Security Directory

F

Flirtic Llc

face.lv

40

Face.lv is a Latvian language social networking platform operated by Flirtic Llc, based in Estonia. The platform focuses on photo rating and social interaction, boasting a large user base exceeding 687,000 users and over 1.2 million images. It offers features such as user profiles, messaging, photo rating, horoscopes, and quizzes, targeting social network users interested in interactive photo-based engagement. The business model centers on user-generated content and social connectivity within a regional market. Technically, the website employs common web technologies including Bootstrap, jQuery, Google Analytics, Facebook SDK, and third-party marketing tools. Hosting is provided by ratesolutions.eu, and payment processing is handled by Maksekeskus, a trusted partner. Performance is moderate with a page load time of approximately 5 seconds and a page size of about 577 KB. Security posture is weak due to the absence of a valid SSL certificate, lack of HTTPS, missing security headers, and no modern TLS protocols enabled. Privacy compliance is partial with a privacy policy and terms of service present but no cookie consent mechanism despite active tracking scripts. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professionally designed but requires urgent security improvements to protect user data and enhance trust.

Ს

სს “საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო”

mycreditinfo.ge

61

Mycreditinfo.ge is a Georgian finance sector website operated by სს “საკრედიტო საინფორმაციო ბიურო კრედიტინფო საქართველო”, providing credit information services including free and premium credit reports, credit score monitoring, and educational content. The site targets individuals and legal entities in Georgia seeking to manage and improve their credit profiles. The business model includes both free access and paid premium services, positioning it as a key player in the local credit information market. Technically, the website is built on Angular 13 and integrates common analytics and marketing tools such as Google Analytics and Facebook Pixel. It is hosted on Microsoft Azure, indicating a modern cloud infrastructure. However, the site suffers from slow performance due to large page size and load times, which could impact user experience. From a security perspective, the site has significant weaknesses: it lacks a valid SSL certificate and does not support any TLS protocols, severely limiting secure communications. While HSTS is enabled, its benefits are negated by the missing SSL. The site implements SPF and DMARC for email security and has basic security headers, but lacks advanced features like OCSP stapling and session resumption. Privacy and cookie policies are present with a consent mechanism, but GDPR compliance is not clearly demonstrated. Overall, the site is functional and content-rich but requires urgent improvements in SSL/TLS configuration to ensure user data protection and trust. Performance optimization and enhanced privacy compliance would further strengthen its digital maturity and security posture.

Qatar Airways is a globally recognized airline with a mature digital presence, offering comprehensive travel services including flight bookings, loyalty programs, and ancillary services. The website is well-designed, mobile-optimized, and provides extensive content and user engagement features. Technically, the site employs modern frameworks and analytics tools but lacks a valid SSL certificate, which is a critical security concern. The security posture is moderate due to missing HTTPS and TLS configurations, though other security headers are present. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site reflects a reputable enterprise with room for critical security improvements.

L

Lucid Software Inc.

lucid.app

56

Lucid Software Inc. operates the lucid.app domain, providing a comprehensive visual collaboration suite including Lucidchart and Lucidspark. The company targets teams and enterprises seeking intelligent diagramming and virtual whiteboarding solutions, positioning itself as a leader in the technology sector for collaboration tools. Their business model is SaaS-based with multiple integrated products, serving a global audience with a strong presence in the United States. The website demonstrates excellent content quality, professional design, and consistent branding, supporting a high level of business credibility. Technically, the website is built on modern frameworks such as Angular and integrates various third-party services including Google APIs, Microsoft Teams SDK, and Osano for cookie compliance. Hosting is managed via Akamai CDN, ensuring global availability. However, performance metrics are not available, and accessibility is basic but functional. SEO practices are good with proper meta tags and structured data. Security posture reveals critical issues: the SSL certificate is invalid or missing, and no TLS protocols are enabled, which is a significant risk for user data protection and trust. Security headers are well configured, but the lack of valid HTTPS severely impacts the overall security score. Privacy compliance is good, with a clear privacy policy, cookie consent mechanism, and GDPR compliance indicators. Contact information is transparent and professional, though no explicit incident response or vulnerability disclosure information is found. Overall, while the business and technical maturity are strong, the critical SSL/TLS misconfiguration poses a major risk. Strategic remediation of SSL issues is essential to restore trust and secure communications. The company should also consider publishing explicit incident response and vulnerability disclosure policies to enhance security transparency.

C

Coral

coral.com.br

53

Coral is a prominent Brazilian paint brand operating under the parent company AkzoNobel. The website serves as a comprehensive platform offering paint products, color inspiration tools, and professional services such as painter finders and online shopping. Technically, the site is built on Adobe Experience Manager and integrates modern marketing and analytics tools like Google Tag Manager and OneTrust for cookie consent. However, the absence of a valid SSL certificate and HTTPS significantly undermines the site's security posture. While privacy and cookie policies are well implemented and GDPR compliant, the lack of security headers and email domain protections like DMARC present vulnerabilities. Overall, the site is content-rich and professionally designed but requires urgent security improvements to protect user data and enhance trust.

