Security Directory

The website exhibits a mixed security posture with strong network security and email protections but significant gaps in GDPR compliance and information security governance. Critical and high-severity findings around privacy policies, cookie consent, and EU data protection requirements expose the business to regulatory penalties and reputational risk. Additionally, the absence of key NIS2 security governance elements—including incident response, security policies, and business continuity planning—indicates immature cybersecurity management. SSL/TLS configurations also present vulnerabilities, such as weak key lengths and imminent certificate expiration, which could lead to compromised data in transit. While foundational controls like security headers and DNS health are generally good, low-level misconfigurations suggest opportunities for improvement. Addressing these issues holistically will reduce legal exposure, enhance customer trust, and strengthen resilience against cyber incidents. Immediate focus on GDPR compliance and security governance will yield the highest business impact.

The website's overall security posture reveals significant gaps, especially in compliance and critical security controls. While network security appears robust, there are critical vulnerabilities in email authentication and SSL configurations that expose the business to phishing and data interception risks. The absence of GDPR-compliant measures such as a cookie consent banner and clear privacy policies could lead to regulatory penalties and reputational damage. Moreover, severe deficiencies in NIS2-related governance—like missing incident response procedures and security policy documentation—indicate unpreparedness for cyber incidents, increasing operational risk. Security headers are partially implemented but require strengthening to protect user data and prevent information leakage. DNS security is moderate but can be improved with DNSSEC and CAA records. Immediate remediation is essential to mitigate potential breaches, comply with regulations, and safeguard customer trust and business continuity.

C

Culture Montréal

culturemontreal.ca

56

The website's overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key security headers are missing, weakening protections against common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy or cookie policies and absence of consent mechanisms, which could lead to legal penalties and reputational damage. The lack of a formal information security framework, incident response plans, and security documentation under NIS2 regulations further heightens operational risk and regulatory exposure. Critical network services like MySQL and FTP are exposed publicly, representing immediate high-risk attack vectors. Email security is relatively strong but could be improved with stricter DMARC enforcement and reporting. SSL/TLS configurations require attention to avoid certificate expiry and enable HSTS for improved transport security. Overall, urgent remediation is needed to reduce exposure, ensure compliance, and safeguard customer trust.

L

La Clinique Monte-Carlo

lacliniquemontecarlo.com

58

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. While there are no critical vulnerabilities detected, numerous high and medium severity issues exist, particularly around security headers, GDPR compliance, and information security governance aligned with NIS2 requirements. The absence of key HTTP security headers such as Strict-Transport-Security and Content-Security-Policy increases risk of web-based attacks. GDPR deficiencies, including missing privacy and cookie policies, expose the company to potential legal penalties and customer trust erosion. Lack of documented security policies and incident response plans under NIS2 further weakens the organization’s ability to manage and respond to cyber incidents effectively. SSL/TLS weaknesses and suboptimal email security settings present additional attack vectors. However, network security and DNS-related controls show relatively strong maturity. Immediate remediation in these areas will reduce risk and improve compliance posture substantially.

D

D-EDGE

fastbooking.com

65

The website's overall security posture reveals significant gaps in key areas critical to protecting business assets and customer trust. While no critical vulnerabilities were detected, there are multiple high and medium severity issues, particularly concerning missing security headers, GDPR compliance, and lack of formalized security frameworks. The absence of essential security headers like Strict-Transport-Security and Content-Security-Policy exposes users to elevated risks from man-in-the-middle and cross-site scripting attacks. GDPR compliance deficiencies, including no cookie consent banner and incomplete privacy policies, pose regulatory and reputational risks, especially in EU markets. The lack of incident response procedures and security policy documentation indicates immature organizational security governance, increasing potential downtime and breach impact. Email security and network infrastructure are relatively stronger but still require improvements to prevent phishing and spoofing threats. Immediate remediation will bolster customer confidence, reduce compliance risks, and lower the likelihood and impact of cyber incidents.

