Security Directory

F

FITT

interplast.mc

0

The website's security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Notably, the absence of HTTPS encryption is a critical vulnerability that jeopardizes all data in transit and severely undermines user trust. Key security headers are largely missing, increasing the risk of cross-site scripting, clickjacking, and content injection attacks. Additionally, the lack of GDPR compliance elements such as privacy policies and cookie consent exposes the business to potential legal penalties. The absence of a formal information security framework, incident response procedures, and security policies indicates immature security governance. Email security mechanisms like DMARC and DKIM are weak or missing, raising the risk of phishing and email spoofing. While DNS and network security show some strengths, critical gaps remain, such as the exposure of SSH services. Immediate remediation is required to protect sensitive data, comply with regulations, and maintain customer trust.

I

InfraOpS

infraops.fr

0

The website's security posture is critically weak, exposing the business to significant risk both technically and legally. The absence of HTTPS encryption and critical security headers like Strict-Transport-Security and Content-Security-Policy leaves user data vulnerable to interception and attacks such as man-in-the-middle and clickjacking. Moreover, the lack of GDPR compliance measures including privacy and cookie policies, as well as consent mechanisms, exposes the business to regulatory penalties, especially given the EU presence. The missing NIS2 security framework and incident response plans indicate inadequate preparedness for cyber incidents, increasing downtime and reputational damage risks. Email security weaknesses, such as missing DMARC and DKIM records, heighten the risk of email spoofing and phishing attacks targeting customers and partners. DNS health is moderate but could be improved with DNSSEC to prevent DNS attacks. Although network security posture is strong, this does not compensate for the critical gaps in web security and compliance. Immediate remediation is essential to protect customer trust, ensure regulatory compliance, and safeguard business continuity.

The website exhibits a severely compromised security posture with multiple critical vulnerabilities that expose it to significant risks, including data breaches, service disruption, and regulatory penalties. The absence of HTTPS encryption is a critical flaw impacting data confidentiality and user trust. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, MIME sniffing, and cross-site scripting. Compliance gaps with GDPR and NIS2 frameworks pose legal and operational risks, especially due to missing privacy policies and incident response procedures. Exposure of critical backend services like MySQL and PostgreSQL to the internet further elevates the risk of unauthorized access and data theft. Although email security and DNS health show relatively better scores, these strengths are overshadowed by critical network and application layer weaknesses. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and avoid regulatory sanctions. Overall, urgent investment in security infrastructure and governance is required to stabilize the environment and reduce business risk.

E

Eurimpex MDD

eurimpexmdd.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting data confidentiality and integrity, highlighted as a critical issue across multiple frameworks (GDPR, NIS2, SSL/TLS). Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing the risk of cross-site scripting and clickjacking attacks. There is a complete lack of privacy and cookie policies, which not only undermines user trust but also violates GDPR requirements, potentially resulting in heavy fines. The security governance framework is also deficient, with no documented incident response, security policies, or vulnerability disclosure processes, leaving the business ill-prepared for cyber incidents. Email security is partially implemented but lacks essential authentication mechanisms, increasing the risk of phishing and spoofing. DNS and network security are relatively stronger areas but cannot compensate for the critical gaps elsewhere. Immediate remediation is required to protect customer data, ensure compliance, and safeguard business continuity.

The website's overall security posture exhibits significant vulnerabilities primarily due to the absence of HTTPS encryption, which poses a critical risk to data confidentiality and user trust. Key compliance failures with GDPR and NIS2 regulations, including missing privacy and cookie policies, consent mechanisms, and security framework documentation, expose the business to regulatory penalties and reputational damage. While network and email security appear robust, critical security headers are either missing or weakly configured, increasing the risk of cross-site scripting and clickjacking attacks. The lack of vulnerability disclosure and incident response policies further limits the organization’s ability to manage and remediate security incidents effectively. DNS security settings are partially implemented but could be strengthened to prevent domain-related attacks. Immediate remediation is required to secure communication channels and ensure compliance, thereby protecting customer data and maintaining business continuity. Addressing these issues will enhance trust, reduce legal exposure, and improve resilience against cyber threats.

V

VolkerRail

volkerrail.nl

0

The website exhibits critical vulnerabilities that severely impact its security posture, notably the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust. Compliance with GDPR is critically deficient, with missing privacy measures, cookie consent, and policy elements, risking significant legal and financial penalties for operating as an EU business without proper safeguards. The lack of an information security framework, incident response procedures, and security policies further amplifies operational risks and regulatory non-compliance under NIS2 requirements. While network security and email security show strengths, foundational issues such as weak security headers and DNS security gaps must be addressed to prevent exploitation. Overall, the site is at high risk of data breaches, legal repercussions, and reputational damage unless urgent remediation occurs. Immediate focus on encryption, privacy compliance, and security governance is essential to protect business interests and customer trust. The current security posture scores indicate critical gaps in GDPR, NIS2, and SSL/TLS domains that require rapid attention. Addressing these will significantly improve compliance, resilience, and stakeholder confidence.

