Security Directory

P

Profisee

profisee.com

67

The website demonstrates a moderate overall security posture with no critical issues but multiple high and medium risk findings that could expose the business to significant operational, reputational, and regulatory risks. Key weaknesses exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity framework requirements, reflecting gaps in privacy protection, incident preparedness, and information security governance. SSL/TLS configurations show vulnerabilities including weak key lengths and impending certificate expiration, which threaten secure communications. While email security and network security measures score well, foundational security controls such as Content Security Policy and proper cookie management are missing. Failure to implement GDPR-required cookie consent and policies exposes the business to potential regulatory penalties and loss of customer trust. The absence of incident response and business continuity plans significantly heightens risk from cyber incidents. Immediate remediation will reduce attack surface, improve compliance, and strengthen customer confidence. Overall, addressing these gaps is essential to align with industry standards and regulatory obligations, protecting both the business and its customers.

C

CNECT

cnectgpo.com

65

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk vulnerabilities across key domains. Significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity standards, exposing the business to regulatory, reputational, and operational risks. Missing essential headers like Strict-Transport-Security and Content-Security-Policy weaken defense against common web attacks. GDPR-related deficiencies, including lack of a cookie policy and consent mechanisms, risk non-compliance penalties. The absence of documented security policies, incident response, and business continuity plans under NIS2 further increases exposure to cyber threats and operational disruptions. SSL/TLS configurations are suboptimal with weak key length and upcoming certificate expiry, potentially compromising secure communications. Encouragingly, network security and email security show relatively strong scores, indicating some foundational controls are in place. Immediate remediation focused on regulatory compliance and critical security controls will substantially reduce risk and improve trustworthiness.

B

Bricz

bricz.com

64

The website demonstrates significant security and compliance gaps, particularly in foundational security headers and regulatory adherence, which expose the business to increased risk of data breaches, regulatory penalties, and reputational damage. Although no critical vulnerabilities were found, multiple high and medium risk issues related to missing security headers, incomplete GDPR compliance, and absence of essential NIS2 security frameworks indicate inadequate protection and governance. Email security and network security show relatively strong posture, but weaknesses in SSL/TLS management and DNS configuration could impact trust and data integrity. Immediate attention is needed to establish security policies, incident response capabilities, and enforce data protection measures to align with industry standards and regulations. The low scores in security headers, GDPR, and NIS2 compliance highlight urgent areas that require remediation to safeguard customer data, maintain regulatory compliance, and ensure business continuity. Overall, the website’s security posture is currently insufficient for high-risk operational environments and requires prioritized remediation to reduce exposure and improve stakeholder confidence.

C

CNHI

cnhi.com

62

The website demonstrates a concerning security posture with no critical issues but multiple high and medium risks that could expose the business to data breaches, regulatory penalties, and reputational damage. Key deficiencies include missing essential security headers, poor GDPR compliance, lack of documented security policies, and weak SSL/TLS configurations. While network security and email security appear relatively strong, significant gaps in incident response, vulnerability disclosure, and security governance are evident. The absence of cookie policies and consent banners increases legal exposure under GDPR. Additionally, weak encryption and missing HTTP Strict Transport Security reduce protection against common web attacks. Immediate remediation is necessary to safeguard customer data, ensure regulatory compliance, and maintain stakeholder trust. Addressing these issues will strengthen the overall security posture and reduce business risk significantly.

This website has 1 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

R

Réseau Scènes

reseauscenes.com

56

The website’s overall security posture is currently inadequate, exposing the business to significant risk from both technical vulnerabilities and regulatory non-compliance. Critical and high-severity issues, including exposed critical services such as MySQL and FTP, combined with missing essential security headers, indicate a high likelihood of exploitation. The absence of key GDPR policies (Privacy Policy, Cookie Policy, and consent mechanisms) exposes the company to potential legal and reputational damage. Additionally, the lack of a formal information security framework, incident response plans, and security documentation under NIS2 requirements suggests immature security governance. While email security and DNS health scores are relatively strong, foundational web security controls, encryption enforcement (HSTS), and secure service exposure are lacking. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and avoid regulatory penalties. Addressing these gaps will also improve resilience against cyberattacks and support business continuity.