A

Andbank

andbank.es

55

The website's security posture is currently weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Critical and high-severity issues dominate the assessment, especially in privacy compliance (GDPR) and foundational web security headers, indicating gaps in legal and technical safeguards. The absence of key security headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to man-in-the-middle and cross-site scripting attacks. Lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks, especially for EU customers. The missing security framework, incident response procedures, and vulnerability disclosure policies reflect immature security governance, increasing exposure to prolonged or unmitigated incidents. Exposure of high-risk services such as FTP further elevates the attack surface. While email security, SSL/TLS, DNS health, and network security show moderate maturity, they still require improvements. Immediate attention to these issues will reduce risk, support regulatory compliance, and enhance customer trust.

The website demonstrates a generally stable security posture with no critical or high severity vulnerabilities detected. However, several medium and low-risk issues indicate areas requiring improvement to strengthen overall defenses and regulatory compliance. Notably, failures in security headers, GDPR, and NIS2 compliance analyses suggest gaps in privacy and cybersecurity controls that could expose the business to regulatory and reputational risks. DNS configuration weaknesses such as lack of DNSSEC and CAA records increase susceptibility to DNS spoofing and certificate mis-issuance. The exposure of SSH services without adequate controls represents a potential entry point for attackers if not properly secured. Email security is mostly robust, though the absence of DMARC reporting reduces visibility into email abuse. Addressing these medium and low-level issues will enhance the company’s security posture, reduce risk exposure, and support compliance with evolving regulations.

A

Actyus | Fintech venture capital

actyus.com

63

The website demonstrates a moderate overall security posture with no critical issues but multiple high-severity vulnerabilities predominantly in governance, compliance, and configuration areas. Key deficiencies exist in GDPR compliance, including missing privacy and cookie policies and absence of a consent banner, exposing the organization to regulatory and reputational risks. Security headers are inadequately configured, increasing exposure to common web-based attacks such as clickjacking and cross-site scripting. The lack of a formal information security framework, incident response procedures, and security policy documentation indicates immature cybersecurity governance, which could delay breach detection and response. Email security and DNS health are relatively strong, though improvements in DMARC enforcement and DNSSEC could further reduce phishing and spoofing risks. SSL/TLS configuration issues, including weak key length and imminent certificate expiration, present risks to secure communications and customer trust. Network security posture is solid, providing a stable foundation for other improvements. Addressing these issues promptly will reduce regulatory exposure, enhance customer trust, and strengthen overall risk management.

I

Icecat NV

icecat.com

61

The website demonstrates a moderate to low overall security posture with no critical issues but multiple high and medium severity findings that pose significant risks. Key vulnerabilities include missing essential security headers, weak SSL configurations, and inadequate GDPR compliance due to absent privacy and cookie policies. Additionally, the absence of a formal information security framework and incident response procedures under NIS2 regulations exposes the business to regulatory non-compliance and operational risks. Email security and network security scores are relatively strong, but improvements are necessary to maintain trust and safeguard data. Immediate remediation is required to protect against clickjacking, cross-site scripting, data leakage, and legal penalties. Addressing these gaps will enhance customer confidence, reduce exposure to cyber threats, and ensure regulatory compliance. Failure to act promptly may result in reputational damage, financial losses, and legal consequences.

The website exhibits a concerning security posture with no critical issues but multiple high and medium-risk findings, particularly in security headers, GDPR compliance, and organizational security frameworks. Key deficiencies include missing essential HTTP security headers like Strict-Transport-Security and Content-Security-Policy, which expose users to potential attacks such as man-in-the-middle and cross-site scripting. GDPR compliance is notably poor, lacking a privacy policy, cookie policy, and consent mechanisms, which risks regulatory penalties and damages customer trust. The absence of a documented information security framework, incident response procedures, and security policies under NIS2 regulations further indicates a lack of organizational preparedness for cyber incidents. While email security, SSL/TLS, DNS health, and network security show reasonably strong controls, the gaps in foundational security and compliance measures present significant business risks. Addressing these issues promptly will reduce exposure to data breaches, regulatory fines, and reputational harm. Prioritizing governance, policy documentation, and user protection mechanisms is essential for improving the overall security and compliance posture.