C

Compusoft Group

compusoftgroup.com

61

Compusoft Group is a leading provider of specialized software solutions for the kitchen, bathroom, furniture, window, and door industries. Their portfolio includes design, presentation, business management, and production software, targeting professionals who require efficient and accurate tools to streamline their workflows. The company operates globally with a strong presence in over 100 countries and serves a large customer base, positioning itself as a key player in the configurable product software market. As a subsidiary of Cyncly, Compusoft benefits from a broader corporate ecosystem enhancing its market reach and technological capabilities. Technically, the website is built on WordPress with a comprehensive set of modern web technologies and analytics tools, including Google Analytics, Cookiebot for consent management, and various marketing and tracking integrations. The site demonstrates good performance and mobile optimization, although the page load time is relatively slow, likely due to extensive resources and scripts. Security-wise, the site employs a valid SSL certificate with HSTS enabled, SPF and DMARC records are properly configured, indicating a strong email security posture. However, the absence of DNSSEC and CAA records suggests room for improvement in DNS security. No explicit security or incident response policies are publicly available, which could be a gap in transparency. Overall, the website reflects a mature digital presence with robust privacy and cookie management practices, extensive tracking for marketing and analytics, and a professional, consistent brand image. The risk profile is moderate, with recommendations to enhance DNS security and publish clear security policies to improve trust and compliance.

A

Ambient-TV Sales & Services GmbH

ambient-tv.de

59

Ambient-TV Sales & Services GmbH operates a large Digital Out Of Home (DOOH) advertising network in Germany, offering advertisers access to over 50,000 screens across more than 10,000 locations nationwide. The company provides campaign customization and a creative simulator tool to help clients visualize their logos on various screens. Their market position is strong within the German outdoor advertising sector, supported by partnerships with major brands and media groups. Technically, the website is built on modern frameworks such as Next.js and React, hosted on AWS infrastructure, and employs security best practices like TLS 1.3 and OCSP stapling. However, there are areas for improvement in DNS security and HTTP security headers. The security posture is solid but could be enhanced by implementing DNSSEC, DMARC, and HSTS. Overall, the company demonstrates a professional online presence with good user experience and trust indicators, though explicit security and incident response policies are not publicly disclosed.

S

Short&Sweet Marketing

shortandsweet.com.br

66

Short&Sweet Marketing is a Brazilian digital marketing agency specializing in data-driven performance marketing, including SEO, inbound marketing, PPC, and lead generation. Positioned as an RD Station Silver Partner, the company demonstrates a strong market presence with over 15 years of experience and a portfolio of successful client case studies. The website reflects a professional and consistent brand image targeting businesses seeking to enhance their digital sales channels. Technically, the site is built on modern frameworks such as React and Next.js, utilizing Material-UI for UI components, and integrates various marketing and analytics tools including Google Analytics, Google Tag Manager, and reCAPTCHA for security. However, the absence of a valid SSL certificate and lack of HTTPS support represent significant security weaknesses. The site implements basic email security measures like SPF and DMARC but lacks advanced security headers and practices. Overall, the digital infrastructure supports the business model but requires urgent improvements in security to protect data and enhance user trust.

S

SecureServer

secureserver.net

65

SecureServer.net operates as a comprehensive web services provider specializing in domain registration, hosting, website building, email, SSL certificates, and website security solutions. The company targets a broad audience including businesses, resellers, and individual customers, offering a reseller program and multi-market support. Their market position is that of an established enterprise-level provider with a global footprint and a focus on reseller sales. The website content and structure reflect a professional and consistent brand with good quality content and user experience.

M

Medienfachverlag Johann Oberauer GmbH

oberauer.com

62

Medienfachverlag Johann Oberauer GmbH is a leading media publishing company in the DACH region specializing in journalism, PR, communication, and printing industry publications and events. The company operates multiple industry magazines, organizes prestigious events and awards, and manages digital portals and job platforms targeting media professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery, WP Rocket, and Google Tag Manager, optimized for performance and SEO but currently lacks a valid SSL certificate, which is a critical security gap. The security posture shows good email authentication practices with SPF and DMARC but misses HTTPS enforcement and advanced DNS security features. Overall, the company demonstrates strong market positioning and digital maturity but should urgently address SSL/TLS issues to protect user data and enhance trust.

J

JET e-Business

jetecommerce.com.br

58

JET e-Business is a Brazilian e-commerce platform provider specializing in high-performance omnichannel solutions for B2C, B2B, D2C, and B2B2C markets. The company offers a comprehensive suite of services including marketplace integrations, storefront customization, search optimization, shipping facilitation, and analytics. Positioned as a strategic partner for e-commerce businesses, JET emphasizes technology, professional support, and customer experience to help clients scale their online operations. The website reflects a medium-sized enterprise with a strong digital presence and a focus on the Brazilian market. Technically, the website is built on WordPress with WPBakery Page Builder and integrates multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, Hotjar, and LinkedIn Insight Tag. Hosting and DNS services are provided by Hostinger and Cloudflare respectively. While the site has a valid SSL certificate and implements SPF and DMARC for email security, it lacks advanced DNS security features like DNSSEC and HSTS, and does not have a published security policy or vulnerability disclosure page. From a security perspective, the site demonstrates good baseline practices with valid SSL and email authentication records, but could improve by enabling HSTS, DNSSEC, and publishing explicit security and incident response policies. The presence of multiple tracking scripts indicates extensive user data collection, balanced by a cookie consent mechanism and a comprehensive privacy policy compliant with GDPR. Performance is a concern due to high page load times and large page size, which may impact user experience. Overall, JET e-Business presents a professional and trustworthy e-commerce platform with solid business and technical foundations. Strategic improvements in security hardening and performance optimization are recommended to enhance resilience and user satisfaction.