A

Agence Z&KO

zandko.fr

56

The website exhibits a concerning security posture with multiple critical and high-severity issues that expose the business to regulatory, operational, and reputational risks. Key deficiencies include the absence of fundamental security headers, lack of GDPR compliance mechanisms such as privacy and cookie policies, and missing core information security framework documentation required under NIS2 regulations. These gaps indicate inadequate protection of user data and insufficient preparedness for incident response, which could lead to regulatory fines and loss of customer trust. Additionally, the presence of high-risk exposed services like FTP and incomplete SSL/TLS configurations increase vulnerability to cyberattacks. While some areas like email security and DNS health show relative strength, the overall security maturity is low, necessitating immediate remediation. Addressing these issues will improve compliance, reduce attack surface, and safeguard business continuity. Without prompt action, the organization risks data breaches, legal penalties, and damage to its brand reputation.

I

Icecat NV

icecat.com

61

The website demonstrates a moderate to low overall security posture with no critical issues but multiple high and medium severity findings that pose significant risks. Key vulnerabilities include missing essential security headers, weak SSL configurations, and inadequate GDPR compliance due to absent privacy and cookie policies. Additionally, the absence of a formal information security framework and incident response procedures under NIS2 regulations exposes the business to regulatory non-compliance and operational risks. Email security and network security scores are relatively strong, but improvements are necessary to maintain trust and safeguard data. Immediate remediation is required to protect against clickjacking, cross-site scripting, data leakage, and legal penalties. Addressing these gaps will enhance customer confidence, reduce exposure to cyber threats, and ensure regulatory compliance. Failure to act promptly may result in reputational damage, financial losses, and legal consequences.

I

International University of Monaco

monaco-executive-education.com

67

The website exhibits a mixed security posture with strong network security and SSL/TLS configurations but significant gaps in compliance and core security policies. Critical and high-severity issues primarily surround email authentication, regulatory compliance (GDPR and NIS2), and absence of formal security documentation and procedures. The lack of email authentication poses immediate risks of phishing and email spoofing, undermining brand trust and deliverability. GDPR compliance deficiencies, including missing cookie policies and consent banners, expose the business to potential legal penalties and reputational damage. The absence of an information security framework, incident response plan, and vulnerability disclosure process under NIS2 indicates a maturity gap in organizational security governance. While technical controls like DNS and SSL are generally solid, missing headers and policy configurations reduce defense-in-depth effectiveness. Addressing these vulnerabilities is critical to safeguarding customer data, ensuring regulatory compliance, and maintaining operational resilience. Immediate action will mitigate risks, enhance customer trust, and support long-term business continuity.

B

Braque

braque.ca

52

The website demonstrates significant security weaknesses across multiple domains, presenting substantial risks to the business. Critical and high-severity findings include exposed critical services like MySQL and FTP, missing essential security headers, and lacking fundamental information security policies, which collectively leave the organization vulnerable to data breaches and compliance violations. The absence of GDPR-required elements such as privacy and cookie policies indicates regulatory non-compliance risks, potentially leading to fines and reputational damage. Email security and DNS health exhibit moderate maturity but require improvements to prevent phishing and domain spoofing. SSL/TLS configurations are suboptimal, with expiring certificates and mixed content issues that may undermine user trust and data confidentiality. Network security is particularly concerning due to exposed critical services without adequate protections. Overall, the organization is at high risk of cyber incidents, regulatory penalties, and customer trust erosion, necessitating urgent remediation efforts and governance improvements.

3

3S-Innovation

3s-innovation.com

57

The website demonstrates several significant security weaknesses that expose the business to reputational, compliance, and operational risks. Critical security headers are missing, undermining protection against common web attacks such as clickjacking, content sniffing, and cross-site scripting. GDPR compliance is notably deficient, with absent privacy and cookie policies and no consent mechanisms, risking legal penalties and loss of customer trust. The absence of a formal information security framework, policies, and incident response procedures further exposes the organization to unmanaged threats and regulatory scrutiny under NIS2 directives. Weaknesses in SSL configuration, such as weak keys and impending certificate expiration, jeopardize data confidentiality and integrity during transmission. While network security posture and email security are relatively strong, urgent remediation is needed in web security headers, compliance documentation, and security governance. Addressing these vulnerabilities promptly will reduce potential breaches, ensure regulatory compliance, and strengthen stakeholder confidence.

