational, and operational risks. Missing critical headers like Content-Security-Policy and X-Frame-Options leave the site vulnerable to cross-site scripting and clickjacking attacks. The absence of privacy and cookie policies, along with no cookie consent mechanism, poses compliance risks under data protection laws such as GDPR, potentially leading to fines and loss of customer trust. Lack of documented security policies, incident response procedures, and business continuity planning increases the risk of inadequate response to cyber incidents, threatening business operations. DNSSEC is not enabled, which could allow DNS spoofing attacks. Addressing these issues will significantly strengthen security posture, reduce compliance risks, and protect the organization from both cyber threats and regulatory penalties. Immediate focus on privacy policies, security headers, and incident response frameworks is recommended. Overall, the current posture requires urgent remediation to align with industry standards and legal requirements.

C

Cure Kids

rednoseday.co.nz

0

The website demonstrates a moderate overall security posture with no critical issues detected; however, there are multiple high and medium severity gaps that present significant risk to business operations and compliance. Key vulnerabilities include lack of foundational security headers and insufficient email authentication, which increase exposure to web-based attacks and phishing risks. Compliance with GDPR and NIS2 regulations is notably weak, with missing cookie consent mechanisms, security policies, and incident response procedures that could lead to regulatory penalties and reputational damage. While network and DNS security are relatively strong, the absence of core security policies and frameworks undermines the organization's resilience against cyber threats. Immediate remediation is critical to protect sensitive customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will also improve customer trust and reduce the likelihood of data breaches. Prioritizing security governance and visibility should be central to the remediation roadmap. Overall, the organization must advance beyond technical fixes to establish a robust security culture aligned with regulatory expectations.

S

Spotify AB

spotifyjobs.com

0

The website demonstrates significant security gaps, particularly in foundational security headers, data privacy compliance, and incident management frameworks. While no critical vulnerabilities were found, multiple high-severity issues indicate an elevated risk exposure that could lead to data breaches, reputational damage, and regulatory penalties. GDPR compliance is notably weak, lacking essential cookie policies and consent mechanisms, which threatens legal compliance and customer trust. The absence of a formal information security framework, incident response, and security policy documentation further exacerbates operational risks. Email security is suboptimal with missing DMARC and DKIM records, increasing the risk of phishing and spoofing attacks. SSL/TLS configurations are moderately healthy but require timely renewal and enabling of HSTS to ensure encrypted communications. DNS and network security are relatively strong, providing a solid foundation on which to build. Immediate remediation of critical governance and privacy controls will significantly reduce business risk and support regulatory adherence.

The website demonstrates a strong overall security posture with no critical or high severity issues, and perfect scores in email security, SSL/TLS configuration, and network security. However, medium-level concerns exist related to security headers, GDPR compliance, NIS2 directives, and DNS health, particularly the absence of DNSSEC. These medium issues could expose the business to regulatory risks, data privacy challenges, and potential domain spoofing vulnerabilities. Low-level issues, such as missing CAA records, slightly reduce DNS security but have less immediate impact. Addressing these gaps will enhance compliance, reduce attack surface, and improve trustworthiness with customers and partners. Prioritizing remediation in the context of evolving regulatory landscapes will safeguard business continuity and reputation. Overall, the website is secure but would benefit from targeted improvements in governance and DNS-related controls.

A

Australia Post

auspost.com.au

0

The website demonstrates a generally solid technical security foundation with strong email security, network security, SSL/TLS, and DNS health scores. However, significant deficiencies exist in compliance with data privacy regulations such as GDPR, and critical gaps are present in information security governance aligned with NIS2 requirements. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the business to regulatory penalties and reputational damage. Moreover, lacking documented security policies, incident response plans, and vulnerability disclosure processes increases operational risk and may delay breach mitigation. Security headers are moderately configured but require improvements to reduce attack surface and prevent data leakage. Overall, the site’s technical controls are adequate but the organization must urgently address compliance and governance shortcomings to safeguard customer trust and meet legal obligations. Failure to act on these high-impact, high-risk issues could result in financial losses and regulatory scrutiny.