LexisNexis Risk Solutions, operating the Accurint® TraX™ platform, provides advanced investigative solutions primarily targeting law enforcement and government agencies. Their platform integrates call detail records with law enforcement and identity data to enable efficient device geolocation investigations. The company is positioned as a trusted, enterprise-level provider with a comprehensive suite of services including investigative support, training, and single sign-on capabilities with related products. The website reflects a mature digital presence with extensive content, strong branding, and a focus on compliance and privacy. Technically, the website employs a robust technology stack including JavaScript frameworks, VWO for optimization, Adobe DTM for tag management, and OneTrust for cookie consent management. Hosting is on Amazon AWS with a valid SSL certificate, though some TLS protocol support appears limited. Performance is moderate to slow due to large page size and resource count, but mobile optimization and accessibility are well addressed. From a security perspective, the site implements key best practices such as HSTS and valid SSL, but lacks DNSSEC and CAA records, which are recommended for enhanced security. No explicit security policy or incident response information is publicly available, indicating an area for improvement. The site demonstrates good privacy compliance with clear policies and consent mechanisms. Overall, LexisNexis Risk Solutions maintains a high level of professionalism and trustworthiness in its online presence, supporting its role as a critical provider of investigative and risk management solutions. Strategic enhancements in security posture and transparency could further strengthen its market position and customer confidence.

S

SiteGround

mailspamprotection.com

62

SiteGround is a large, well-established web hosting provider offering a broad range of hosting services including shared, cloud, reseller, WordPress, and WooCommerce hosting, as well as website building and email marketing tools. The company targets small to medium businesses, web professionals, and agencies, emphasizing performance, security, and customer support. Their market position is strong with over 3 million domains hosted and high customer satisfaction ratings. Technically, the website leverages modern web technologies including nginx, PHP, Google Tag Manager, Cookiebot for consent management, and reCAPTCHA for bot protection. The hosting infrastructure is based on Google Cloud, promising high availability and speed. Security headers are well implemented, but the SSL certificate is invalid for the domain, and no modern TLS protocols are enabled, indicating a critical security misconfiguration. Privacy and cookie policies are present and comprehensive, with GDPR compliance mechanisms in place. Overall, the website is professionally designed with excellent user experience and SEO optimization.

P

Perolike

perolike.com

67

Perolike.com is a small-scale website currently in a 'Launching Soon' state, built and hosted using GoDaddy's Website Builder platform. The site offers a contact form protected by Google reCAPTCHA and displays a cookie consent banner, indicating basic compliance with privacy norms. The technical infrastructure relies on GoDaddy hosting with a valid SSL certificate, although modern TLS protocols are not enabled, which limits the security posture. No privacy policy, terms of service, or security policy documents are present, which may impact user trust and regulatory compliance. The website's content is minimal, focusing on brand name and launch announcement, with no detailed business or service information provided.

C

Crystal Cosmetics e-Store

crystalcosmetics.lv

63

The website’s overall security posture reveals significant compliance and configuration gaps, particularly in GDPR adherence and NIS2 framework implementation, which pose substantial legal and operational risks. While network security and email security modules score relatively well, critical weaknesses in privacy policies, incident response procedures, and SSL/TLS configurations expose the business to potential data breaches and regulatory penalties. The absence of a cookie consent mechanism and inadequate privacy measures are especially concerning for EU operations, risking non-compliance fines. SSL certificate weaknesses and missing security headers further undermine the trustworthiness of the site. Immediate remediation is essential to mitigate risks associated with data privacy, incident handling, and encryption standards. Addressing these vulnerabilities will not only protect customer data but also enhance regulatory compliance and business reputation. Strategic investment in security governance frameworks and technical controls is paramount. Overall, the business must prioritize GDPR and NIS2 compliance to avoid critical legal and financial repercussions.

P

Pearson

lumerit.com

67

The website demonstrates a moderate security posture with no critical vulnerabilities but multiple high and medium-risk issues that need immediate attention. Key weaknesses include missing essential security headers, weak SSL configurations, and significant GDPR compliance gaps such as the absence of privacy and cookie policies and consent mechanisms. Additionally, the lack of documented information security frameworks, incident response procedures, and business continuity plans exposes the organization to regulatory and operational risks, especially under NIS2 requirements. While email and network security appear robust, the overall low scores in GDPR and NIS2 compliance indicate potential legal liabilities and increased exposure to security incidents. Proactive remediation will safeguard customer trust, ensure regulatory compliance, and protect business continuity. Prioritizing these improvements is crucial to mitigating reputational and financial risks associated with data breaches and non-compliance penalties.