The website currently exhibits significant security gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. Critical security headers are missing, weakening defenses against common web-based attacks such as clickjacking and content injection. GDPR compliance is insufficient, notably lacking cookie policies and consent mechanisms, increasing legal and financial risk. The absence of a formal information security framework and incident response plans highlights a lack of organizational maturity in cybersecurity governance. SSL/TLS configuration weaknesses and expiring certificates risk undermining encrypted communications and user trust. Although email security and network posture scores are relatively strong, DNS security can be improved. Overall, urgent remediation is needed to protect customer data, maintain regulatory compliance, and safeguard business continuity.

R

RMConsulting

rmconsulting.be

49

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Most notably, the absence of HTTPS encryption is a severe vulnerability affecting data confidentiality and integrity, violating GDPR and NIS2 compliance requirements. Key security headers are missing, increasing the risk of cross-site scripting (XSS) and clickjacking attacks. The lack of security policies, incident response plans, and business continuity strategies demonstrates immature cybersecurity governance. GDPR compliance is insufficient, notably missing a cookie consent banner and proper privacy documentation, which could lead to legal penalties. Exposed high-risk services like FTP increase the attack surface. While email security and DNS health are relatively strong, they do not compensate for foundational weaknesses. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and meet regulatory obligations.

B

Bentley Systems

legion.com

50

The website's security posture is currently weak and exposes the business to significant risks, notably due to lack of HTTPS encryption, absence of key GDPR compliance elements, and deficient information security governance. Critical vulnerabilities, including no HTTPS, missing privacy and cookie policies, and absence of incident response procedures, pose threats to data confidentiality, regulatory compliance, and customer trust. While network security and email security configurations are strong, foundational protections such as security headers and DNS configurations require improvement. The lack of GDPR-related policies and consent mechanisms increases legal and reputational risks, particularly in data privacy jurisdictions. Additionally, missing security framework documentation and vulnerability disclosure policies hinder the organization’s ability to manage and respond to cyber incidents effectively. Overall, urgent remediation is needed to protect sensitive information, meet compliance obligations, and safeguard business continuity. Immediate attention to encryption, policy development, and security controls will significantly reduce risk exposure.

I

Icon Connect

iconconnect.com

47

The website's overall security posture is critically weak, with significant gaps in foundational security controls and compliance requirements. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining user trust. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. Compliance with GDPR is poor, lacking a cookie policy, consent mechanisms, and sufficient privacy disclosures, exposing the business to regulatory penalties. The NIS2 directive requirements are largely unmet, with no documented security frameworks, incident response plans, or business continuity strategies. While email security and network posture are relatively strong, these do not compensate for the critical web and compliance deficiencies. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain customer confidence. Without urgent action, the business faces heightened cyber risk, legal exposure, and reputational damage.

W

Wyser

wyser-search.com

47

The website's current security posture is critically weak, with multiple severe vulnerabilities exposing it to significant risk. The absence of HTTPS encryption is a fundamental flaw, affecting data confidentiality and trust, and violates GDPR and NIS2 requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to common web attacks like XSS and protocol downgrade attacks. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory fines and reputational damage. The absence of documented information security frameworks, security policies, and incident response procedures indicates immature organizational security governance. While email security and network security are relatively strong, this does not compensate for the critical gaps in web application and data protection. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and preserve business reputation. Without swift action, the organization risks data breaches, regulatory penalties, and loss of customer trust.