N

NZX Limited

nzx.com

0

The website demonstrates a concerning overall security posture with multiple high and medium risk issues primarily related to security headers, GDPR compliance, and NIS2 regulatory standards. While there are no critical vulnerabilities, the absence of key security headers and weak SSL/TLS configurations expose the site to common attacks like clickjacking, XSS, and data interception. GDPR compliance gaps, including missing cookie policies and consent mechanisms, pose legal and reputational risks, especially in regulated markets. The lack of documented information security frameworks, incident response procedures, and security policies further increases organizational risk and may hinder timely breach response. Positive aspects include strong network security and good email security practices, but these do not offset the critical gaps in web application and regulatory security controls. Immediate improvements are necessary to protect sensitive data, maintain customer trust, and ensure regulatory compliance. Without action, the business risks data breaches, regulatory fines, and damage to brand reputation.

R

RealPage

realpagecares.com

0

The website's overall security posture reveals significant gaps, particularly in governance and compliance areas such as GDPR and NIS2 frameworks, exposing the business to regulatory and reputational risks. Critical email security misconfigurations pose a high risk of phishing and spoofing attacks, potentially undermining customer trust. Missing key security headers like Content-Security-Policy and X-Frame-Options increase vulnerability to cross-site scripting and clickjacking attacks, threatening data integrity. Although network security and DNS health are relatively strong, foundational SSL/TLS and header configurations require improvement to safeguard data in transit. The absence of documented incident response and business continuity plans limits the organization's ability to effectively respond to cyber incidents, increasing potential downtime and financial loss. Lack of a cookie policy and consent mechanisms places the company at risk of non-compliance with privacy laws, which could result in fines and legal challenges. Immediate attention to these areas will reduce attack surfaces, ensure compliance, and strengthen overall resilience. Prioritizing governance frameworks and critical technical controls will deliver the greatest business impact.

S

Spotify AB

spotifyforbrands.com

0

The website demonstrates a moderate to weak security posture with no critical issues but several high and medium severity findings that could expose the business to significant risks. Key gaps include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of foundational NIS2 security governance documentation. Email and network security are relatively strong, but SSL/TLS configurations show weaknesses that could undermine data integrity and confidentiality. The absence of incident response and vulnerability disclosure policies increases the risk of prolonged breaches and reputational damage. Overall, the organization faces regulatory compliance risks, potential data breaches, and operational disruptions if these issues remain unaddressed. Immediate remediation will enhance customer trust, reduce legal exposure, and improve resilience against cyber threats. Prioritizing governance and technical controls will strengthen the security framework and align with industry best practices.

The website demonstrates a generally strong security posture with no critical or high-level issues identified and excellent scores in SSL/TLS and network security. However, several medium-severity vulnerabilities exist, primarily related to missing security headers, lack of GDPR and NIS2 compliance verification, absent email authentication via DKIM, and incomplete DNS security configurations such as missing DNSSEC. While low-severity issues like unconfigured CAA records are less urgent, addressing them will further strengthen defenses. The absence of key security headers and email authentication mechanisms could expose the business to data leakage, spoofing, and compliance risks, potentially impacting customer trust and regulatory standing. Overall, the site is well-protected at the network and transport layers but requires focused improvements in application-layer security and regulatory compliance. Prompt remediation of these medium issues will reduce attack surface and enhance resilience against phishing, data breaches, and legal penalties. The current posture positions the business well but leaves room for improvement in critical compliance and email security areas.

G

G5

getg5.com

0

The website's overall security posture reveals significant gaps, particularly in compliance with regulatory frameworks such as GDPR and NIS2, which pose legal and reputational risks. While there are no critical vulnerabilities, several high-severity issues—such as missing security policies, weak SSL key length, and absence of cookie consent—indicate inadequate protection against data breaches and cyber incidents. The security headers and privacy configurations are suboptimal, increasing the likelihood of clickjacking attacks and non-compliance with data privacy laws. Network security and email security are strong points, demonstrating robust perimeter defenses. However, deficiencies in incident response, business continuity planning, and security documentation expose the business to prolonged downtime and regulatory penalties in case of an incident. Immediate attention is needed to address these weaknesses to safeguard customer data, maintain trust, and ensure compliance. Improving these areas will enhance the website’s resilience against cyber threats and regulatory scrutiny.