The website security assessment reveals significant security gaps, particularly in foundational security headers, GDPR compliance, and adherence to NIS2 cybersecurity standards. While no critical issues were identified, the presence of multiple high and medium severity issues indicates a heightened risk of data breaches, regulatory fines, and reputational damage. The absence of key headers like Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks and cross-site scripting vulnerabilities. Non-compliance with GDPR, including missing privacy policies and cookie consent mechanisms, risks legal penalties and undermines customer trust. Additionally, poor NIS2 compliance, such as lacking incident response procedures and security policies, suggests unpreparedness for cyber incidents. SSL/TLS weaknesses and expiring certificates further threaten secure communications. However, strong network security and DNS health scores demonstrate a solid foundation to build upon. Immediate remediation is necessary to protect sensitive data, ensure regulatory compliance, and maintain business continuity.

B

Black Bull Group

blackbull-group.com

60

The website's security posture reveals significant gaps that expose the business to potential cyber risks and regulatory non-compliance. While there are no critical vulnerabilities, several high and medium-level issues, particularly in security headers, GDPR compliance, and network security, present serious concerns. Missing essential HTTP security headers increases exposure to web-based attacks such as clickjacking, content injection, and cross-site scripting. The absence of privacy and cookie policies, alongside missing cookie consent mechanisms, risks violating data protection regulations like GDPR, potentially resulting in legal penalties and reputational damage. Additionally, the lack of incident response procedures and vulnerability disclosure policies hampers the organization's ability to effectively manage and recover from security incidents. The exposure of high-risk services like FTP further elevates the threat landscape. Overall, immediate remediation is essential to enhance security posture, protect customer data, and ensure regulatory compliance to safeguard business continuity and trust.

The website's overall security posture reveals significant vulnerabilities that pose both legal and operational risks. The presence of a critical SSL certificate issue undermines secure communications, potentially exposing sensitive user data and damaging customer trust. Several high-severity gaps in GDPR compliance, including missing privacy and cookie policies and absence of a cookie consent banner, expose the business to regulatory fines and reputational damage. Additionally, the lack of a formal security framework, incident response plan, and security documentation reflects immature cybersecurity governance, increasing the risk of prolonged downtime or data breaches. Security headers are poorly configured, missing critical protections against common web attacks. Although network security and email security show relatively strong scores, fundamental DNS security enhancements are needed. Immediate action is required to address these deficiencies to protect customer data, maintain compliance, and ensure business continuity.

3

3S-Innovation

3s-innovation.com

57

The website demonstrates several significant security weaknesses that expose the business to reputational, compliance, and operational risks. Critical security headers are missing, undermining protection against common web attacks such as clickjacking, content sniffing, and cross-site scripting. GDPR compliance is notably deficient, with absent privacy and cookie policies and no consent mechanisms, risking legal penalties and loss of customer trust. The absence of a formal information security framework, policies, and incident response procedures further exposes the organization to unmanaged threats and regulatory scrutiny under NIS2 directives. Weaknesses in SSL configuration, such as weak keys and impending certificate expiration, jeopardize data confidentiality and integrity during transmission. While network security posture and email security are relatively strong, urgent remediation is needed in web security headers, compliance documentation, and security governance. Addressing these vulnerabilities promptly will reduce potential breaches, ensure regulatory compliance, and strengthen stakeholder confidence.

A

Alcantara S.p.A.

alcantara.com

67

The website demonstrates a concerning overall security posture with critical gaps in foundational security controls, particularly in web security headers, GDPR compliance, and adherence to NIS2 regulatory requirements. While no critical vulnerabilities were identified, multiple high-severity issues expose the business to risks such as data breaches, regulatory penalties, and reputational damage. Key deficiencies include absence of essential HTTP security headers, lack of documented security policies, and missing GDPR cookie consent mechanisms. Email security, SSL/TLS, DNS health, and network security show relatively strong performance, mitigating some risk vectors. However, the insufficient information security framework and incident response preparedness significantly reduce resilience against cyber incidents. Immediate remediation is needed to strengthen compliance, protect customer data, and ensure business continuity. Addressing these issues will enhance trust, reduce legal exposure, and align with industry best practices.