4

403 Forbidden

carredor-monaco.com

0

The website's current security posture is critically weak, exposing the business to significant operational, compliance, and reputational risks. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and trust, violating GDPR and NIS2 mandates. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, XSS, and content injection. The lack of privacy and cookie policies, along with missing consent mechanisms, puts the business at risk of regulatory penalties under data protection laws. There is no formal information security framework, incident response, or business continuity planning, which impairs the organization's ability to effectively manage and recover from cyber incidents. While network security and email security show some strengths, the overall environment lacks foundational protections. Immediate remediation is needed to secure communications, comply with legal requirements, and establish governance around cybersecurity. Failure to address these issues promptly could lead to data breaches, legal fines, loss of customer trust, and business disruption.

A

AFRY

afconsult.com

0

The website's overall security posture is currently inadequate, exposing the business to significant risks related to data protection, regulatory compliance, and potential cyberattacks. The absence of HTTPS encryption is a critical vulnerability that compromises data confidentiality and integrity, severely undermining user trust and legal compliance, especially under GDPR and NIS2 frameworks. Key regulatory compliance gaps include missing privacy and cookie policies and the lack of a cookie consent mechanism, which can lead to legal penalties and reputational damage. Security governance is weak, with no documented information security or incident response policies, indicating poor preparedness for cyber incidents. While some foundational network security controls are in place, critical header configurations and missing Content-Security-Policy headers leave the website susceptible to common web attacks. DNS health is moderately good but can be improved by enabling DNSSEC to prevent DNS spoofing. Email security measures are strong, indicating some security awareness. Immediate remediation is essential to protect customer data, maintain trust, and comply with regulatory mandates.

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Key deficiencies include the absence of HTTPS encryption, missing essential security headers, and exposed critical network services such as MySQL, FTP, and RDP, which are prime targets for attackers. GDPR compliance is severely lacking due to missing privacy and cookie policies, as well as the absence of a cookie consent mechanism, risking legal penalties and reputational damage. The lack of a formal information security framework, incident response plans, and business continuity procedures further exacerbates vulnerability to cyber incidents and operational outages. While email security and DNS health show relatively better scores, critical gaps in SSL/TLS and network security overshadow these strengths. Immediate remediation is imperative to safeguard sensitive data, ensure compliance with regulations like GDPR and NIS2, and maintain customer trust. Without urgent action, the business faces increased likelihood of cyberattacks, regulatory fines, and erosion of stakeholder confidence.

The website's security posture presents significant risks that could impact business operations and customer trust. The absence of HTTPS encryption represents a critical vulnerability, exposing data in transit and potentially leading to data breaches or compliance failures. Additionally, the exposure of a high-risk FTP service increases the attack surface and could allow unauthorized access. Medium-level issues such as missing security headers, lack of DNSSEC, and incomplete email security configurations further weaken defenses against common threats. GDPR and NIS2 compliance failures indicate potential regulatory risks, which could result in legal penalties and reputational damage. While email security and DNS health scores are moderate, improvements are necessary to enhance overall protection. Immediate remediation is essential to secure sensitive data, maintain regulatory compliance, and protect brand reputation. Overall, the site requires prioritized security enhancements to mitigate critical vulnerabilities and align with best practices.

B

Best Western Plus Casino Royale Hotel

casinoroyalehotel.com

0

The website's overall security posture is critically weak, with multiple high and critical severity issues posing significant risks to business operations and compliance. The absence of HTTPS encryption represents an immediate threat to data confidentiality and integrity, undermining user trust and exposing sensitive information to interception. Key security headers are missing, leaving the site vulnerable to common web attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. GDPR compliance is severely lacking, increasing regulatory and legal risks due to missing cookie policies, consent mechanisms, and privacy safeguards. The lack of an established information security framework, incident response procedures, and business continuity plans further exacerbates operational risks under the NIS2 directive. While network security and email security show some strengths, critical gaps in SSL/TLS implementation and DNS security reduce overall trustworthiness. Urgent remediation is required to protect user data, ensure regulatory compliance, and maintain business continuity in the face of evolving cyber threats.

