Security Directory

I

Indigo Books & Music Inc.

indigo.ca

54

The website's overall security posture reveals significant critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes data in transit to interception and compromises user trust. Compliance-related deficiencies are severe, with extremely low GDPR and NIS2 scores indicating non-compliance risks that could result in substantial regulatory penalties and reputational damage. While network security and email security are relatively strong, foundational security controls such as security headers are only moderately implemented and require improvement. The lack of formal security policies, incident response procedures, and vulnerability disclosure mechanisms further amplifies the organization's risk exposure. Additionally, missing cookie consent mechanisms and privacy policy issues threaten legal compliance with data protection laws. DNS health is good but can be enhanced by enabling DNSSEC to prevent DNS spoofing attacks. Immediate remediation is essential to protect sensitive user data, ensure regulatory compliance, and maintain business continuity.

K

Kona Bicycle Company USA

konaworld.com

55

The website's overall security posture is currently weak and exposes the business to significant risks, particularly due to the absence of HTTPS encryption, which is critical for protecting data in transit. Compliance with GDPR and NIS2 regulations is severely lacking, putting the organization at risk of legal penalties and reputational damage. While network security and email security show relatively strong scores, foundational gaps such as missing security policies, incident response plans, and consent mechanisms undermine trust and resilience. Security headers are partially implemented but need improvement to enhance browser-based protections. DNS health is adequate but can be strengthened further. Immediate focus is required on encryption, regulatory compliance, and formalizing information security governance to safeguard customer data and ensure business continuity. Failure to address these issues could lead to data breaches, regulatory fines, and erosion of customer confidence.

L

Lorenza Von Stein Luxury Real Estate

lorenzavonstein.com

42

The website's security posture is currently weak and exposes significant risks to both business operations and customer trust. Critical vulnerabilities include the absence of HTTPS encryption, lack of essential email authentication, and missing critical security headers, which collectively leave the site highly susceptible to data interception, phishing, and content injection attacks. Additionally, the absence of GDPR compliance elements such as privacy and cookie policies, along with no cookie consent mechanism, exposes the business to regulatory penalties and reputational damage. The lack of documented information security policies, incident response, and business continuity plans indicates unpreparedness for managing security incidents effectively. While network security and DNS health show relatively better scores, the overall security framework is insufficient for protecting sensitive customer data and ensuring legal compliance. Immediate remediation is necessary to safeguard business continuity, customer trust, and comply with legal requirements. Without urgent action, the business faces increased risks of data breaches, regulatory fines, and operational disruptions.

F

FIPARC

fiparc.fr

46

The website exhibits significant security weaknesses, particularly in encryption, privacy compliance, and security governance, which pose substantial risks to business operations and customer trust. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and regulatory compliance, especially for EU customers under GDPR. Privacy policies and cookie consent mechanisms are missing, exposing the business to legal penalties and reputational damage. Security headers are inadequately configured, increasing susceptibility to common web attacks such as cross-site scripting. The lack of a formal information security and incident response framework demonstrates immature security governance, potentially delaying breach detection and response. While network security and email protections score relatively well, critical gaps in NIS2 compliance and data protection remain. Immediate remediation is needed to secure communications, ensure regulatory adherence, and establish foundational security policies. Addressing these issues will protect business continuity, customer data, and brand reputation.

H

Hallmark

hallmark.com

49

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines compliance with GDPR and NIS2 regulations. While network security and DNS health show relatively strong practices, significant gaps exist in governance, incident response, and data protection policies. Missing GDPR elements such as cookie consent and comprehensive privacy policies put the business at legal and reputational risk. The lack of a security framework and incident response procedures further increases vulnerability to cyberattacks and operational disruptions. Email security configurations are partial but require improvements to prevent phishing and spoofing. Security headers are suboptimal, potentially exposing the site to cross-site scripting and other attacks. Immediate remediation is required to protect customer data, maintain regulatory compliance, and safeguard business continuity.