P

Pearson TalentLens

talentlens.com

70

The website demonstrates a generally strong technical security posture in areas such as email security, SSL/TLS configuration, and network security. However, significant gaps exist in privacy compliance and governance frameworks, notably with the absence of GDPR-required policies and NIS2 security management documentation. Missing critical security headers like Content-Security-Policy and Permissions-Policy increase vulnerability to web-based attacks. The lack of a Privacy Policy, Cookie Policy, and Consent Banner exposes the business to regulatory penalties and reputational damage. Furthermore, the absence of incident response procedures and security contact information impairs the organization's ability to effectively manage and respond to security incidents. DNS and caching configurations also present medium- to low-risk weaknesses that should be addressed to enhance overall security robustness. Immediate remediation of compliance and governance issues is essential to reduce legal risks and improve stakeholder trust.

P

Pearson

pearsonaccelerated.com

70

The website's overall security posture reveals significant gaps primarily in compliance with privacy regulations and foundational security policies. While technical protections like email security, SSL/TLS configurations, and network security are strong, critical governance and policy frameworks such as GDPR compliance and NIS2 requirements are largely absent or insufficient. Missing privacy and cookie policies, lack of consent mechanisms, and absence of incident response and security documentation expose the business to regulatory fines and reputational damage. Additionally, key security headers are missing, increasing the risk of client-side attacks. The DNS security posture is moderate but can be improved. Addressing these issues promptly will reduce legal risks, protect customer data, and strengthen the company’s cybersecurity resilience. Overall, the website is vulnerable to regulatory scrutiny and certain attack vectors, necessitating immediate attention to governance and policy controls alongside technical improvements.

P

Pearson

pearsonhighered.com

67

The website demonstrates a generally strong technical security foundation in network security, SSL/TLS configurations, and email security, with scores above 80% in these areas. However, significant gaps exist in security headers implementation, data privacy compliance (GDPR), and adherence to the NIS2 directive, with scores as low as 25%. The absence of critical policies such as Privacy Policy, Cookie Policy, incident response, and security documentation exposes the business to regulatory and reputational risks. Missing Content-Security-Policy and Permissions-Policy headers increase the risk of client-side attacks. Lack of GDPR compliance elements, including cookie consent and third-party privacy transparency, could lead to legal penalties and loss of customer trust. The absence of a vulnerability disclosure policy and business continuity planning further weakens the organization's resilience against cyber threats. Overall, while technical defenses are solid, governance, compliance, and data protection require urgent attention to safeguard the business and maintain stakeholder confidence.

A

Advania UK

advania.co.uk

75

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, several high and medium-risk issues expose the business to regulatory, operational, and reputational risks. Notably, the absence of key security policies and incident response procedures significantly undermines the organization's NIS2 compliance and readiness against cyber incidents. GDPR compliance gaps, including missing cookie consent and incomplete privacy policy details, increase the risk of regulatory penalties and erode customer trust. Technical security controls such as missing Content-Security-Policy headers and weak SSL key lengths weaken defenses against common web attacks and data interception. While network and email security are strong, foundational improvements in security governance and data protection are urgently needed. The SSL certificate nearing expiry and lack of DNSSEC further threaten service reliability and integrity. Overall, the organization must prioritize closing policy and compliance gaps alongside strengthening technical controls to maintain customer confidence and avoid costly breaches or fines.

C

Coles Group

colesgroup.com.au

73

The website demonstrates a generally stable security posture with no critical issues identified; however, several high and medium-level gaps present significant compliance and risk challenges. Key deficiencies include missing essential security headers and incomplete GDPR compliance, notably the absence of a cookie policy and consent mechanism, which could expose the business to regulatory penalties. The lack of an established information security framework, security policies, and incident response procedures severely undermines resilience against cyber threats and incident management. Email security is moderately sound but could be improved by implementing DKIM to prevent spoofing. Although network and SSL/TLS configurations are strong, issues like mixed content and missing DNSSEC pose potential attack vectors. Addressing these areas will enhance regulatory compliance, reduce liability, and strengthen overall risk management. Immediate attention to governance and privacy controls is critical to align with NIS2 and GDPR requirements and protect brand reputation.

P

PetSure (Australia) Pty Ltd

petsure.com.au

66

The website security assessment reveals a concerning overall security posture, with no critical issues but multiple high and medium severity vulnerabilities primarily related to security headers, GDPR compliance, and NIS2 regulatory requirements. Key gaps include missing fundamental HTTP security headers, absence of essential GDPR cookie policies and consent mechanisms, and a lack of formalized information security, incident response, and business continuity frameworks. SSL/TLS configurations show weaknesses with expiring certificates and weak key lengths, raising risks of data interception. While email and network security measures are strong, DNS security can be improved. These vulnerabilities increase the risk of data breaches, regulatory fines, and reputational damage, highlighting an urgent need for remediation to protect business assets and maintain customer trust. Addressing these issues will also enhance compliance with evolving cybersecurity regulations such as NIS2 and GDPR.