E

Engeco Engenharia e Construção LTDA

engeco.com.br

0

The website's overall security posture is critically weak, with multiple high and critical severity issues spanning encryption, compliance, and network exposure. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a fundamental risk. Key security headers that protect against common web attacks are missing, increasing vulnerability to clickjacking, MIME sniffing, and cross-site scripting. Compliance deficiencies, particularly with GDPR and NIS2 regulations, pose significant legal and reputational risks due to missing privacy policies, cookie consent, and documented security policies. Network services such as FTP and MySQL are exposed without adequate controls, presenting easy attack vectors for unauthorized access. While email security and DNS health show relatively better scores, critical gaps in vulnerability disclosure, incident response, and business continuity planning further weaken organizational resilience. Immediate attention is required to establish a secure baseline, ensure regulatory compliance, and protect customer data to maintain trust and avoid costly breaches.

S

SCC

scc.com

0

The website's overall security posture is currently inadequate, with critical deficiencies that expose the business to significant risks. The absence of HTTPS encryption represents a severe vulnerability, impacting data confidentiality, user trust, and regulatory compliance. Furthermore, the lack of a privacy policy, cookie policy, and consent mechanisms places the business at high risk of GDPR non-compliance, potentially resulting in regulatory penalties and reputational damage. The site also lacks foundational information security governance elements such as security policies, incident response procedures, and business continuity planning, severely weakening its resilience to cyber threats. While network and email security show strong performance, critical gaps in encryption and legal compliance overshadow these strengths. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and comply with relevant regulations such as GDPR and NIS2. Addressing these issues will significantly reduce legal liabilities and enhance overall cyber defense capabilities.

The website's security posture shows significant concerns, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. While network security measures are strong, critical gaps exist in foundational protections such as security headers and DNS configurations. Medium-level issues with GDPR and NIS2 compliance indicate potential legal and regulatory risks that could lead to penalties or reputational damage. Email security is relatively strong, but complex SPF records could cause deliverability issues. DNS health is moderate but can be improved by enabling DNSSEC and configuring CAA records to prevent unauthorized certificate issuance. Addressing these issues will enhance data confidentiality, integrity, and compliance, reducing the risk of breaches and regulatory fines. Immediate remediation of the critical HTTPS deficiency should be the top priority to safeguard customer trust and business continuity.

F

Fastway Global Ltd

fastway.org

0

The website's overall security posture is critically weak, with multiple serious vulnerabilities exposing the business to significant risks, including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is the most severe issue, exposing communications to interception and violating GDPR and NIS2 regulations. Critical security headers are missing, increasing susceptibility to various web attacks such as clickjacking, XSS, and content injection. The lack of GDPR compliance elements, including cookie policies and consent mechanisms, presents a high legal and reputational risk. Network security is compromised by exposing high-risk services like FTP and SSH without adequate controls. Additionally, the absence of documented information security frameworks, incident response, and business continuity plans reflects poor organizational preparedness. While email and DNS configurations show moderate strength, they are insufficient to compensate for the critical gaps. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity.

N

Namebay

namebay.com

0

The website's security posture is currently inadequate, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Additionally, missing GDPR compliance elements such as privacy and cookie policies, along with a lack of consent mechanisms, expose the business to legal penalties and customer trust erosion. Security governance is weak, with no documented incident response, security policies, or vulnerability disclosure processes, increasing the risk of unmanaged security incidents. Security headers are partially implemented but lack essential protections against common web attacks. Network-level controls are strong, but this does not offset the critical application-layer and compliance deficiencies. Immediate remediation is required to safeguard customer data and meet regulatory requirements. Without prompt action, the business faces heightened operational and legal risks.

P

perseusmirrors.com

perseusmirrors.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe vulnerability, compromising all data transmission and violating GDPR and NIS2 requirements. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and data leakage. The lack of GDPR compliance elements like privacy and cookie policies, as well as consent mechanisms, further exposes the company to legal penalties. Email security is insufficient due to missing SPF, DKIM, and overall email authentication, heightening the risk of phishing and spoofing attacks. Organizational security governance is inadequate, with no documented security or incident response policies, which undermines preparedness for cybersecurity incidents. DNS and network security show relatively better maturity but are insufficient to mitigate the critical gaps elsewhere. Immediate remediation is required to protect sensitive data, ensure regulatory compliance, and safeguard customer trust.

The website's overall security posture is critically weak, with multiple critical and high-severity issues identified. Most notably, the absence of HTTPS encryption exposes all data transfers to interception and manipulation, severely undermining user trust and regulatory compliance. The lack of essential security headers and privacy policies increases vulnerability to attacks such as clickjacking, cross-site scripting, and data leakage. Compliance with GDPR and NIS2 is significantly deficient, risking substantial legal and financial penalties. While email and network security aspects show relative strength, foundational security controls are missing or poorly implemented. This leaves the organization exposed to cyber threats, reputational damage, and operational disruption. Immediate remediation is vital to protect customer data, maintain business continuity, and meet regulatory requirements. Without rapid improvements, the business faces increased risk from cyber incidents and compliance failures.