I

Inside Systems A/S

insidesystems.com

50

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data in transit to interception and manipulation. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. GDPR compliance is severely lacking, with no cookie policy or consent banner, potentially leading to regulatory penalties and loss of customer trust. The absence of an information security framework, incident response procedures, and security policy documentation further exacerbates the organization's vulnerability to cyber threats and operational disruptions. While email and network security are strong, these isolated strengths do not mitigate the critical risks posed by the core deficiencies. The low scores in NIS2 compliance indicate the organization is unprepared to meet mandatory cybersecurity standards, risking legal and financial consequences. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold the company's reputation. Failure to address these issues may result in data breaches, regulatory fines, and significant business disruption.

M

Magtor

magtor.tech

34

The website's security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption across the site is the most alarming vulnerability, leaving all data transmissions unprotected and potentially interceptable by attackers. Critical gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and essential security documentation, which could result in hefty regulatory penalties. Email systems lack fundamental authentication protocols, increasing the risk of phishing and spoofing attacks that could damage brand trust. The website also exposes high-risk services like FTP, which are known vectors for compromise. Additionally, basic security headers are misconfigured or absent, increasing susceptibility to common web-based attacks. Overall, the current security state undermines customer trust and business continuity. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the company’s digital assets.

M

Medtronic

covidien.com

45

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a severe vulnerability impacting data confidentiality and integrity, affecting customer trust and legal compliance, especially under GDPR and NIS2 regulations. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing susceptibility to man-in-the-middle and cross-site scripting attacks. The lack of GDPR compliance elements such as a Privacy Policy, Cookie Policy, and Consent Banner exposes the company to potential fines and customer distrust. The organization also lacks foundational information security documentation, including security policies and incident response procedures, which undermines its ability to effectively manage and respond to security incidents. While network security and DNS health show some strengths, they do not compensate for fundamental flaws in encryption and governance. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Overall, the current state presents a critical risk to both operational security and legal standing.

F

fortepharmashop-int

fortepharma.com

48

The website's overall security posture reveals significant critical vulnerabilities that pose immediate risks to business operations and compliance. The absence of HTTPS encryption is a critical failure affecting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 requirements. Key governance frameworks, such as information security policies, incident response, and business continuity plans, are missing, undermining the organization's ability to manage and recover from security incidents. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking regulatory penalties and reputational damage. Network security and DNS health are relatively strong, but email security can be improved to reduce phishing and spoofing risks. Security headers are partially implemented but require strengthening to enhance protection against web-based attacks. Immediate remediation efforts should focus on establishing fundamental security controls and compliance documentation to safeguard the business and its customers.

The website’s overall security posture is currently weak and exposes the business to significant risks, especially regarding data protection and regulatory compliance. Critical vulnerabilities exist due to the absence of HTTPS encryption, which impacts user data confidentiality and violates GDPR and NIS2 requirements. The lack of essential privacy documentation, including a Privacy Policy, Cookie Policy, and consent mechanisms, further exacerbates compliance risks and may lead to legal penalties. Additionally, the absence of a formal information security framework, incident response, and business continuity plans indicates immature security governance. While network security and email security show relatively better scores, critical gaps in headers and DNS configurations remain. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and avoid regulatory fines. Without urgent action, the business faces heightened exposure to cyber threats, data breaches, and substantial reputational damage.

A

ACCE International

acceintl.com

47

The website's security posture is currently poor, with multiple critical and high-severity issues significantly increasing risk exposure. The absence of HTTPS encryption critically undermines data confidentiality and trust, exposing users and the business to interception and man-in-the-middle attacks. Key security headers are missing, leaving the site vulnerable to clickjacking, content injection, and cross-site scripting attacks. GDPR compliance is severely lacking, notably the absence of cookie policies and consent mechanisms, risking regulatory penalties and reputational damage. The lack of documented security policies, incident response procedures, and information security frameworks indicates immature security governance. Additionally, exposure of high-risk services like FTP further elevates attack surface risk. While email security and DNS health are relatively strong, the overall environment requires urgent remediation to protect business assets, customer data, and maintain regulatory compliance.

F

Frank Europe GmbH

frankeurope.com

53

The website's overall security posture presents significant concerns, particularly regarding foundational protections and regulatory compliance. Critical issues such as the lack of HTTPS encryption severely expose user data to interception and compromise trust. GDPR compliance is markedly deficient, posing legal and reputational risks due to missing cookie policies, consent mechanisms, and inadequate privacy documentation. The absence of a formal information security framework and incident response plans under NIS2 regulations further escalates operational and compliance vulnerabilities. While network security and email security scores are relatively strong, the missing security headers and weak configurations increase susceptibility to web-based attacks. DNS health is adequate but could be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is essential to protect sensitive data, maintain customer confidence, and avoid regulatory penalties. Addressing these gaps will also enhance the company’s resilience against cyber threats and align security practices with industry standards.