G

Gianvito Rossi Global

gianvitorossi.com

54

The website's overall security posture is concerning, with multiple critical and high-severity issues identified that expose the business to significant risks. The absence of HTTPS encryption is a critical vulnerability, impacting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 mandates. Additionally, the lack of key security headers and weak privacy controls reduces protection against common web attacks and privacy violations. Governance and compliance frameworks such as NIS2 and GDPR are poorly implemented, with missing policies, procedures, and contact information, raising potential legal and reputational risks. While email security and network security show relatively strong scores, foundational web and application security practices require urgent remediation. Immediate action is required to secure communications, ensure compliance, and establish incident response capabilities. Without addressing these gaps, the business risks data breaches, regulatory fines, and damage to customer trust.

A

Attention Required! | Cloudflare

clubmonaco.com

42

The website exhibits a severely deficient security posture with multiple critical vulnerabilities that expose the business to significant risks. Notably, the absence of HTTPS encryption is a critical flaw, undermining data confidentiality and integrity, and violating both GDPR and NIS2 regulatory requirements. The lack of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy increases susceptibility to common web-based attacks, including MITM and XSS. GDPR compliance is severely lacking, with no privacy policy, cookie policy, or consent mechanism, which can result in substantial legal penalties and reputational damage. Organizational security maturity is low, reflected in missing incident response, security policies, and vulnerability disclosure processes, hampering effective risk management. Email security configurations are incomplete, risking phishing and spoofing attacks. While DNS and network security postures are relatively better, the overall security gaps present immediate and long-term business threats. Immediate remediation and adoption of a comprehensive security framework are critical to protect the business, comply with regulations, and maintain customer trust.

D

Dan-Bunkering

dan-bunkering.com

50

The website's overall security posture is currently poor, with critical deficiencies in fundamental protections such as HTTPS encryption and essential security headers. The absence of HTTPS puts all data transmissions at risk of interception, undermining user trust and regulatory compliance. Additionally, the site lacks key GDPR compliance elements, including a cookie policy and consent mechanisms, exposing the business to legal and financial penalties. The NIS2-related controls are notably weak, with missing security policies, incident response plans, and vulnerability disclosure procedures, increasing operational risk. While email security and network security are strong, these are overshadowed by critical gaps in web and data protection layers. DNS health is moderate, but enabling DNSSEC would enhance DNS integrity. Immediate attention to these critical vulnerabilities is essential to safeguard customer data, maintain regulatory compliance, and protect brand reputation.

The website's overall security posture is severely deficient, with multiple critical vulnerabilities that expose the business to significant risks including data breaches, non-compliance penalties, and reputational damage. The absence of HTTPS encryption is a glaring issue impacting confidentiality and user trust. Key security headers are missing, increasing susceptibility to web-based attacks such as XSS and clickjacking. The lack of GDPR compliance elements like privacy policies and consent mechanisms exposes the company to regulatory fines and legal challenges. Additionally, there is no formal information security framework or incident response plan, which hinders the ability to manage and recover from security incidents effectively. While network security and some email/dns security aspects are relatively strong, they do not compensate for the critical gaps in web application security and regulatory adherence. Immediate remediation is necessary to protect customer data, maintain compliance, and uphold brand integrity. Without prompt action, the business faces escalating operational and legal risks.

O

OceanaGold

oceanagold.com

47

The website's overall security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all site visitors and transactions. Key security headers are either missing or weakly configured, increasing susceptibility to attacks such as clickjacking, cross-site scripting (XSS), and content injection. Compliance with GDPR and NIS2 regulations is notably lacking, particularly concerning cookie policies, consent mechanisms, and documented security frameworks, putting the business at risk of legal consequences. While the network security and DNS health are relatively strong, email security shows room for improvement, especially with DMARC enforcement. Immediate action is required to remediate critical and high-severity issues to protect customer data, maintain trust, and ensure regulatory compliance. Without prompt remediation, the organization faces heightened risks of cyber incidents and potential operational disruption.