The website demonstrates a generally stable security posture with no critical vulnerabilities detected, and strong network security measures in place. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, reflected by low scores of 43 and 25 respectively. High-severity issues such as the absence of a cookie policy, consent banner, security documentation, and incident response procedures expose the business to legal, reputational, and operational risks. Email security protocols and SSL/TLS configurations are adequate but require improvements to prevent phishing and data interception. DNS health and security headers are mostly well-configured, though some enhancements are advisable. Overall, the site is protected against common network threats but needs urgent attention on regulatory compliance and incident preparedness to mitigate potential business disruptions and fines. Addressing these gaps will strengthen trust with customers and regulators while enhancing resilience against cyber incidents.

O

Ooshman

ooshman.au

59

The website demonstrates significant security gaps, particularly in foundational security headers, privacy compliance, and information security governance, resulting in a poor overall security posture. While network security and email security score relatively well, critical vulnerabilities such as missing Strict-Transport-Security and Content-Security-Policy headers expose the site to data interception and cross-site scripting attacks. The absence of GDPR compliance elements like privacy and cookie policies presents legal and reputational risks. Additionally, missing NIS2-related documentation and incident response procedures indicate a lack of preparedness for cyber incidents, increasing operational risk. Weak SSL key lengths and impending certificate expiration further undermine secure communications. Addressing these high and medium priority issues is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity. Immediate remediation will reduce potential breach impact, enhance customer trust, and align with industry standards.

R

RealPage

realpagecares.com

64

The website's overall security posture reveals significant gaps, particularly in governance and compliance areas such as GDPR and NIS2 frameworks, exposing the business to regulatory and reputational risks. Critical email security misconfigurations pose a high risk of phishing and spoofing attacks, potentially undermining customer trust. Missing key security headers like Content-Security-Policy and X-Frame-Options increase vulnerability to cross-site scripting and clickjacking attacks, threatening data integrity. Although network security and DNS health are relatively strong, foundational SSL/TLS and header configurations require improvement to safeguard data in transit. The absence of documented incident response and business continuity plans limits the organization's ability to effectively respond to cyber incidents, increasing potential downtime and financial loss. Lack of a cookie policy and consent mechanisms places the company at risk of non-compliance with privacy laws, which could result in fines and legal challenges. Immediate attention to these areas will reduce attack surfaces, ensure compliance, and strengthen overall resilience. Prioritizing governance frameworks and critical technical controls will deliver the greatest business impact.

S

Spotify AB

spotifyforbrands.com

65

The website demonstrates a moderate to weak security posture with no critical issues but several high and medium severity findings that could expose the business to significant risks. Key gaps include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of foundational NIS2 security governance documentation. Email and network security are relatively strong, but SSL/TLS configurations show weaknesses that could undermine data integrity and confidentiality. The absence of incident response and vulnerability disclosure policies increases the risk of prolonged breaches and reputational damage. Overall, the organization faces regulatory compliance risks, potential data breaches, and operational disruptions if these issues remain unaddressed. Immediate remediation will enhance customer trust, reduce legal exposure, and improve resilience against cyber threats. Prioritizing governance and technical controls will strengthen the security framework and align with industry best practices.

A

Acentra Health

acentra.com

65

The website's overall security posture reveals significant gaps in compliance and foundational security controls, particularly concerning regulatory requirements and cryptographic protections. While no critical vulnerabilities were found, multiple high and medium severity issues pose material risks to data privacy, legal compliance, and customer trust. Key weaknesses include missing security headers, lack of GDPR-compliant cookie policies and consent mechanisms, absence of formal information security and incident response frameworks, and weak SSL/TLS configurations. Conversely, network security and DNS health show relatively strong scores, indicating some effective controls are in place. The deficient NIS2 compliance score highlights the urgent need for documented security policies and incident handling procedures. Immediate remediation will reduce exposure to data breaches, regulatory penalties, and reputational damage. Investment in security governance and cryptographic standards is needed to align with industry best practices and legal mandates.

C

CNECT

cnectgpo.com

65

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk vulnerabilities across key domains. Significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity standards, exposing the business to regulatory, reputational, and operational risks. Missing essential headers like Strict-Transport-Security and Content-Security-Policy weaken defense against common web attacks. GDPR-related deficiencies, including lack of a cookie policy and consent mechanisms, risk non-compliance penalties. The absence of documented security policies, incident response, and business continuity plans under NIS2 further increases exposure to cyber threats and operational disruptions. SSL/TLS configurations are suboptimal with weak key length and upcoming certificate expiry, potentially compromising secure communications. Encouragingly, network security and email security show relatively strong scores, indicating some foundational controls are in place. Immediate remediation focused on regulatory compliance and critical security controls will substantially reduce risk and improve trustworthiness.

R

RealPage, Inc.

realpagelumina.com

68

The website's overall security posture reveals significant gaps, particularly in governance and compliance areas. Critical issues such as the lack of email authentication and missing incident response procedures expose the business to heightened risks of phishing attacks and prolonged downtime during security incidents. High-severity findings around GDPR compliance and the absence of a documented security framework indicate potential regulatory and reputational risks. Although network security and DNS health scores are strong, foundational security controls like Content-Security-Policy and Strict-Transport-Security headers are insufficiently configured, increasing vulnerability to web-based attacks. Expiring SSL certificates and mixed content issues further degrade trust and security. Immediate remediation is necessary to safeguard sensitive data, ensure regulatory compliance, and protect brand reputation. The business should prioritize establishing formal security policies and improving critical headers and email authentication measures. Addressing these issues will reduce risk exposure and support long-term resilience against evolving cyber threats.