K

Kennedy Executive Search

kennedyexecutive.com

44

The website's overall security posture is critically weak, with multiple high and critical severity issues that expose the business to significant risks. The absence of HTTPS encryption is the most severe vulnerability, compromising data confidentiality and regulatory compliance. Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing susceptibility to common web attacks like cross-site scripting and clickjacking. GDPR compliance is severely lacking, with no privacy or cookie policies and no cookie consent mechanism, risking legal penalties and customer trust erosion. The NIS2 framework requirements are largely unmet, indicating immature information security governance and incident response capabilities. While the network security and email security show relatively better scores, critical gaps in SSL/TLS and security policies overshadow these strengths. Immediate remediation is essential to protect sensitive data, ensure compliance, and maintain business reputation. Without rapid improvements, the business remains vulnerable to data breaches, regulatory fines, and operational disruptions.

T

TWW Yachts

twwyachts.com

57

The website exhibits multiple significant security gaps that pose risks to data protection, regulatory compliance, and business continuity. While no critical issues were found, 11 high-severity and 14 medium-severity findings indicate vulnerabilities in key areas such as security headers, GDPR compliance, network security, and incident response readiness. Essential security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to man-in-the-middle and cross-site scripting attacks. GDPR compliance is inadequate, with no privacy policy or cookie consent banner, which could lead to legal penalties and reputational damage. Network security risks are heightened by the exposure of high-risk services like FTP and insufficient protection in email and SSL/TLS configurations. The absence of a formal information security framework, security policies, and incident response procedures presents significant operational risks. Overall, the organization's security posture requires urgent attention to protect customer data, ensure regulatory compliance, and reduce exposure to cyber threats.

C

Cabinet

studiocabinet.com

64

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity vulnerabilities that present significant business risks. Key weaknesses include missing essential security headers, lack of GDPR compliance elements such as privacy and cookie policies, and absence of fundamental information security frameworks aligned with NIS2 requirements. These gaps expose the business to legal liabilities, data privacy violations, and potential operational disruptions. While email security, DNS health, and network security scores are relatively strong, SSL/TLS configurations need improvement to prevent data interception. The lack of incident response and business continuity plans further increases organizational risk in the event of a breach. Immediate remediation on privacy compliance and security governance will protect brand reputation and reduce regulatory penalties. Overall, the website requires focused improvements in security policies, headers, and privacy practices to meet industry standards and regulatory demands.

C

Chris Mortimer

christophermortimer.com

62

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that require immediate attention. Key gaps include missing essential security headers, lack of GDPR compliance artifacts such as privacy and cookie policies, and absence of robust information security governance aligned with NIS2 requirements. These deficiencies expose the business to legal risks, reputational damage, and increased susceptibility to web-based attacks like clickjacking and cross-site scripting. While network security and email security are relatively strong, foundational SSL/TLS configurations and DNS security settings need improvement to prevent data interception and domain spoofing. The lack of incident response and business continuity plans further increases organizational risk in case of a security breach. Overall, the website is vulnerable to both regulatory non-compliance and technical exploits that could impact customer trust and operational resilience. Immediate remediation of high-impact security policies and headers, along with GDPR and NIS2 compliance measures, is crucial to safeguard the business and its customers.

A

ASCOMA

ascoma.com

72

The website's overall security posture reveals significant compliance and network security deficiencies that pose considerable business risks. While foundational elements like email security and SSL/TLS configurations score well, critical vulnerabilities exist such as exposure of a critical MySQL service and lack of incident response and security policy documentation. GDPR compliance is notably weak with missing cookie policies and consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of a structured information security framework and vulnerability disclosure policy further weakens the organization's resilience against cyber threats. Network security is compromised due to high-risk and critical services being exposed unnecessarily. Additionally, DNS and security headers require enhancements to improve defense-in-depth. Immediate remediation is essential to reduce attack surfaces, comply with regulations, and protect sensitive data, thereby safeguarding business continuity and customer trust.