The website’s overall security posture reveals significant gaps in critical areas, particularly compliance with GDPR and NIS2 regulations, as well as foundational security controls. While there are no critical vulnerabilities, the presence of 11 high-severity issues highlights urgent risks that could lead to legal penalties, data breaches, or service disruptions. Missing key HTTP security headers and weak SSL/TLS configurations expose the site to common web-based attacks such as clickjacking and mixed content exploitation. Compliance gaps, including lack of cookie policies and incident response planning, increase regulatory and operational risks. DNS health issues like unregistered MX records pose risks to email reliability and can affect business communication. Positively, network security controls are strong, and email security is fairly robust, but improvements are needed to prevent spoofing and phishing. Immediate remediation will reduce risks, improve customer trust, and align with regulatory requirements. Without prompt action, the business risks reputational damage, regulatory fines, and potential data compromises.

B

Briscoe Group

briscoegroup.co.nz

0

The website's security posture is currently poor, with significant vulnerabilities across multiple domains including network security, compliance, and security headers. Critical risks arise from numerous exposed critical services such as SMB, MSSQL, MySQL, and Telnet, which pose immediate threats of unauthorized access and data breaches. Additionally, the absence of key security headers and a Content Security Policy increases susceptibility to web-based attacks like clickjacking and cross-site scripting. GDPR compliance is notably lacking, with no cookie policy or consent mechanisms, risking legal penalties and reputational damage. The lack of incident response and information security frameworks further exacerbates business risk by limiting preparedness for cyber events. While email security and DNS health scores are relatively strong, SSL/TLS configurations require urgent improvement to protect data in transit. Overall, the organization faces high exposure to cyber threats and compliance violations that must be urgently addressed to safeguard assets and maintain customer trust.

B

Briscoes AU

briscoes.com.au

0

The website's security posture is currently weak, with numerous critical and high-risk vulnerabilities exposing the business to significant threats including data breaches, regulatory fines, and operational disruptions. Critical services such as Telnet, SMB, MSSQL, MySQL, PostgreSQL, Redis, and MongoDB are openly exposed, posing immediate risk of compromise. Security headers are inadequately configured, leaving the site vulnerable to clickjacking, cross-site scripting, and data leakage attacks. GDPR compliance is poor, with no cookie policy or consent mechanisms in place, increasing legal and reputational risks. The absence of a formal information security framework, incident response plan, and security policies under NIS2 requirements indicates a lack of preparedness for cyber incidents. SSL/TLS configurations are suboptimal, including weak keys and impending certificate expiration, undermining data encryption and trust. Although email security and DNS health show relatively better scores, critical network security gaps must be addressed urgently to protect business assets and maintain customer trust.

N

Nelson Recruiting

nelsonrecruiting.com

0

The website's overall security posture is currently weak, with critical gaps in network security and compliance frameworks, exposing the business to significant operational and reputational risks. Critical services like MySQL and PostgreSQL are publicly accessible, creating immediate vulnerabilities to data breaches. The absence of key security headers and missing incident response and security policies further increase the risk of exploitation and regulatory non-compliance. GDPR compliance is insufficient, lacking essential cookie policies and consent mechanisms, potentially leading to legal penalties. Although email security and TLS configurations show moderate strength, critical certificates and security policies require urgent updating. The NIS2 and network security scores are alarmingly low, indicating inadequate protection against cyber threats and lack of preparedness for incidents. Immediate remediation across network exposure, compliance documentation, and security headers is essential to safeguard the business and maintain customer trust. Without prompt action, the organization faces heightened risks of cyberattacks, data loss, and regulatory fines.