F

Family Office Exchange

familyoffice.com

51

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing user data and communications to interception and manipulation. Significant compliance gaps exist, particularly with GDPR and NIS2 directives, risking legal penalties and reputational damage. Security headers are inadequately configured, leaving the site vulnerable to common web-based attacks such as cross-site scripting. While email security and network security are strong, foundational elements like incident response, security policies, and vulnerability disclosure frameworks are missing, undermining the organization's ability to detect, respond to, and mitigate threats effectively. DNS security is moderate but could be improved to reduce risks of DNS spoofing and related attacks. The absence of cookie management controls and transparency further increases regulatory non-compliance risk. Immediate remediation is essential to protect business continuity, customer trust, and regulatory standing.

B

Bentley Systems

legion.com

50

The website's security posture is currently weak and exposes the business to significant risks, notably due to lack of HTTPS encryption, absence of key GDPR compliance elements, and deficient information security governance. Critical vulnerabilities, including no HTTPS, missing privacy and cookie policies, and absence of incident response procedures, pose threats to data confidentiality, regulatory compliance, and customer trust. While network security and email security configurations are strong, foundational protections such as security headers and DNS configurations require improvement. The lack of GDPR-related policies and consent mechanisms increases legal and reputational risks, particularly in data privacy jurisdictions. Additionally, missing security framework documentation and vulnerability disclosure policies hinder the organization’s ability to manage and respond to cyber incidents effectively. Overall, urgent remediation is needed to protect sensitive information, meet compliance obligations, and safeguard business continuity. Immediate attention to encryption, policy development, and security controls will significantly reduce risk exposure.

The website's overall security posture is currently weak and exposes the business to significant risks, particularly due to the absence of HTTPS encryption, which is classified as critical. The lack of essential security headers such as Content-Security-Policy and missing GDPR compliance elements like privacy and cookie policies further exacerbates vulnerability and regulatory exposure. Additionally, the site lacks foundational NIS2 cybersecurity framework elements, including incident response procedures and security policy documentation, indicating immature security governance. While network security and email security scores are strong, these strengths do not mitigate the critical risks posed by missing encryption and compliance controls. The absence of GDPR-required consent mechanisms could lead to legal penalties and reputational damage. Overall, urgent remediation is needed to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Without addressing these critical issues, the business remains exposed to data breaches, regulatory fines, and customer trust erosion.

V

VolkerRail

volkerrail.nl

51

The website exhibits critical vulnerabilities that severely impact its security posture, notably the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust. Compliance with GDPR is critically deficient, with missing privacy measures, cookie consent, and policy elements, risking significant legal and financial penalties for operating as an EU business without proper safeguards. The lack of an information security framework, incident response procedures, and security policies further amplifies operational risks and regulatory non-compliance under NIS2 requirements. While network security and email security show strengths, foundational issues such as weak security headers and DNS security gaps must be addressed to prevent exploitation. Overall, the site is at high risk of data breaches, legal repercussions, and reputational damage unless urgent remediation occurs. Immediate focus on encryption, privacy compliance, and security governance is essential to protect business interests and customer trust. The current security posture scores indicate critical gaps in GDPR, NIS2, and SSL/TLS domains that require rapid attention. Addressing these will significantly improve compliance, resilience, and stakeholder confidence.

The website's security posture is critically insufficient, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting confidentiality and trust. Key security headers that protect against common web attacks are missing, increasing the risk of cross-site scripting and content injection. Compliance with GDPR and NIS2 regulations is lacking, with no privacy policies, cookie consent mechanisms, or incident response procedures documented. Email security and DNS health show moderate maturity but require improvements to prevent spoofing and domain hijacking. Although network security appears strong, it cannot compensate for critical deficiencies in application-layer and regulatory security controls. Immediate remediation is essential to protect customer data, ensure legal compliance, and maintain business continuity.