I

IYC

iyc.com

50

The website iyc.com currently exhibits a severely weak security posture, primarily due to the complete lack of HTTPS encryption and major compliance gaps with GDPR and NIS2 requirements. This exposes the business to significant legal, reputational, and operational risks, potentially undermining customer trust and regulatory standing. Immediate remediation is critical to protect sensitive data, ensure legal compliance, and maintain business continuity.

The website http://fact8r.com exhibits a severely weak security posture, characterized by the absence of HTTPS encryption and critical security headers, exposing it to data interception and various web-based attacks. Compliance with GDPR and NIS2 regulations is substantially lacking, posing significant legal and operational risks. Immediate remediation is essential to protect user data, maintain trust, and ensure regulatory adherence.

M

Monaco Telecom

monaco-telecom.mc

42

The website monaco-telecom.mc currently exhibits a critically weak security posture, primarily due to the absence of HTTPS encryption and essential security headers, exposing it to significant data interception, legal, and reputational risks. Additionally, non-compliance with GDPR and NIS2 regulations, alongside exposed critical services, further elevates the risk of data breaches and operational disruption.

E

Emancipe

ecoledesparents.be

42

The website ecoledesparents.be currently exhibits a severely deficient security posture, primarily due to the absence of HTTPS encryption and critical security headers, exposing the business to data breaches, regulatory non-compliance, and reputational damage. Additionally, the lack of privacy policies and incident response frameworks significantly increases legal and operational risks, especially under EU regulations.

G

GROUP Andbank

andbank.com

45

The website's overall security posture is currently poor, with critical vulnerabilities that pose significant risks to both the business and its users. The absence of HTTPS encryption is a severe issue, exposing data in transit to interception and undermining compliance with GDPR and NIS2 regulations. Key security headers are either missing or weakly configured, increasing susceptibility to common web attacks such as clickjacking and content injection. Privacy compliance is lacking, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Additionally, the organization lacks foundational security governance, including incident response, security policies, and vulnerability disclosure procedures, which impairs its ability to manage and respond to threats effectively. Email security is moderately strong but could be improved with stricter DMARC enforcement and reporting. DNS security measures like DNSSEC are not enabled, reducing protection against DNS spoofing. Network security itself is well managed, indicating some internal controls are in place. Immediate remediation is critical to prevent data breaches, regulatory fines, and erosion of customer trust.

L

LCL

lcl.com

69

The website https://lcl.com demonstrates a strong foundational network and SSL/TLS security posture but exhibits significant deficiencies in privacy compliance (GDPR) and organizational security governance (NIS2). These gaps expose the business to regulatory risks and potential operational disruptions despite low direct technical vulnerabilities. Immediate attention is needed to address compliance and policy frameworks to mitigate reputational and legal impact.

C

Chrome Industries

chromeindustries.com

72

ChromeIndustries.com demonstrates a moderate security posture with no critical vulnerabilities but several high-risk issues, particularly around GDPR compliance and foundational security frameworks. The absence of key policies and weak encryption practices expose the business to regulatory risks and potential incident management challenges. Addressing these gaps is essential to protect customer data, maintain regulatory compliance, and uphold brand trust.

F

Fnac Darty

fnacdarty.com

72

The website fnacdarty.com demonstrates a solid technical security foundation with strong network and email security, but suffers from significant compliance and governance gaps, particularly in GDPR and NIS2 regulatory requirements. These deficiencies expose the business to legal risks, potential fines, and reputational damage, despite the absence of critical technical vulnerabilities.

S

SOS Yachting

sosyachting.com

67

The overall security posture of sosyachting.com is concerning, with multiple high and medium risk issues primarily related to missing security headers, GDPR compliance gaps, and lack of formalized security policies. While network security and email security show strength, critical areas such as incident response, data protection, and web security controls require immediate attention to reduce risk exposure and ensure regulatory compliance.

L

Lee & Associates

lee-associates.com

64

The website https://lee-associates.com exhibits significant security and compliance gaps, particularly in web security headers, GDPR compliance, and organizational security policies, resulting in an overall unknown risk score. While email security and SSL/TLS configurations are relatively strong, the presence of high-risk exposed services and lack of incident response and security governance expose the business to potential data breaches and regulatory penalties.