P

Profisee

profisee.com

0

The website demonstrates a moderate overall security posture with no critical issues but multiple high and medium risk findings that could expose the business to significant operational, reputational, and regulatory risks. Key weaknesses exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity framework requirements, reflecting gaps in privacy protection, incident preparedness, and information security governance. SSL/TLS configurations show vulnerabilities including weak key lengths and impending certificate expiration, which threaten secure communications. While email security and network security measures score well, foundational security controls such as Content Security Policy and proper cookie management are missing. Failure to implement GDPR-required cookie consent and policies exposes the business to potential regulatory penalties and loss of customer trust. The absence of incident response and business continuity plans significantly heightens risk from cyber incidents. Immediate remediation will reduce attack surface, improve compliance, and strengthen customer confidence. Overall, addressing these gaps is essential to align with industry standards and regulatory obligations, protecting both the business and its customers.

A

Acentra Health

acentra.com

0

The website's overall security posture reveals significant gaps in compliance and foundational security controls, particularly concerning regulatory requirements and cryptographic protections. While no critical vulnerabilities were found, multiple high and medium severity issues pose material risks to data privacy, legal compliance, and customer trust. Key weaknesses include missing security headers, lack of GDPR-compliant cookie policies and consent mechanisms, absence of formal information security and incident response frameworks, and weak SSL/TLS configurations. Conversely, network security and DNS health show relatively strong scores, indicating some effective controls are in place. The deficient NIS2 compliance score highlights the urgent need for documented security policies and incident handling procedures. Immediate remediation will reduce exposure to data breaches, regulatory penalties, and reputational damage. Investment in security governance and cryptographic standards is needed to align with industry best practices and legal mandates.

C

CNECT

cnectgpo.com

0

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk vulnerabilities across key domains. Significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity standards, exposing the business to regulatory, reputational, and operational risks. Missing essential headers like Strict-Transport-Security and Content-Security-Policy weaken defense against common web attacks. GDPR-related deficiencies, including lack of a cookie policy and consent mechanisms, risk non-compliance penalties. The absence of documented security policies, incident response, and business continuity plans under NIS2 further increases exposure to cyber threats and operational disruptions. SSL/TLS configurations are suboptimal with weak key length and upcoming certificate expiry, potentially compromising secure communications. Encouragingly, network security and email security show relatively strong scores, indicating some foundational controls are in place. Immediate remediation focused on regulatory compliance and critical security controls will substantially reduce risk and improve trustworthiness.

B

Bricz

bricz.com

0

The website demonstrates significant security and compliance gaps, particularly in foundational security headers and regulatory adherence, which expose the business to increased risk of data breaches, regulatory penalties, and reputational damage. Although no critical vulnerabilities were found, multiple high and medium risk issues related to missing security headers, incomplete GDPR compliance, and absence of essential NIS2 security frameworks indicate inadequate protection and governance. Email security and network security show relatively strong posture, but weaknesses in SSL/TLS management and DNS configuration could impact trust and data integrity. Immediate attention is needed to establish security policies, incident response capabilities, and enforce data protection measures to align with industry standards and regulations. The low scores in security headers, GDPR, and NIS2 compliance highlight urgent areas that require remediation to safeguard customer data, maintain regulatory compliance, and ensure business continuity. Overall, the website’s security posture is currently insufficient for high-risk operational environments and requires prioritized remediation to reduce exposure and improve stakeholder confidence.

R

RealPage

yieldstar.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities detected but several high and medium-severity issues that could expose the business to regulatory risks and cyber threats. Notably, the absence of essential security headers and weak encryption practices increase susceptibility to common web attacks such as clickjacking and data interception. GDPR compliance gaps, including missing cookie consent and incomplete privacy policies, pose significant legal and reputational risks, especially in markets regulated by data protection laws. The lack of a formal information security framework, policy documentation, and incident response procedures highlights a critical deficiency in organizational security governance. While network security and email security perform relatively well, weaknesses in SSL key strength and DNS configurations undermine overall trustworthiness. Addressing these issues promptly will not only enhance security resilience but also support regulatory compliance and customer confidence. A prioritized, strategic approach focusing on governance, encryption, and compliance will provide the most business value. Continuous monitoring and improvement are essential to maintaining and advancing the security posture over time.