B

Balt Group

balt.fr

50

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation risks. Compliance with GDPR and NIS2 regulations is severely deficient, risking significant legal penalties and reputational damage. Key security headers are mostly missing, increasing vulnerability to clickjacking, cross-site scripting, and content injection attacks. Absence of essential policies such as incident response and security frameworks further heightens operational risks. Although DNS and email security show moderate strength, they cannot compensate for fundamental flaws in transport security and regulatory compliance. Network security posture is strong, indicating underlying infrastructure may be well-managed, but website-level controls are inadequate. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory adherence. Without urgent action, the business faces data breaches, compliance fines, and loss of customer confidence.

S

SIPCAM OXON

sipcam-oxon.com

52

The website's overall security posture is currently poor, with multiple critical and high-severity issues exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and integrity while violating GDPR and NIS2 regulations. Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing the risk of cross-site scripting and clickjacking attacks. GDPR compliance is weak due to missing cookie consent mechanisms and incomplete privacy policies, risking legal penalties and reputational damage. The organization's information security governance is insufficient, lacking documented policies, incident response procedures, and vulnerability disclosure protocols. While email security and network security show strengths, foundational web security and regulatory compliance must be urgently addressed to safeguard customer data and maintain business continuity. Immediate remediation is essential to avoid potential data loss, regulatory fines, and erosion of customer trust.

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Significant gaps exist in both regulatory compliance (GDPR) and operational security frameworks (NIS2), including missing privacy and cookie policies, absence of incident response and security documentation, and inadequate contact information. Although email security and network security show relatively better scores, the missing critical security headers and weak configurations undermine web application protections against common attacks. Failure to implement essential headers like Strict-Transport-Security and Content-Security-Policy increases the risk of man-in-the-middle and cross-site scripting attacks. The lack of vulnerability disclosure policies and business continuity planning further exacerbates risk management deficiencies. Immediate remediation is required to protect customer data, meet regulatory requirements, and safeguard business continuity. Addressing these issues promptly will reduce exposure to breaches, legal penalties, and reputational damage.

N

Nyetimber Limited

nyetimber.com

45

The website exhibits a critically weak security posture with multiple severe vulnerabilities that expose it to significant risks including data breaches, compliance violations, and service interruptions. The absence of HTTPS encryption, flagged as critical across SSL/TLS, GDPR, and NIS2 compliance areas, is the most alarming issue, leaving all data transmissions vulnerable to interception and manipulation. Key security headers critical for protecting against common web attacks are missing, increasing the risk of clickjacking, content injection, and cross-site scripting attacks. GDPR compliance is poor, notably lacking a cookie consent mechanism and potentially non-compliant privacy policies, which could result in regulatory penalties and damage to customer trust. NIS2 directives are largely unmet, with no documented security policies, incident response plans, or information security frameworks, exposing the business to operational risks and regulatory enforcement. Email security is moderately better but still incomplete, with missing DKIM records and weak DMARC enforcement that could facilitate phishing attacks. DNS security is fairly strong, but the absence of DNSSEC and CAA records leaves some attack vectors open. Network security within the infrastructure is solid, providing a good foundation to build upon. Immediate attention is required to address critical encryption and compliance gaps to protect the business, customers, and reputation.

T

Tyrus Capital

tyruscap.com

55

The website's overall security posture exhibits significant critical weaknesses, particularly the complete absence of HTTPS encryption, which exposes all transmitted data to interception and undermines regulatory compliance. Governance frameworks such as GDPR and NIS2 are poorly implemented, reflected in low scores and missing key elements including cookie consent, security policies, and incident response plans. While network security and email security show relative strength, critical gaps in secure communications and policy frameworks present substantial operational and reputational risks. The lack of GDPR-compliant privacy practices further increases the risk of regulatory penalties and customer trust erosion. Security headers are moderately implemented but missing important controls like the Permissions-Policy header. DNS security is partially addressed but lacks DNSSEC and CAA records, which could expose domain-related attacks. Immediate remediation is required to ensure data confidentiality, regulatory compliance, and resilience against cyber threats.