B

Bonpoint

bonpoint.com

71

The website bonpoint.com demonstrates a generally good network and email security posture but exhibits significant weaknesses in GDPR compliance, NIS2 regulatory adherence, and SSL/TLS configuration. These vulnerabilities pose legal, reputational, and operational risks that require prompt remediation to ensure data protection and regulatory compliance. Addressing these gaps will also enhance customer trust and reduce exposure to cyber threats.

C

Carfax Europe GmbH

carfax.eu

70

The website carfax.eu demonstrates strong network, email, and SSL/TLS security but suffers from critical deficiencies in GDPR compliance and information security governance, placing the business at significant regulatory and operational risk. Immediate remediation is needed on privacy policies, incident response, and security frameworks to align with EU regulations and protect customer data effectively.

C

Carfax Europe GmbH

carfax.com

76

The website demonstrates strong network and email security with robust SSL/TLS implementation but suffers from significant gaps in compliance and governance, particularly related to GDPR and NIS2 frameworks. These weaknesses expose the business to regulatory risks and potential operational disruptions despite a generally good technical security posture.

E

Enterprise Rent-A-Car

enterprise.ca

72

The website https://enterprise.ca exhibits significant security gaps, particularly in governance and email security, leading to an unknown overall risk score. While network and SSL/TLS configurations are strong, critical deficiencies in incident response, security policies, and email authentication represent substantial business risks, including potential data breaches, regulatory non-compliance, and reputational damage.

E

Enterprise Rent-A-Car

enterprise.co.uk

72

The website demonstrates a generally moderate security posture with strong SSL/TLS and network security but suffers from significant gaps in governance, compliance (especially GDPR and NIS2), and critical security headers. These deficiencies expose the business to regulatory risks, potential data breaches, and reputational damage. Immediate remediation of governance frameworks and security controls is essential to mitigate operational and compliance risks.

F

FleetNet America

fleetnetamerica.com

70

Fleetnetamerica.com currently exhibits significant security and compliance gaps, particularly in web security headers, GDPR compliance, and incident response preparedness, resulting in a high-risk posture despite some strong areas like email and network security. Immediate attention is needed to address these vulnerabilities to protect customer data, maintain regulatory compliance, and reduce the risk of cyber incidents.

E

Enterprise Rent-A-Car

enterpriserentacar.ca

70

The website https://enterpriserentacar.ca exhibits significant security gaps, particularly in email security, regulatory compliance (GDPR and NIS2), and HTTP security headers. While network security and SSL/TLS configurations are relatively strong, critical issues such as a permissive SPF record and missing key policies expose the business to risks including email spoofing, data privacy violations, and incident response inefficiencies.

X

Xtime

xtime.com

71

The security assessment of xtime.com reveals a generally moderate security posture with no critical vulnerabilities but significant high and medium risks that could expose the business to regulatory non-compliance and potential cyber threats. Key gaps in GDPR compliance and foundational security policies, combined with weaknesses in SSL/TLS configuration, present notable risks that should be addressed promptly to protect customer data and maintain trust.

V

VinSolutions

vinsolutions.com

68

The security assessment of vinsolutions.com reveals significant gaps in compliance, cryptographic strength, and incident preparedness, presenting elevated risk exposure despite no critical vulnerabilities. Key weaknesses in GDPR adherence, security policy documentation, and SSL/TLS configurations could impact customer trust and regulatory standing. Immediate remediation is recommended to bolster data protection, secure communications, and incident response capabilities.

E

Enterprise Holdings, Inc.

enterprisecarclub.co.uk

77

The website enterprisecarclub.co.uk demonstrates a generally sound network, email, and SSL/TLS security posture but suffers from critical gaps in web security headers, GDPR compliance, and information security governance aligned with NIS2 standards. These deficiencies expose the business to increased legal risks, potential data breaches, and regulatory non-compliance. Immediate remediation is necessary to strengthen data protection, incident response capabilities, and overall trustworthiness.

E

Enterprise Holdings, Inc.

enterprisecarshare.ca

75

The website https://enterprisecarshare.ca demonstrates a generally strong network and email security posture but exhibits significant gaps in web security headers, GDPR compliance, and critical NIS2 regulatory requirements. These deficiencies expose the business to data privacy risks, regulatory non-compliance penalties, and potential incident management failures. Immediate attention is needed to strengthen security policies, user data protection measures, and incident response capabilities to safeguard brand reputation and ensure legal compliance.