H

Hays PLC

hays.com

0

The website's overall security posture is critically weak, primarily due to the complete absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Compliance with GDPR and NIS2 regulations is severely lacking, risking significant legal and financial penalties, especially given the missing cookie policy, consent mechanisms, and absence of key security governance documents. While network security and email security show strong implementation, fundamental weaknesses in security headers and encryption overshadow these strengths. The lack of an incident response plan and vulnerability disclosure policy further increases the risk of prolonged breaches and reputational damage. DNS security is moderately good but can be enhanced by enabling DNSSEC to protect against DNS spoofing attacks. Immediate remediation is essential to protect user data, maintain customer trust, and ensure regulatory compliance. Without urgent action, the business faces increased exposure to cyber threats and potential regulatory sanctions.

I

Icon Connect

iconconnect.com

0

The website's overall security posture is critically weak, with significant gaps in foundational security controls and compliance requirements. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining user trust. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. Compliance with GDPR is poor, lacking a cookie policy, consent mechanisms, and sufficient privacy disclosures, exposing the business to regulatory penalties. The NIS2 directive requirements are largely unmet, with no documented security frameworks, incident response plans, or business continuity strategies. While email security and network posture are relatively strong, these do not compensate for the critical web and compliance deficiencies. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain customer confidence. Without urgent action, the business faces heightened cyber risk, legal exposure, and reputational damage.

M

Monaco Mediax

tvfestival.com

0

The website’s security posture is currently poor, with multiple critical and high-risk vulnerabilities that expose the business to significant cyber threats and compliance violations. The absence of HTTPS encryption is a critical and immediate risk, compromising data confidentiality and integrity, and violating GDPR and NIS2 regulatory requirements. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of privacy and cookie policies, as well as the absence of a cookie consent banner, places the business at risk of GDPR non-compliance and potential legal penalties. Additionally, the organization has not implemented essential information security frameworks, policies, or incident response procedures, weakening its ability to manage and recover from security incidents. Although email security and network security postures are relatively strong, gaps in DNS security and policy documentation remain. Immediate remediation is necessary to protect customer data, maintain trust, and comply with regulatory mandates, thereby safeguarding the business’s reputation and operational continuity.

F

Fabi AS

fabi.no

0

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk. The absence of HTTPS encryption is a critical failure, undermining data confidentiality and user trust, and violating key regulatory requirements such as GDPR and NIS2. There is a lack of foundational security policies and procedures, including incident response, security framework, and vulnerability disclosure, which impairs the organization's ability to detect and respond to threats. Privacy compliance is inadequate, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Security headers are poorly implemented, increasing exposure to common web attacks like clickjacking and cross-site scripting. Email security is incomplete, lacking enforcement of DMARC and missing DKIM records, increasing the risk of phishing and domain spoofing. DNS security is moderately strong but can be improved. Network security posture is good, indicating some positive controls in place. Immediate remediation is essential to protect sensitive data, comply with regulations, and maintain customer trust.

H

HP

design4rent.com

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruption. The absence of HTTPS encryption is a critical vulnerability that compromises data confidentiality and integrity, potentially leading to customer trust erosion and legal penalties. Key security headers are missing, increasing susceptibility to common web attacks such as cross-site scripting and clickjacking. The lack of GDPR compliance elements, including privacy policies and cookie consent, presents severe regulatory risks with potential fines. There is no evidence of a security framework, incident response plan, or vulnerability disclosure process, indicating immature security governance. The exposure of high-risk services like FTP further elevates the threat profile. Although email security scores well, foundational network and application security controls require urgent improvement to protect business assets and customer data effectively. Overall, immediate remediation is essential to safeguard both operational continuity and reputation.

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is the most severe vulnerability, risking data interception and undermining customer trust. Missing fundamental security headers further exposes the platform to common web attacks such as clickjacking, cross-site scripting, and content injection. Non-compliance with GDPR, especially lacking cookie policies and consent mechanisms, increases legal and financial liabilities. The exposure of critical services like MySQL and FTP without adequate protections heightens the risk of unauthorized access and data loss. Additionally, the lack of documented security policies, incident response plans, and business continuity strategies indicates poor preparedness for cyber incidents. While email security scores well, network security and governance frameworks are significantly lacking, undermining overall resilience. Immediate remediation is essential to protect business reputation, customer data, and ensure regulatory compliance.