The website exhibits significant security and compliance gaps that could expose the business to legal, reputational, and operational risks. While there are no critical vulnerabilities, multiple high-severity issues related to missing security headers, absence of GDPR compliance measures, and lack of foundational information security frameworks are evident. The absence of a Privacy Policy, Cookie Policy, and consent mechanisms increases the risk of regulatory penalties and undermines user trust. Additionally, missing incident response and security policy documentation hampers the organization's ability to effectively manage and respond to security incidents. Although email security, SSL/TLS, DNS health, and network security scores are relatively strong, foundational security controls such as HSTS and DNSSEC require improvement. Immediate remediation is essential to align with industry best practices and relevant regulations like GDPR and NIS2. Addressing these gaps will substantially reduce the risk of data breaches, regulatory fines, and damage to brand reputation.

S

ShowingTime+

showingtime.com

0

The website demonstrates a moderate overall security posture with strong network security and solid SSL/TLS and email security implementations. However, significant gaps exist in compliance and governance areas, particularly concerning GDPR and NIS2 regulatory requirements, which present considerable legal and reputational risks. The absence of fundamental privacy policies, cookie consent mechanisms, and incident response procedures exposes the business to potential regulatory penalties and customer trust erosion. Missing critical security headers like X-Frame-Options increases susceptibility to web-based attacks such as clickjacking. While core infrastructure like DNS and SSL is generally well-managed, some improvements are needed to maintain robust protection. Immediate focus on establishing comprehensive privacy and security policies, alongside addressing critical security headers, will substantially improve risk posture. Without remediation, these vulnerabilities could lead to data breaches, compliance violations, and operational disruptions impacting business continuity and customer confidence.

S

Seismic

seismic.com

0

The website demonstrates a generally solid security foundation with no critical vulnerabilities detected, and strong performance in email security, SSL/TLS, DNS health, and network security. However, significant gaps exist in governance and compliance areas, notably GDPR and NIS2 regulations, with multiple high-severity issues such as missing cookie policies, lack of incident response procedures, and absence of security framework documentation. These deficiencies expose the business to regulatory risks, potential legal penalties, and reputational damage. Security headers are not fully optimized, leaving the site vulnerable to clickjacking and some cross-site scripting risks. While SSL/TLS configurations are largely robust, upcoming certificate expiry and incomplete HSTS settings require attention to maintain trust and secure communications. Overall, the organization should prioritize establishing comprehensive security policies and compliance measures to mitigate operational and regulatory risks effectively.

R

RealPage, Inc.

realpagelumina.com

0

The website's overall security posture reveals significant gaps, particularly in governance and compliance areas. Critical issues such as the lack of email authentication and missing incident response procedures expose the business to heightened risks of phishing attacks and prolonged downtime during security incidents. High-severity findings around GDPR compliance and the absence of a documented security framework indicate potential regulatory and reputational risks. Although network security and DNS health scores are strong, foundational security controls like Content-Security-Policy and Strict-Transport-Security headers are insufficiently configured, increasing vulnerability to web-based attacks. Expiring SSL certificates and mixed content issues further degrade trust and security. Immediate remediation is necessary to safeguard sensitive data, ensure regulatory compliance, and protect brand reputation. The business should prioritize establishing formal security policies and improving critical headers and email authentication measures. Addressing these issues will reduce risk exposure and support long-term resilience against evolving cyber threats.

R

Real Estate Team OS

realestateteamos.com

0

The website's overall security posture exhibits significant gaps, particularly in foundational security controls and regulatory compliance. Critical and high-severity issues primarily relate to missing email authentication, lack of comprehensive security policies, and poor implementation of security headers, exposing the business to phishing, data breaches, and clickjacking attacks. GDPR compliance is notably weak, with absent cookie policies and consent mechanisms, risking legal penalties and reputational damage. Although network security and SSL/TLS configurations are relatively strong, imminent SSL certificate expiration and missing DNS security features present moderate risks. The absence of an incident response framework and vulnerability disclosure policy indicates unpreparedness for security incidents. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard brand trust. Addressing these issues will strengthen the website’s resilience against common threats and align it with industry best practices.