G

GrowUp Consulting

growup-hr.com

44

The website demonstrates significant security deficiencies, particularly a complete lack of HTTPS encryption, which poses critical risks to data confidentiality and user trust. Missing essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy increase vulnerability to common web attacks including clickjacking and cross-site scripting. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the business to regulatory non-compliance and potential legal penalties under GDPR. Furthermore, critical gaps in security governance, including missing information security frameworks, incident response procedures, and security policy documentation, indicate immature cybersecurity management. While email security and network security posture are strong, the overall security posture is weak, making the business susceptible to data breaches, reputational damage, and compliance violations. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and safeguard business continuity. Prioritizing HTTPS implementation and establishing a comprehensive security and privacy framework will significantly enhance risk mitigation. DNS security and some network controls are adequate but insufficient to compensate for the critical issues identified.

F

Frank Europe GmbH

frankeurope.com

53

The website's overall security posture presents significant concerns, particularly regarding foundational protections and regulatory compliance. Critical issues such as the lack of HTTPS encryption severely expose user data to interception and compromise trust. GDPR compliance is markedly deficient, posing legal and reputational risks due to missing cookie policies, consent mechanisms, and inadequate privacy documentation. The absence of a formal information security framework and incident response plans under NIS2 regulations further escalates operational and compliance vulnerabilities. While network security and email security scores are relatively strong, the missing security headers and weak configurations increase susceptibility to web-based attacks. DNS health is adequate but could be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is essential to protect sensitive data, maintain customer confidence, and avoid regulatory penalties. Addressing these gaps will also enhance the company’s resilience against cyber threats and align security practices with industry standards.

C

Caroline Olds Real Estate

carolineolds.com

68

The website demonstrates a concerning security posture with no critical issues but multiple high and medium risk vulnerabilities, primarily related to missing security headers, insufficient GDPR compliance, and lack of key NIS2 security frameworks. The absence of crucial HTTP security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks, clickjacking, and cross-site scripting risks. GDPR non-compliance, including the lack of a cookie consent banner and incomplete privacy policies, poses legal and reputational risks, especially in jurisdictions enforcing data protection laws. Additionally, the site lacks documented security policies, incident response plans, and business continuity procedures required under the NIS2 directive, increasing operational risk and regulatory exposure. SSL/TLS configurations are suboptimal, with weak key lengths and impending certificate expiry risking data confidentiality and trust. DNS security is moderate but could be strengthened by enabling DNSSEC and configuring CAA records. While email and network security appear robust, the overall low scores in security headers and NIS2 compliance indicate urgent remediation is necessary to protect business assets and maintain customer trust.

M

Monaco Business Solutions (MBS)

mbs.mc

67

The website demonstrates a moderate overall security posture with no critical vulnerabilities but multiple high and medium risk issues that pose significant business and compliance risks. Key deficiencies include missing essential security headers, inadequate GDPR compliance due to absence of privacy policies and cookie consent mechanisms, and substantial gaps in NIS2 regulatory requirements such as lack of incident response plans and security documentation. Network security is impaired by exposure of high-risk services like FTP, increasing the attack surface. While email security, SSL/TLS, and DNS health scores are relatively strong, issues such as an expiring SSL certificate and mixed content could undermine user trust. The absence of a comprehensive information security framework and vulnerability disclosure process further expose the business to potential data breaches and regulatory penalties. Immediate remediation is necessary to strengthen legal compliance, protect customer data, and reduce operational risks associated with cyber threats.

C

Columbus Hotel Monte-Carlo

columbushotels.com

38

The website columbushotels.com currently exhibits a critically poor security posture, mainly due to the complete lack of HTTPS encryption and several missing foundational security controls. This exposes the business to significant risks including data breaches, regulatory non-compliance (notably GDPR), and reputational damage. Immediate action is required to establish secure communications and implement essential security policies and headers.

S

SBM Offshore

sbmoffshore.com

40

The website http://sbmoffshore.com exhibits a critically weak security posture, primarily due to the absence of HTTPS encryption and essential security headers, exposing the business to data interception, regulatory non-compliance, and reputational risk. Additionally, key GDPR and NIS2 compliance deficiencies highlight potential legal and operational vulnerabilities. Immediate remediation is required to safeguard data, comply with regulations, and maintain customer trust.