C

Crédit Agricole

credit-agricole.com

0

The website exhibits serious security deficiencies, particularly the complete absence of HTTPS encryption, which critically exposes data in transit and undermines user trust. Compliance with GDPR and NIS2 regulations is severely lacking, with missing cookie policies, consent mechanisms, and essential security governance documentation, posing significant legal and operational risks. While network security and email security demonstrate relatively strong postures, foundational issues around encryption and policy frameworks significantly elevate the organization's exposure to data breaches and regulatory penalties. Security headers and DNS configurations are suboptimal but less urgent relative to the critical gaps. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and uphold the organization's reputation. Without urgent action, the business remains vulnerable to interception, data leakage, and potential loss of customer confidence. Prioritizing HTTPS implementation alongside privacy and incident response policies will substantially improve the security stance. Overall, the current posture demands urgent attention to align with industry best practices and regulatory mandates.

I

International Superyacht Society

superyachtsociety.org

0

The website’s security posture is currently inadequate and exposes the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and integrity of user data, severely undermining trust and violating GDPR and NIS2 requirements. Key security headers that mitigate common web attacks are largely missing, leaving the site vulnerable to clickjacking, content injection, and cross-site scripting exploits. Additionally, the lack of privacy and cookie policies, along with no cookie consent mechanism, poses serious compliance risks with GDPR regulations, potentially leading to legal penalties. The organization also lacks essential security governance components such as incident response procedures, security policies, and business continuity plans, which are vital for operational resilience. While some areas like DNS health and network security show moderate strength, critical gaps in email authentication and SSL/TLS further increase exposure to phishing and man-in-the-middle attacks. Immediate remediation is necessary to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Without swift action, the business risks financial loss, legal consequences, and damage to brand reputation.

I

IQVIA

imshealth.com

0

The website's security posture currently exhibits significant vulnerabilities that pose notable risks to business operations and customer trust. Most critically, the absence of HTTPS encryption exposes all data transmissions to interception and manipulation, violating GDPR and NIS2 compliance requirements and potentially leading to regulatory penalties. The lack of fundamental privacy policies and cookie consent mechanisms further threatens legal compliance and customer confidence. Additionally, missing core security governance elements such as incident response, security policies, and vulnerability disclosure indicate a weak security management framework. While network and email security show strengths, critical gaps in web security headers and DNS configurations leave attack surfaces open. Immediate remediation is essential to prevent data breaches, reputational damage, and compliance failures. Overall, the website needs a prioritized security overhaul to align with industry standards and regulatory mandates.

The website's security posture is critically insufficient, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting confidentiality and trust. Key security headers that protect against common web attacks are missing, increasing the risk of cross-site scripting and content injection. Compliance with GDPR and NIS2 regulations is lacking, with no privacy policies, cookie consent mechanisms, or incident response procedures documented. Email security and DNS health show moderate maturity but require improvements to prevent spoofing and domain hijacking. Although network security appears strong, it cannot compensate for critical deficiencies in application-layer and regulatory security controls. Immediate remediation is essential to protect customer data, ensure legal compliance, and maintain business continuity.

The website's overall security posture is critically weak, with multiple high and critical severity issues that expose the business to significant data breaches, regulatory non-compliance, and operational risks. The absence of HTTPS encryption is a critical vulnerability that jeopardizes data confidentiality and integrity, directly violating GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to common web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of privacy and cookie policies, along with no cookie consent mechanism, further amplifies compliance risks and potential legal penalties. Organizational security governance is insufficient, with no documented security or incident response policies, which could delay or complicate breach mitigation. Email security and network security are relatively strong, but they cannot compensate for the critical web and compliance vulnerabilities. Immediate remediation is essential to protect customer data, maintain trust, and avoid regulatory fines. Overall, the site requires urgent security improvements and governance enhancements to meet industry best practices and legal mandates.

The website's security posture is currently poor and exposes the business to significant risks, including data breaches, regulatory non-compliance, and operational disruptions. Critical vulnerabilities such as the complete lack of HTTPS encryption and exposure of critical services like MySQL and FTP pose immediate threats to data confidentiality and integrity. Missing key security headers and policies increase the likelihood of web-based attacks such as clickjacking, content injection, and cross-site scripting. Additionally, the absence of GDPR compliance elements like privacy policies and cookie consent can lead to regulatory penalties and damage to brand reputation. The lack of defined information security frameworks, incident response, and business continuity planning further exacerbates the organization's exposure to cyber threats and slows recovery from incidents. Email security and DNS configurations are moderately strong but require improvements to align with best practices. Overall, urgent remediation is required across infrastructure, compliance, and web application security to protect business assets and customer trust.