V

Visit Monaco

visitmonaco.com

38

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting confidentiality and trust. Key security headers are missing, increasing the risk of common web attacks like clickjacking and content injection. GDPR compliance gaps, such as missing privacy policies and cookie consent mechanisms, expose the organization to legal penalties. Additionally, the lack of an information security framework and incident response procedures undermines the ability to handle security incidents effectively. While network security and DNS health are relatively strong, critical email security measures like DMARC and DKIM are insufficiently implemented, risking phishing attacks. Immediate remedial action is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

E

Euro Events

euro-events.nl

45

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing vulnerability to web-based attacks. Compliance with GDPR and NIS2 regulations is insufficient, notably with no privacy or cookie policies, lack of incident response plans, and missing security documentation. Although email security and network security show relatively strong postures, critical gaps in core web security and legal compliance overshadow these strengths. Immediate remediation is essential to protect customer data, meet regulatory obligations, and maintain business continuity. Without urgent action, the business risks legal penalties, customer trust erosion, and potential operational disruptions. Investment in a comprehensive security framework and governance is urgently needed to elevate the security maturity level.

The website’s security posture reveals significant vulnerabilities that pose substantial risks to business operations and customer trust. The most critical concern is the absence of HTTPS encryption, exposing all data transmissions to interception and tampering, which can lead to data breaches and regulatory penalties. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, and inadequate email security measures further increase exposure to cyber threats and legal non-compliance. While network security and DNS health scores are relatively strong, DNSSEC and CAA records gaps could allow DNS spoofing or certificate mis-issuance attacks. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold the company’s reputation. Addressing these issues will significantly reduce the risk of cyber incidents and enhance customer confidence in the website’s security. Overall, the website is at moderate to high risk until critical and medium vulnerabilities are resolved.

I

Indigo Books & Music Inc.

indigo.ca

54

The website's overall security posture reveals significant critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes data in transit to interception and compromises user trust. Compliance-related deficiencies are severe, with extremely low GDPR and NIS2 scores indicating non-compliance risks that could result in substantial regulatory penalties and reputational damage. While network security and email security are relatively strong, foundational security controls such as security headers are only moderately implemented and require improvement. The lack of formal security policies, incident response procedures, and vulnerability disclosure mechanisms further amplifies the organization's risk exposure. Additionally, missing cookie consent mechanisms and privacy policy issues threaten legal compliance with data protection laws. DNS health is good but can be enhanced by enabling DNSSEC to prevent DNS spoofing attacks. Immediate remediation is essential to protect sensitive user data, ensure regulatory compliance, and maintain business continuity.

T

Tur Assist

turassist.com

47

The website's overall security posture is critically weak, with multiple severe vulnerabilities primarily due to the absence of HTTPS encryption and inadequate security headers. The lack of HTTPS not only exposes sensitive data in transit but also results in non-compliance with GDPR and NIS2 regulations, posing significant legal and reputational risks. Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing susceptibility to cross-site scripting and clickjacking attacks. Additionally, the absence of a privacy policy, cookie policy, and consent mechanisms indicates poor GDPR adherence, further risking regulatory penalties. The organization lacks foundational information security documentation, incident response procedures, and business continuity planning, undermining its ability to effectively manage and recover from security incidents. While email and network security appear strong, these do not compensate for the critical gaps in web and data protection. Immediate remediation is essential to protect customer data, maintain trust, and ensure compliance with legal frameworks. Overall, the current security posture exposes the business to high risk of data breaches, regulatory fines, and operational disruptions.

B

Besins Healthcare

besins-healthcare.com

53

The website's overall security posture is currently weak and poses significant risks to both business operations and customer trust. A critical failure to implement HTTPS encryption exposes all data exchanges to interception and undermines compliance with GDPR and NIS2 regulations. The absence of fundamental security policies and incident response procedures further increases vulnerability to cyber threats and regulatory penalties. Weak security headers and missing cookie consent mechanisms exacerbate privacy risks, potentially damaging the company’s reputation. While email security and network security show relatively stronger performance, critical gaps remain in governance and data protection frameworks. Immediate remediation is essential to prevent data breaches, ensure legal compliance, and maintain stakeholder confidence. Without urgent action, the business risks financial loss, regulatory fines, and erosion of customer trust. Strengthening encryption, policies, and compliance measures must be prioritized to safeguard the organization’s digital presence.