A

Appcast

recruitonomics.com

61

Recruitonomics.com demonstrates significant security and compliance gaps, notably in web security headers, GDPR compliance, and foundational information security practices. While network and DNS security appear strong, critical deficiencies in incident response, security policies, and data protection expose the business to regulatory, reputational, and operational risks.

D

DealerClub

dealerclub.com

75

Dealerclub.com demonstrates a generally strong network and email security posture but faces significant compliance and governance risks, particularly regarding GDPR and NIS2 regulations. The absence of critical policies, weak SSL configurations, and missing incident response mechanisms expose the business to regulatory penalties and potential security incidents. Immediate action is needed to address these high-impact vulnerabilities to safeguard customer data and maintain regulatory compliance.

A

AutoManager, LLC.

automanager.com

60

The security posture of automanager.com is currently weak with critical vulnerabilities and multiple high-risk issues, particularly around network exposure and compliance gaps. Key security controls such as HTTP security headers, incident response planning, and GDPR compliance are lacking, exposing the business to data breaches, regulatory penalties, and operational disruptions. Immediate remediation is essential to safeguard customer data and maintain trust.

F

Foundation Marketing

foundationinc.co

66

The website foundationinc.co currently exhibits significant security and compliance gaps, with critical omissions in security headers, GDPR compliance, and organizational security policies that expose the business to data breaches, regulatory penalties, and reputational damage. While network security and email security show relative strength, the overall security posture is weak and requires urgent remediation to protect sensitive data and ensure regulatory adherence.

A

Aira

aira.net

66

The website aira.net currently exhibits significant security and compliance gaps, particularly in foundational security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, resulting in a high-risk posture. While network security and email security show strengths, critical vulnerabilities like missing HTTP security headers and weak SSL configurations expose the business to potential data breaches and regulatory penalties. Immediate remediation is essential to safeguard customer trust and meet legal obligations.

R

Radio.lv

radio.lv

52

The website https://www.radio.lv/ exhibits significant security weaknesses, particularly in fundamental web security headers, data privacy compliance, and exposure of critical backend services. These vulnerabilities pose high risks including data breaches, regulatory penalties under GDPR, and potential system compromises, threatening business continuity and customer trust.

The website https://codeinwp.com currently exhibits significant security deficiencies, particularly in areas of web security headers, GDPR compliance, and organizational security policies, resulting in a high-risk profile despite no critical technical vulnerabilities found. While network infrastructure and email security are relatively strong, the absence of fundamental security controls and compliance measures exposes the business to data breaches, regulatory penalties, and reputational damage.

The website https://bloggingpro.com exhibits significant security weaknesses, particularly in web security headers, GDPR compliance, and organizational security policies, resulting in a low overall risk posture. While network security and email security show strengths, critical gaps in SSL/TLS configuration and lack of incident response planning expose the business to potential data breaches and regulatory penalties.

The website https://revive.social currently exhibits a concerning security posture with multiple high and medium severity issues, particularly in security headers, GDPR compliance, and organizational security policies. While network and email security are strong, critical gaps in HTTPS enforcement, data protection policies, and incident response frameworks present significant risks to business reputation and regulatory compliance.

The website exhibits a concerning security posture with multiple high-risk issues, particularly in core web security headers, GDPR compliance, and information security governance aligned with NIS2 requirements. While email and network security are relatively strong, critical gaps in SSL/TLS configuration and incident response capabilities expose the business to data breaches, regulatory penalties, and reputational damage. Immediate remediation and policy implementation are essential to mitigate these risks and ensure compliance.

The safeticket.dk website exhibits significant security and compliance deficiencies, especially concerning GDPR adherence and foundational security controls. Critical gaps such as missing privacy policies, inadequate security headers, and absent incident response measures expose the business to regulatory penalties, reputational damage, and heightened cyber risk. Immediate remediation is essential to protect customer data, maintain trust, and ensure legal compliance within the EU.

The website sofija.lv demonstrates significant security and compliance weaknesses, particularly relating to missing essential security headers, inadequate GDPR compliance, and insufficient incident response and information security policies. These gaps expose the business to data breaches, regulatory penalties, and reputational damage, underscoring an urgent need for comprehensive security remediation and privacy governance improvements.