V

Valeo

valeo.com

0

The website's overall security posture is currently poor, with critical deficiencies severely impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical risk, exposing all data in transit to interception and undermining user trust. The site lacks essential GDPR compliance elements, including a privacy policy and cookie consent mechanisms, increasing legal exposure. Furthermore, there is no evidence of adherence to the NIS2 directive, with missing information security frameworks, incident response plans, and security policies. While email and network security scores are strong, foundational web security controls like Content-Security-Policy headers are missing or weak. DNS health is moderately good but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is required to protect customer data, comply with regulations, and mitigate reputational and financial risks. Without urgent action, the business risks significant security incidents and regulatory penalties.

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, undermining data confidentiality and integrity across all communications. Multiple missing security headers further increase vulnerability to common web attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of GDPR compliance components such as privacy policies, cookie policies, and consent mechanisms exposes the business to legal penalties and erodes customer trust. Additionally, there is no evidence of adherence to the NIS2 cybersecurity directive, with critical gaps in incident response, security policies, and business continuity planning. Email security is insufficient, lacking proper authentication configurations which increase the risk of phishing and spoofing attacks. Although network security and DNS health are relatively strong, these alone do not mitigate the critical weaknesses present. Immediate remediation is required to protect sensitive customer data, maintain regulatory compliance, and safeguard the company’s brand reputation.

S

Sophia Business Angels

sophiabusinessangels.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability impacting user data confidentiality and trust. Key security headers are missing, increasing exposure to common web attacks such as clickjacking, cross-site scripting (XSS), and content injection. The site also lacks essential GDPR compliance elements like privacy policies and cookie consent, risking substantial legal penalties. Organizational security governance under NIS2 directives is severely lacking with no incident response, security policies, or information security framework in place. While email security and DNS health show moderate strengths, they are insufficient to mitigate the broader critical deficiencies. Immediate remediation is required to protect customer data, meet regulatory requirements, and maintain business continuity. Without urgent improvements, the business faces heightened risk of cyber incidents and regulatory sanctions.

The website's overall security posture is currently weak, with critical deficiencies in encryption, compliance, and security governance. The absence of HTTPS encryption represents a critical risk, exposing data in transit to interception and undermining user trust. Key GDPR compliance elements such as cookie policies and consent mechanisms are missing, putting the organization at risk of regulatory penalties. Security headers are inconsistently implemented, leaving the site vulnerable to common web attacks. Additionally, foundational security frameworks, incident response procedures, and business continuity planning are lacking, which could impair the organization's ability to detect, respond to, and recover from security incidents. While email security and network security perform well, these strengths do not offset the critical vulnerabilities present. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and preserve brand reputation. Investing in security governance and encryption will yield the highest business value and risk reduction.

M

Merkle

merkleinc.com

0

The website exhibits a poor overall security posture with critical vulnerabilities that expose it to significant risks. The absence of HTTPS encryption is the most alarming issue, affecting GDPR compliance, NIS2 regulations, and user data confidentiality. Key security headers are missing, increasing susceptibility to common web attacks such as cross-site scripting and data leakage. The lack of essential GDPR components, including a cookie consent banner and compliant privacy policy, poses legal and reputational risks. Organizational security maturity is low, with no documented security policies, incident response plans, or vulnerability disclosure processes, indicating weak governance. Email security is moderate but requires improvements to prevent phishing and spoofing attacks. DNS security is relatively strong, while network security demonstrates a good posture. Immediate remediation is needed to protect sensitive data, comply with regulations, and maintain customer trust.

The website's overall security posture is critically weak, with multiple high and critical severity issues identified across core security domains. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and MIME-sniffing. Compliance with privacy regulations is inadequate, lacking essential policies and consent mechanisms, which could lead to legal repercussions and loss of customer trust. The organization also lacks fundamental information security governance, including incident response, security policies, and vulnerability disclosure, increasing exposure to breaches and operational disruptions. While network security and email security are relatively stronger, DNS and SSL/TLS configurations are incomplete. Immediate remediation is vital to protect customer data, maintain regulatory compliance, and preserve brand reputation.

A

APM Monaco

apm.mc

0

The website's overall security posture is currently weak, with critical vulnerabilities severely impacting confidentiality and compliance. The absence of HTTPS encryption is a critical failure affecting GDPR, NIS2, and SSL/TLS compliance, exposing all data in transit to interception and undermining customer trust. Governance issues are apparent, with no documented security or incident response policies and missing GDPR-required cookie policies and consent mechanisms. While network security and DNS health show strengths, critical gaps in email security enforcement and security headers remain. The poor NIS2 and GDPR compliance scores highlight significant regulatory risk, potentially leading to legal penalties and reputational damage. Addressing these issues is urgent to protect customer data, ensure business continuity, and maintain regulatory compliance. The current state exposes the business to data breaches, legal fines, and loss of customer confidence. Immediate remediation efforts on encryption, policies, and user privacy controls are imperative to improve security posture and business resilience.