F

Freddie Mac

freddiemac.com

0

The website demonstrates a generally solid technical security foundation with no critical vulnerabilities detected and strong scores in email security, network security, SSL/TLS, and DNS health. However, significant gaps exist in regulatory compliance and governance, particularly regarding GDPR and NIS2 mandates, which present substantial legal and operational risks. The absence of essential policies such as cookie consent, incident response, and security frameworks exposes the organization to potential regulatory penalties and undermines customer trust. Missing key security headers and mixed content issues indicate areas where the website’s resilience against common web attacks can be improved. While foundational network and protocol configurations are strong, the low scores in compliance reflect a need for urgent attention to documentation, privacy, and incident management. Overall, the security posture is functional but incomplete, with business-critical exposure due to compliance shortcomings. Addressing these gaps will enhance legal compliance, customer confidence, and incident readiness, thereby reducing potential financial and reputational damage.

F

Fannie Mae

fanniemae.com

0

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that could impact both security and regulatory compliance. Notably, the absence of key GDPR-related elements such as Privacy and Cookie Policies, and a consent banner, exposes the business to potential legal penalties and loss of user trust. Security headers are inadequately configured, increasing susceptibility to common web attacks like cross-site scripting. The lacking information security framework and incident response procedures indicate immature cybersecurity governance, risking delayed or ineffective handling of security incidents. SSL certificate expiration and mixed content issues threaten secure communications, while missing DNSSEC and email authentication elements could allow domain spoofing or phishing attacks. Positively, network security and DNS health are strong, providing a solid foundation. Overall, immediate focus on compliance and security policy establishment is critical to safeguard business operations and reputation.

B

Blend

blend.com

0

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, significant gaps exist in compliance, documentation, and some security configurations. High-severity issues center on GDPR non-compliance, including the absence of a cookie policy and consent mechanisms, which expose the business to regulatory and reputational risks. Additionally, the lack of an established information security framework, incident response procedures, and security policy documentation undermines the organization's ability to effectively manage cybersecurity risks and respond to incidents, potentially affecting business continuity. SSL certificate expiration and mixed content warnings further threaten data integrity and user trust. While network security and email security scores are strong, deficiencies in security headers and DNS configurations expose the website to avoidable attack vectors. Prioritizing compliance and foundational security processes will significantly enhance the organization's risk posture and regulatory standing.

The website demonstrates a mixed security posture with no critical issues but multiple high and medium severity vulnerabilities that expose the business to regulatory, operational, and reputational risks. Key deficiencies exist in privacy compliance (GDPR) with missing privacy policies and cookie consent mechanisms, risking legal penalties and loss of customer trust. The absence of fundamental information security governance, including security policies, incident response, and business continuity planning, indicates immature security management and increases exposure to cyber threats. Technical security controls such as security headers and SSL/TLS configurations are weak or incomplete, which could allow exploitation through web-based attacks and undermine data confidentiality. Email and network security components are relatively strong, though improvements in DNS security and certificate management are needed. Immediate remediation is required for missing privacy documentation and security policies to mitigate compliance risks and build a security-aware culture. Strengthening cryptographic settings and web security headers will help protect customer data and maintain brand integrity. Overall, addressing these issues is critical to safeguarding business operations and maintaining regulatory compliance in an evolving threat landscape.

S

ShowingTime Plus, LLC

marketviewbroker.com

0

The website's overall security posture is weak, with critical and high-severity issues predominantly related to foundational security controls. Missing essential HTTP security headers and lack of email authentication expose the business to web-based attacks, phishing, and data interception risks. Non-compliance with GDPR requirements, including absence of privacy and cookie policies and consent mechanisms, risks regulatory penalties and reputational damage. The absence of documented information security frameworks, incident response plans, and security policies reflects immature governance, increasing operational and compliance risks. While network infrastructure and SSL/TLS configurations are relatively strong, critical gaps in DNS security and email authentication reduce trust and increase vulnerability to spoofing and phishing. Immediate remediation is necessary to protect customer data, ensure legal compliance, and maintain stakeholder confidence. Addressing these issues will reduce risk exposure, improve incident readiness, and support business continuity.