The website demonstrates a generally sound technical security posture with strong network security, SSL/TLS configurations, and email security. However, there are significant compliance and governance gaps, primarily related to GDPR and NIS2 regulatory requirements, which pose high legal and operational risks. Key concerns include the absence of privacy and cookie policies, lack of consent mechanisms, and missing incident response and information security framework documentation. These deficiencies could lead to regulatory penalties, reputational damage, and loss of customer trust. Security headers are implemented but need strengthening to mitigate web-based attacks effectively. DNS and email security are adequate but have room for improvement to reduce attack surface. Addressing governance and compliance issues should be prioritized alongside enhancing security headers to ensure a balanced, robust security posture that supports business continuity and regulatory adherence.

This website has 7 security issue(s) identified for improvement. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website demonstrates a generally solid security posture with no critical vulnerabilities detected, and strong SSL/TLS implementation ensures secure data transmission. However, the presence of a high-risk exposed FTP service significantly increases the attack surface, posing potential data breach and unauthorized access risks. Medium-level issues such as lack of security headers, incomplete GDPR and NIS2 compliance, and suboptimal email security configurations indicate gaps in regulatory adherence and threat mitigation. DNS health is moderately strong but could be improved by enabling DNSSEC and configuring CAA records to prevent domain hijacking and unauthorized certificate issuance. The exposure of SSH services, while common, requires careful access controls to avoid exploitation. Addressing these findings will reduce risk, improve compliance posture, and enhance customer trust. Overall, the website is secure but requires targeted remediation to mitigate high-impact vulnerabilities and strengthen regulatory compliance.

The website demonstrates a generally moderate security posture with no critical vulnerabilities but several areas requiring improvement. The presence of a high-risk exposed FTP service poses a significant threat, potentially allowing unauthorized access or data leakage. Medium-level issues such as missing security headers, lack of DNSSEC, and non-enforcing DMARC policies indicate gaps in defense-in-depth and email security that could be exploited for phishing or man-in-the-middle attacks. Compliance-related analyses for GDPR and NIS2 failed, suggesting potential regulatory risks that could lead to legal and financial penalties. While SSL/TLS configurations are strong, the exposed SSH service and incomplete DNS configurations further increase attack surface risk. Addressing these issues promptly will reduce the likelihood of breaches, enhance customer trust, and ensure regulatory compliance. Overall, the organization should prioritize network service hardening and compliance remediation to strengthen its security posture.

The website's overall security posture reveals significant gaps, especially in compliance and critical security controls. While network security appears robust, there are critical vulnerabilities in email authentication and SSL configurations that expose the business to phishing and data interception risks. The absence of GDPR-compliant measures such as a cookie consent banner and clear privacy policies could lead to regulatory penalties and reputational damage. Moreover, severe deficiencies in NIS2-related governance—like missing incident response procedures and security policy documentation—indicate unpreparedness for cyber incidents, increasing operational risk. Security headers are partially implemented but require strengthening to protect user data and prevent information leakage. DNS security is moderate but can be improved with DNSSEC and CAA records. Immediate remediation is essential to mitigate potential breaches, comply with regulations, and safeguard customer trust and business continuity.

L

LCL

lcl.fr

66

The website exhibits a mixed security posture with strong performance in SSL/TLS, network security, and email security, but significant gaps in GDPR compliance and NIS2 regulatory requirements. Critical issues include operating an EU-facing business without adequate privacy measures, lacking core privacy policies, and missing incident response and security documentation. These deficiencies expose the business to legal risks, regulatory penalties, and reputational damage, particularly under stringent EU data protection laws and NIS2 mandates. Security headers are generally adequate but could be improved to guard against common web threats. DNS and email security are moderately well-configured but require enhancements to strengthen defenses against spoofing and DNS attacks. Overall, the company must prioritize compliance and governance frameworks to reduce exposure and build customer trust. Addressing these gaps will mitigate significant business risks and align the website with current cybersecurity and privacy best practices.

A

Andbank

andbank.es

55

The website's security posture is currently weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Critical and high-severity issues dominate the assessment, especially in privacy compliance (GDPR) and foundational web security headers, indicating gaps in legal and technical safeguards. The absence of key security headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to man-in-the-middle and cross-site scripting attacks. Lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks, especially for EU customers. The missing security framework, incident response procedures, and vulnerability disclosure policies reflect immature security governance, increasing exposure to prolonged or unmitigated incidents. Exposure of high-risk services such as FTP further elevates the attack surface. While email security, SSL/TLS, DNS health, and network security show moderate maturity, they still require improvements. Immediate attention to these issues will reduce risk, support regulatory compliance, and enhance customer trust.