D

Dubai Tell Limited, Geneva Tell SA, Algiers Tell Markets SPA

tell.group

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability that compromises all data transmissions, severely impacting user trust and violating GDPR and NIS2 requirements. Missing essential security headers further increase susceptibility to common web attacks such as clickjacking, XSS, and content injection. Lack of privacy and cookie policies, as well as the absence of consent mechanisms, place the business at high risk of legal penalties under data protection regulations. Critical services like MySQL and FTP are publicly exposed, providing easy attack vectors for threat actors. Additionally, there is a notable deficit in security governance, including lack of incident response, security policies, and information security frameworks, which undermines the organization's ability to manage and mitigate risks effectively. While email and DNS security show some strengths, these are overshadowed by critical gaps in network and application security. Immediate action is required to address these issues to protect business assets, customer data, and maintain regulatory compliance.

R

Riviera Marine S.A.M.

rivieramarine.mc

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and trust, and violating GDPR and NIS2 requirements. Missing essential security headers such as Strict-Transport-Security and Content-Security-Policy further increase exposure to common web attacks like clickjacking and cross-site scripting. The lack of a cookie consent banner and incomplete GDPR compliance could result in legal penalties and reputational damage. Additionally, no formal security frameworks, incident response processes, or business continuity plans are in place, leaving the organization ill-prepared for security incidents. The exposure of high-risk services like FTP introduces unnecessary attack vectors. While email security and DNS health show relatively better scores, critical gaps remain. Immediate remediation is crucial to protect customer data, maintain regulatory compliance, and safeguard business continuity.

The website's security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical flaw impacting secure communications, user trust, and search engine ranking. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is severely lacking, with no privacy or cookie policies and no consent mechanisms, exposing the business to potential legal penalties. The lack of documented information security frameworks, incident response plans, and vulnerability disclosure policies indicates immature security governance. DNS configuration issues further weaken the infrastructure's resilience to attacks. However, email security and network security are relatively strong areas. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain operational continuity.

B

Balt Group

balt.fr

0

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation risks. Compliance with GDPR and NIS2 regulations is severely deficient, risking significant legal penalties and reputational damage. Key security headers are mostly missing, increasing vulnerability to clickjacking, cross-site scripting, and content injection attacks. Absence of essential policies such as incident response and security frameworks further heightens operational risks. Although DNS and email security show moderate strength, they cannot compensate for fundamental flaws in transport security and regulatory compliance. Network security posture is strong, indicating underlying infrastructure may be well-managed, but website-level controls are inadequate. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory adherence. Without urgent action, the business faces data breaches, compliance fines, and loss of customer confidence.

M

MARK

meyerbergman.com

0

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust and regulatory compliance. Key security headers are partially missing, reducing protection against common web attacks. GDPR compliance is severely lacking, with no cookie policy or consent mechanism, and insufficient privacy documentation, risking legal penalties and reputational damage. The NIS2-related controls are almost entirely absent, indicating a lack of fundamental security governance, incident response, and business continuity planning. While email and network security are strong, the critical gaps in encryption and governance overshadow these strengths. DNS security is moderate but could be improved to further harden the domain against tampering. Immediate remediation is necessary to protect customer data, comply with regulations, and maintain business continuity and trust.

The website's overall security posture exhibits significant vulnerabilities, most notably the absence of HTTPS encryption, which presents a critical risk to data confidentiality and user trust. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, absence of DKIM for email authentication, and disabled DNSSEC further expose the organization to data breaches, regulatory penalties, and phishing attacks. While network security shows a strong posture, foundational web security controls are lacking, which could undermine customer confidence and business reputation. Immediate remediation is needed to secure data in transit and align with legal requirements. Addressing these issues will reduce exposure to cyber threats, improve compliance posture, and enhance customer trust and operational resilience. The business should prioritize remediation efforts to avoid potential financial losses and reputational damage stemming from these vulnerabilities. Overall, the current state reflects an urgent need to elevate security controls to industry standards and regulatory expectations.

The website's overall security posture is currently poor, with multiple critical and high-severity vulnerabilities that expose the business to significant risks. The absence of HTTPS encryption is the most critical issue, compromising data confidentiality and user trust, and violating GDPR and NIS2 regulations. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing susceptibility to common web attacks such as man-in-the-middle and cross-site scripting. GDPR compliance is severely lacking, with no cookie policy or consent mechanisms, risking regulatory fines and reputational damage. The organization also lacks essential information security frameworks, incident response plans, and security documentation, undermining its ability to manage and respond to security incidents effectively. Email security and network security show relatively better posture but still require improvements. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold customer trust. Without addressing these critical gaps, the business faces elevated risks of data breaches, legal penalties, and operational disruptions.