D

DotLoop LLC

dotloop.com

0

The website demonstrates a generally strong network and email security posture, with high scores in networkSecurity (100/100) and emailSecurity (95/100). However, significant gaps exist in compliance and governance areas, particularly related to GDPR and NIS2 regulations, where scores are notably low (43/100 and 25/100 respectively). Critical business risks stem from missing cookie policies and consent mechanisms, lack of information security frameworks, and absent incident response and business continuity plans. Security headers are partially implemented but lack essential protections like Content-Security-Policy, increasing exposure to web-based attacks. SSL/TLS configurations are good overall but require timely certificate renewal and improved HSTS settings. DNS health is solid but could be enhanced by enabling DNSSEC. Addressing these deficiencies is crucial to mitigate regulatory non-compliance risks, protect customer data, and ensure operational resilience against security incidents.

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but numerous high and medium-risk issues exist that could expose the business to regulatory, reputational, and operational risks. Key deficiencies are primarily in security headers, GDPR compliance, and NIS2 cybersecurity governance frameworks. Missing essential HTTP security headers like Strict-Transport-Security and Content-Security-Policy increase the risk of man-in-the-middle and cross-site scripting attacks. Compliance gaps, including absent privacy and cookie policies and lack of cookie consent mechanisms, pose legal and financial risks under data protection laws. Furthermore, the absence of documented security policies, incident response plans, and vulnerability disclosure procedures undermines organizational resilience and regulatory compliance. Although email security, DNS health, and network security postures are strong, weaknesses in SSL/TLS configuration and certificate management require urgent remediation. Immediate improvements in these areas will reduce attack surface, enhance customer trust, and support regulatory adherence.

B

Briscoes

briscoes.co.nz

0

The website's security posture is currently weak, exposing the business to significant cyber risks and potential regulatory non-compliance. Numerous critical and high-severity issues exist, especially in network security where multiple critical services such as Telnet, SMB, MSSQL, and databases are openly exposed, significantly increasing the risk of unauthorized access and data breaches. Key security controls including essential HTTP security headers and GDPR compliance measures like cookie policies and consent banners are missing, elevating legal and reputational risks. The absence of formal information security frameworks, incident response plans, and security policies further undermines the organization's resilience to cyber incidents. While email security and DNS health show relatively better scores, weaknesses remain in SSL/TLS configurations that could allow interception or downgrade attacks. Immediate remediation is required to protect sensitive data, maintain customer trust, and comply with regulations such as GDPR and NIS2. Failure to address these gaps could result in financial loss, legal penalties, and damage to brand reputation. Strengthening foundational security controls and network defenses should be prioritized to reduce the attack surface and improve overall risk posture.

The website demonstrates a generally sound technical security posture with strong network security, SSL/TLS configurations, and email security. However, there are significant compliance and governance gaps, primarily related to GDPR and NIS2 regulatory requirements, which pose high legal and operational risks. Key concerns include the absence of privacy and cookie policies, lack of consent mechanisms, and missing incident response and information security framework documentation. These deficiencies could lead to regulatory penalties, reputational damage, and loss of customer trust. Security headers are implemented but need strengthening to mitigate web-based attacks effectively. DNS and email security are adequate but have room for improvement to reduce attack surface. Addressing governance and compliance issues should be prioritized alongside enhancing security headers to ensure a balanced, robust security posture that supports business continuity and regulatory adherence.

The website exhibits a moderate security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to regulatory, reputational, and operational risks. Key weaknesses include missing crucial security headers like Content-Security-Policy and inadequate GDPR compliance, notably the absence of a cookie policy and consent mechanism. The most significant gaps lie in the lack of foundational NIS2 security governance elements, including no documented security policies, incident response procedures, or vulnerability disclosure policies. While SSL/TLS and network security are relatively strong, mixed content issues and suboptimal HTTP Strict Transport Security (HSTS) configurations reduce overall protection. DNS security is good but could be enhanced by enabling DNSSEC and configuring CAA records. Immediate remediation is especially critical to meet regulatory requirements, protect sensitive user data, and reduce exposure to web-based attacks. The current state may lead to compliance penalties, customer trust erosion, and increased risk of successful cyberattacks if not addressed promptly.