The website's overall security posture shows significant vulnerabilities in foundational security controls, privacy compliance, and incident preparedness, despite no critical issues detected. High-severity gaps in HTTP security headers expose the site to common web attacks such as clickjacking, content injection, and data interception. There is a notable absence of GDPR compliance elements like privacy policies and cookie consent mechanisms, posing legal and reputational risks. Furthermore, the lack of an information security framework, incident response procedures, and business continuity planning indicates immature security governance, increasing the impact of potential security incidents. While email security and TLS/DNS configurations are relatively strong, expiring SSL certificates and missing HSTS reduce the effectiveness of encryption protections. The presence of an exposed high-risk FTP service significantly raises the risk of unauthorized data access. Overall, immediate remediation is needed to protect customer data, ensure regulatory compliance, and reduce operational risks from cyber threats.

I

International University of Monaco

monaco-executive-education.com

67

The website exhibits a mixed security posture with strong network security and SSL/TLS configurations but significant gaps in compliance and core security policies. Critical and high-severity issues primarily surround email authentication, regulatory compliance (GDPR and NIS2), and absence of formal security documentation and procedures. The lack of email authentication poses immediate risks of phishing and email spoofing, undermining brand trust and deliverability. GDPR compliance deficiencies, including missing cookie policies and consent banners, expose the business to potential legal penalties and reputational damage. The absence of an information security framework, incident response plan, and vulnerability disclosure process under NIS2 indicates a maturity gap in organizational security governance. While technical controls like DNS and SSL are generally solid, missing headers and policy configurations reduce defense-in-depth effectiveness. Addressing these vulnerabilities is critical to safeguarding customer data, ensuring regulatory compliance, and maintaining operational resilience. Immediate action will mitigate risks, enhance customer trust, and support long-term business continuity.

B

Bonpoint

bonpoint-vintage.com

65

The website demonstrates a generally good network security posture and strong email and DNS configurations, but significant gaps exist in privacy compliance and foundational security frameworks. Critical GDPR compliance issues, such as missing privacy and cookie policies and lack of consent mechanisms, present considerable legal and reputational risks. The absence of a documented information security framework, incident response, and business continuity planning under NIS2 further exposes the organization to operational disruptions and regulatory penalties. Weaknesses in SSL/TLS configurations, including weak key lengths and certificates nearing expiration, increase vulnerability to interception and compromise. Security headers are partially configured but lack completeness, potentially allowing certain attack vectors. Overall, the current security posture leaves the business exposed to compliance violations, potential data breaches, and operational risks that could harm customer trust and incur financial penalties. Immediate remediation focusing on compliance and foundational security policies will substantially mitigate these risks and improve resilience.

G

Gianvito Rossi Global

gianvitorossi.com

54

The website's overall security posture is concerning, with multiple critical and high-severity issues identified that expose the business to significant risks. The absence of HTTPS encryption is a critical vulnerability, impacting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 mandates. Additionally, the lack of key security headers and weak privacy controls reduces protection against common web attacks and privacy violations. Governance and compliance frameworks such as NIS2 and GDPR are poorly implemented, with missing policies, procedures, and contact information, raising potential legal and reputational risks. While email security and network security show relatively strong scores, foundational web and application security practices require urgent remediation. Immediate action is required to secure communications, ensure compliance, and establish incident response capabilities. Without addressing these gaps, the business risks data breaches, regulatory fines, and damage to customer trust.

I

InfraOpS

infraops.fr

37

The website's security posture is critically weak, exposing the business to significant risk both technically and legally. The absence of HTTPS encryption and critical security headers like Strict-Transport-Security and Content-Security-Policy leaves user data vulnerable to interception and attacks such as man-in-the-middle and clickjacking. Moreover, the lack of GDPR compliance measures including privacy and cookie policies, as well as consent mechanisms, exposes the business to regulatory penalties, especially given the EU presence. The missing NIS2 security framework and incident response plans indicate inadequate preparedness for cyber incidents, increasing downtime and reputational damage risks. Email security weaknesses, such as missing DMARC and DKIM records, heighten the risk of email spoofing and phishing attacks targeting customers and partners. DNS health is moderate but could be improved with DNSSEC to prevent DNS attacks. Although network security posture is strong, this does not compensate for the critical gaps in web security and compliance. Immediate remediation is essential to protect customer trust, ensure regulatory compliance, and safeguard business continuity.

V

Valeo

valeo.com

54

The website's overall security posture is currently poor, with critical deficiencies severely impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical risk, exposing all data in transit to interception and undermining user trust. The site lacks essential GDPR compliance elements, including a privacy policy and cookie consent mechanisms, increasing legal exposure. Furthermore, there is no evidence of adherence to the NIS2 directive, with missing information security frameworks, incident response plans, and security policies. While email and network security scores are strong, foundational web security controls like Content-Security-Policy headers are missing or weak. DNS health is moderately good but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is required to protect customer data, comply with regulations, and mitigate reputational and financial risks. Without urgent action, the business risks significant security incidents and regulatory penalties.

The website's overall security posture is critically weak, with multiple high and critical severity issues identified across core security domains. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and MIME-sniffing. Compliance with privacy regulations is inadequate, lacking essential policies and consent mechanisms, which could lead to legal repercussions and loss of customer trust. The organization also lacks fundamental information security governance, including incident response, security policies, and vulnerability disclosure, increasing exposure to breaches and operational disruptions. While network security and email security are relatively stronger, DNS and SSL/TLS configurations are incomplete. Immediate remediation is vital to protect customer data, maintain regulatory compliance, and preserve brand reputation.