S

SIPCAM OXON

sipcam-oxon.com

0

The website's overall security posture is currently poor, with multiple critical and high-severity issues exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and integrity while violating GDPR and NIS2 regulations. Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing the risk of cross-site scripting and clickjacking attacks. GDPR compliance is weak due to missing cookie consent mechanisms and incomplete privacy policies, risking legal penalties and reputational damage. The organization's information security governance is insufficient, lacking documented policies, incident response procedures, and vulnerability disclosure protocols. While email security and network security show strengths, foundational web security and regulatory compliance must be urgently addressed to safeguard customer data and maintain business continuity. Immediate remediation is essential to avoid potential data loss, regulatory fines, and erosion of customer trust.

D

Doro AB

doro.com

0

The website's overall security posture is currently weak, with critical deficiencies in fundamental protections such as HTTPS encryption and key security headers. The absence of HTTPS impacts user trust, data confidentiality, and regulatory compliance, exposing the business to significant legal and reputational risks. GDPR compliance is notably poor, lacking essential elements like cookie policies and consent mechanisms, which could result in heavy fines and customer distrust. The NIS2-related security framework and incident response processes are missing, increasing vulnerability to cyber threats and potential operational disruptions. While email security and network infrastructure show moderate to strong performance, critical gaps in web and application-layer security jeopardize the entire environment. Immediate remediation is essential to protect sensitive customer data, maintain compliance, and safeguard business continuity. Failure to address these issues promptly could lead to data breaches, regulatory penalties, and loss of customer confidence. Overall, the current state demands urgent and prioritized security improvements to align with industry standards and legal requirements.

I

Ixora Global Pte Ltd

ixora-global.com

0

The website’s security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a severe vulnerability, undermining confidentiality and trust, and violating GDPR and NIS2 mandates. Key security headers are missing, leaving the site vulnerable to clickjacking, XSS, and content injection attacks. GDPR compliance is lacking due to missing privacy policies and cookie consent mechanisms, risking fines and reputational damage. The lack of an information security framework, incident response, and business continuity planning further indicates immature security governance. Additionally, exposing high-risk services like FTP increases attack surface and potential unauthorized access. While email security and DNS health show some strengths, critical gaps overshadow these areas. Immediate remediation is essential to protect sensitive data, comply with legal requirements, and maintain customer trust.

M

Mercedes-AMG PETRONAS F1 Team

mercedesamgf1.com

0

The website's overall security posture is critically weak, with significant gaps in encryption, regulatory compliance, and security governance. The absence of HTTPS encryption represents a major vulnerability, exposing user data to interception and undermining trust. GDPR compliance is severely lacking, with missing privacy policies, cookie consent mechanisms, and inadequate third-party data handling disclosures, risking legal penalties and reputational damage. The organization also lacks fundamental security frameworks required under NIS2 regulations, such as incident response plans and security policies, which exposes it to operational risks and regulatory sanctions. While some network and email security measures are robust, critical areas like SSL/TLS encryption and security headers need urgent attention. DNS security is moderate but can be improved to further reduce attack surface. Immediate remediation is essential to protect business operations, customer trust, and ensure compliance with legal requirements.

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Significant gaps exist in both regulatory compliance (GDPR) and operational security frameworks (NIS2), including missing privacy and cookie policies, absence of incident response and security documentation, and inadequate contact information. Although email security and network security show relatively better scores, the missing critical security headers and weak configurations undermine web application protections against common attacks. Failure to implement essential headers like Strict-Transport-Security and Content-Security-Policy increases the risk of man-in-the-middle and cross-site scripting attacks. The lack of vulnerability disclosure policies and business continuity planning further exacerbates risk management deficiencies. Immediate remediation is required to protect customer data, meet regulatory requirements, and safeguard business continuity. Addressing these issues promptly will reduce exposure to breaches, legal penalties, and reputational damage.

L

London Property Investments

londonpropertyinvestments.com

0

The website's overall security posture is critically weak, with multiple high and critical severity issues primarily related to missing HTTPS encryption and key security headers. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a severe risk to user privacy and business integrity. Compliance with GDPR and NIS2 regulations is insufficient, posing potential legal and regulatory consequences, including fines and reputational damage. Security governance gaps such as missing incident response procedures, security policies, and vulnerability disclosure processes further increase organizational risk. While network security and email security show relatively stronger postures, foundational web security controls and privacy safeguards are lacking. Immediate remediation is required to protect customer data, maintain trust, and ensure regulatory compliance. The company must prioritize establishing a secure HTTPS environment and implementing critical HTTP security headers. Addressing these issues will significantly reduce the risk of cyberattacks and data breaches that could disrupt business operations and harm the brand reputation.