D

Dealer.com

dealer.com

67

The website https://dealer.com exhibits a concerning security posture with multiple high and medium-risk issues, particularly in regulatory compliance (GDPR, NIS2) and transport layer security (SSL/TLS). While network and email security are strong, critical gaps in security headers, incident response, and data protection policies expose the business to regulatory penalties, reputational damage, and potential data breaches.

E

Enterprise Van Sales

enterprisevansales.com

62

The website https://enterprisevansales.com exhibits a concerning security posture with multiple critical and high-risk vulnerabilities, particularly in HTTP security headers, GDPR compliance, and incident response preparedness. The absence of essential security policies and email authentication mechanisms exposes the business to increased risk of data breaches, regulatory penalties, and reputational damage.

The website efleets.com demonstrates a generally strong network, SSL/TLS, email security, and DNS posture but exhibits significant gaps in compliance and governance frameworks, particularly around GDPR and NIS2 regulations. Critical security controls such as Content-Security-Policy headers, incident response procedures, and cookie consent mechanisms are missing, posing considerable business and regulatory risk. Addressing these shortcomings is essential to reduce exposure to data breaches, regulatory penalties, and reputational damage.

E

Enterprise CarShare

enterprisecarshare.com

74

The website demonstrates a generally stable network and email security posture but suffers from significant gaps in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements. Missing key security headers and policies increase exposure to data privacy risks and regulatory non-compliance, potentially impacting customer trust and legal standing.

E

Enterprise Car Sales

enterprisecarsales.com

75

The overall security posture of enterprisecarsales.com is moderate with significant gaps in compliance and security policy frameworks, particularly regarding GDPR and NIS2 requirements. While network and email security are strong, missing critical security headers and absence of incident response and vulnerability management policies expose the business to regulatory risks and potential security incidents.

E

Enterprise Rent-A-Car

enterprise.com

76

The website enterprise.com demonstrates a strong network, email, and SSL/TLS security posture but reveals significant gaps in governance and compliance areas, particularly related to GDPR and NIS2 regulations. Missing critical policies, headers, and consent mechanisms expose the business to regulatory penalties and increased risk from security incidents. Addressing these weaknesses will enhance regulatory compliance, protect customer data, and reduce operational risks.

M

Momondo

momondo.com

66

Momondo.com currently exhibits significant security and compliance gaps, particularly in web security headers, GDPR compliance, and organizational security policies, resulting in an overall unknown risk score. While network and email security are strong, the absence of critical security controls and documentation exposes the business to data breaches, regulatory penalties, and operational risks. Immediate remediation is necessary to protect customer data, ensure regulatory compliance, and maintain brand trust.

K

KAYAK

cheapflights.com

64

Cheapflights.com exhibits significant security gaps, particularly in foundational web security headers, data privacy compliance, and organizational security policies, which collectively expose the business to legal, reputational, and operational risks. While network and DNS security appear solid, the absence of critical protections and policies undermines overall trust and resilience against cyber threats.

A

Aviasales.ru

aviasales.ua

64

The website aviasales.ua demonstrates a moderate overall security posture with strong network, email, SSL/TLS, and DNS configurations but significant gaps in security headers, GDPR compliance, and NIS2 cybersecurity framework implementation. These deficiencies expose the business to regulatory risks, potential data breaches, and diminished user trust, impacting its reputation and legal standing. Immediate remediation is recommended to align with industry best practices and legal requirements.

A

Aviasales.ru

aviasales.uz

65

The website aviasales.uz demonstrates notable gaps in fundamental security controls, particularly in header configurations, data privacy compliance, and organizational security frameworks. While network and email security show strength, the absence of critical policies and protections exposes the business to legal risks, reputational damage, and potential operational disruptions.

П

ПриватБанк

pb.ua

64

The website https://pb.ua demonstrates strong network, SSL/TLS, and email security, but suffers from significant gaps in HTTP security headers, GDPR compliance, and foundational information security frameworks. These deficiencies expose the business to regulatory risks, potential data breaches, and reputational damage. Immediate attention is needed to establish robust privacy policies, security headers, and incident response capabilities to enhance overall security posture.