A

APM Monaco

apm.mc

50

The website's overall security posture is currently weak, with critical vulnerabilities severely impacting confidentiality and compliance. The absence of HTTPS encryption is a critical failure affecting GDPR, NIS2, and SSL/TLS compliance, exposing all data in transit to interception and undermining customer trust. Governance issues are apparent, with no documented security or incident response policies and missing GDPR-required cookie policies and consent mechanisms. While network security and DNS health show strengths, critical gaps in email security enforcement and security headers remain. The poor NIS2 and GDPR compliance scores highlight significant regulatory risk, potentially leading to legal penalties and reputational damage. Addressing these issues is urgent to protect customer data, ensure business continuity, and maintain regulatory compliance. The current state exposes the business to data breaches, legal fines, and loss of customer confidence. Immediate remediation efforts on encryption, policies, and user privacy controls are imperative to improve security posture and business resilience.

M

MARK

meyerbergman.com

53

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust and regulatory compliance. Key security headers are partially missing, reducing protection against common web attacks. GDPR compliance is severely lacking, with no cookie policy or consent mechanism, and insufficient privacy documentation, risking legal penalties and reputational damage. The NIS2-related controls are almost entirely absent, indicating a lack of fundamental security governance, incident response, and business continuity planning. While email and network security are strong, the critical gaps in encryption and governance overshadow these strengths. DNS security is moderate but could be improved to further harden the domain against tampering. Immediate remediation is necessary to protect customer data, comply with regulations, and maintain business continuity and trust.

N

Nyetimber Limited

nyetimber.com

45

The website exhibits a critically weak security posture with multiple severe vulnerabilities that expose it to significant risks including data breaches, compliance violations, and service interruptions. The absence of HTTPS encryption, flagged as critical across SSL/TLS, GDPR, and NIS2 compliance areas, is the most alarming issue, leaving all data transmissions vulnerable to interception and manipulation. Key security headers critical for protecting against common web attacks are missing, increasing the risk of clickjacking, content injection, and cross-site scripting attacks. GDPR compliance is poor, notably lacking a cookie consent mechanism and potentially non-compliant privacy policies, which could result in regulatory penalties and damage to customer trust. NIS2 directives are largely unmet, with no documented security policies, incident response plans, or information security frameworks, exposing the business to operational risks and regulatory enforcement. Email security is moderately better but still incomplete, with missing DKIM records and weak DMARC enforcement that could facilitate phishing attacks. DNS security is fairly strong, but the absence of DNSSEC and CAA records leaves some attack vectors open. Network security within the infrastructure is solid, providing a good foundation to build upon. Immediate attention is required to address critical encryption and compliance gaps to protect the business, customers, and reputation.

P

Philips

philips.com

52

The website's overall security posture is concerning, with critical vulnerabilities related to the absence of HTTPS encryption, exposing all data transmissions to interception and manipulation. Compliance with GDPR and NIS2 regulations is severely lacking, including missing privacy and cookie policies, no cookie consent banner, and inadequate information security governance. While email and network security are strong, foundational security controls such as security headers and DNS health need improvement. The absence of incident response and business continuity plans further increases operational risk. Failure to comply with GDPR can result in significant legal penalties and reputational damage, while NIS2 non-compliance may affect business continuity and regulatory standing. Immediate remediation is essential to protect customer data, maintain trust, and avoid regulatory fines. The website is currently vulnerable to data breaches, regulatory penalties, and potential service disruptions due to these gaps.

V

VENUS

venus.com

51

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trustworthiness. Compliance with GDPR and NIS2 regulations is severely lacking, with no cookie policies, consent mechanisms, or documented security frameworks in place, putting the business at significant legal and operational risk. While network security and DNS health scores are relatively strong, critical gaps in encryption and incident response capabilities overshadow these strengths. Security headers and email security have moderate scores but require improvements to reduce attack surface and phishing risks. The lack of HTTPS also negatively impacts SEO and customer confidence. Immediate remediation is necessary to protect sensitive information, ensure regulatory compliance, and maintain business continuity. Failure to address these issues could result in data breaches, regulatory penalties, and reputational damage. The current state indicates an urgent need for a strategic security overhaul aligned with industry standards and legal requirements.

M

Manens S.p.A.

manens-tifs.it

48

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Key security headers that mitigate various web attacks are largely missing, increasing the risk of cross-site scripting, clickjacking, and content sniffing attacks. Compliance with GDPR and NIS2 regulations is significantly lacking, posing legal and reputational risks, particularly due to missing cookie consent mechanisms, insufficient privacy policies, and lack of incident response and security documentation. Although email security and network security are relatively strong, critical deficiencies in web security and regulatory compliance overshadow these strengths. The absence of an information security framework and business continuity planning further jeopardizes operational resilience. Immediate remediation is essential not only to protect sensitive data and privacy but also to maintain customer trust and avoid substantial regulatory penalties. Without prompt and focused improvements, the business faces heightened exposure to cyber threats and compliance violations.