O

Osano, Inc.

trusthub.com

0

The website demonstrates a generally stable security posture with no critical vulnerabilities detected and strong scores in SSL/TLS and network security. However, significant gaps exist in compliance-related areas, notably GDPR and NIS2 regulatory requirements, which expose the business to legal and operational risks. Missing cookie policies, consent mechanisms, and privacy policy issues create potential non-compliance liabilities under data protection laws. Additionally, the absence of documented security policies, incident response procedures, and security contact information undermines the organization's ability to effectively manage security incidents and regulatory audits. Security headers are partially implemented but lack key protections, increasing the risk of clickjacking and cross-site scripting. Email security is reasonably well configured but can be improved with DKIM and DMARC enhancements. DNS security is good but would benefit from enabling DNSSEC and configuring CAA records to prevent unauthorized certificate issuance. Overall, the company should prioritize compliance maturity and governance to reduce business risk while reinforcing technical controls.

A

Aryeo

aryeo.com

0

The website demonstrates several significant security gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. While there are no critical vulnerabilities, the presence of multiple high and medium severity issues in security headers, GDPR compliance, NIS2 regulatory adherence, and SSL/TLS configuration indicate an urgent need for remediation. The low scores in security headers (30/100), GDPR (43/100), and especially NIS2 (25/100) highlight weaknesses in both technical controls and governance practices. Email security and network security are relatively strong, reducing some exposure to phishing and network-based attacks. However, the absence of key policies and procedures, such as incident response and vulnerability disclosure, leaves the organization ill-prepared for security events. The lack of cookie consent mechanisms also risks non-compliance fines under data protection laws. Overall, the organization should prioritize strengthening foundational security controls and compliance frameworks to protect customer data and maintain trust.

F

Follow Up Boss

followupboss.com

0

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, significant gaps exist in compliance and governance areas, particularly GDPR and NIS2 requirements. While foundational network and email security controls are strong, missing security headers and incomplete security policies expose the business to potential data privacy risks and regulatory penalties. The absence of a cookie policy, consent mechanisms, and incident response procedures presents considerable legal and operational risks, especially as data privacy regulations tighten. Insufficient documentation of security frameworks and contact points undermines stakeholder trust and readiness to respond to incidents. Addressing these issues promptly will enhance regulatory compliance, reduce exposure to data breaches, and improve overall security resilience. The organization should prioritize establishing formal security policies, GDPR compliance measures, and incident response capabilities to protect business continuity and reputation. Investment in these areas will mitigate risks of fines, customer dissatisfaction, and operational disruption.

Z

Zillow, Inc.

zillowhomeloans.com

0

The website demonstrates a concerning security posture with significant gaps in fundamental protections and regulatory compliance. While there are no critical vulnerabilities detected, the presence of 11 high and multiple medium-severity issues indicates elevated risk exposure. Key deficiencies include missing essential security headers, lack of GDPR compliance elements such as privacy and cookie policies, and absence of core NIS2 security governance frameworks and incident response protocols. These lapses increase the risk of data breaches, regulatory penalties, and reputational damage. On a positive note, email security and network security configurations are robust, and SSL/TLS and DNS health are relatively strong but still require improvements. Immediate remediation is needed to address regulatory compliance and secure communication headers to reduce attack surfaces. Implementing structured security policies and response plans will enhance resilience and trust with customers and partners.

A

Access to this page has been denied

hotpads.com

0

The website demonstrates a concerning overall security posture, with significant gaps in foundational security headers, privacy compliance, and organizational security policies. While no critical vulnerabilities were identified, the presence of 11 high-level issues related to missing security headers and lack of GDPR and NIS2 compliance exposes the business to increased risk of data breaches, regulatory penalties, and reputational damage. The absence of key headers such as Strict-Transport-Security and Content-Security-Policy reduces protection against common web-based attacks. Additionally, the lack of privacy policies and cookie consent mechanisms highlights non-compliance with GDPR requirements, potentially resulting in legal consequences. Organizational security governance is weak, with missing incident response procedures, security policies, and contact information, impairing the ability to detect, respond to, and recover from security incidents effectively. Email and network security show relatively strong posture, indicating some existing controls are in place. Immediate focus on addressing high-impact security headers, privacy compliance, and security governance will considerably improve the website’s risk profile and business resilience.