2

2PM Monaco

2pmmonaco.com

45

The website's security posture is critically weak, with multiple severe vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is the most critical flaw, undermining data confidentiality and integrity. Key security headers are largely missing, increasing susceptibility to common web attacks such as clickjacking, XSS, and content injection. Compliance with GDPR and NIS2 regulations is severely inadequate, notably lacking privacy policies, cookie consent mechanisms, and documented security and incident response procedures. While email and network security show strengths, the overall security framework is fragmented and insufficient for protecting sensitive data or maintaining customer trust. Immediate remediation is essential to mitigate potential legal liabilities and safeguard business continuity. Addressing these issues will not only enhance security but also improve customer confidence and regulatory compliance. Without urgent action, the organization remains exposed to high-impact cyber threats and operational disruptions.

L

Lorenza Von Stein Luxury Real Estate

lorenzavonstein.com

42

The website's security posture is currently weak and exposes significant risks to both business operations and customer trust. Critical vulnerabilities include the absence of HTTPS encryption, lack of essential email authentication, and missing critical security headers, which collectively leave the site highly susceptible to data interception, phishing, and content injection attacks. Additionally, the absence of GDPR compliance elements such as privacy and cookie policies, along with no cookie consent mechanism, exposes the business to regulatory penalties and reputational damage. The lack of documented information security policies, incident response, and business continuity plans indicates unpreparedness for managing security incidents effectively. While network security and DNS health show relatively better scores, the overall security framework is insufficient for protecting sensitive customer data and ensuring legal compliance. Immediate remediation is necessary to safeguard business continuity, customer trust, and comply with legal requirements. Without urgent action, the business faces increased risks of data breaches, regulatory fines, and operational disruptions.

T

Temenos

avoka.com

49

The website exhibits a severely weak security posture, primarily due to the absence of HTTPS encryption, which is classified as critical across multiple standards including GDPR, NIS2, and SSL/TLS assessments. Key security headers are largely missing, leaving the site vulnerable to attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. Compliance with GDPR and NIS2 regulations is notably deficient, with no cookie consent banner, inadequate privacy policies, and lack of documented security and incident response procedures. While network security and DNS health show some strengths, critical email security measures like SPF records are missing, increasing the risk of email spoofing. The overall risk profile exposes the business to regulatory penalties, reputational damage, and potential data breaches. Immediate remediation is necessary to protect customer data, ensure legal compliance, and maintain trust. Without urgent action, the business faces significant operational and financial risks.

A

Albanu

albanu.mc

41

The website's security posture is currently poor with multiple critical and high-risk vulnerabilities identified, exposing the business to significant cyber threats and regulatory non-compliance. The absence of HTTPS encryption is a fundamental and critical weakness, undermining data confidentiality and integrity. Key security headers are missing or misconfigured, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, presents legal and reputational risks, especially for customer data protection. Network security is compromised by exposure of high-risk services like FTP and SSH, which can be exploited for unauthorized access. Additionally, the absence of essential security governance documents and incident response procedures indicates immature security management practices. Immediate remediation is necessary to protect customer trust, comply with regulations, and safeguard business operations. Prioritizing these issues will reduce the risk of data breaches and potential financial and legal consequences.

O

Oracle Applications & Technology Users Group

oaug.org

40

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk including data breaches, regulatory penalties, and service disruptions. The absence of HTTPS encryption across the site is a fundamental flaw, compromising data confidentiality and integrity while violating GDPR and NIS2 requirements. Critical services like MySQL and FTP are exposed, increasing the attack surface and risk of unauthorized access. Key security headers are missing, leaving users vulnerable to clickjacking and cross-site scripting attacks. The lack of GDPR compliance measures such as privacy policies and cookie consent mechanisms exposes the company to legal and reputational risks. Additionally, the absence of an information security framework, incident response plans, and security policies indicates poor organizational cybersecurity maturity. Email security is moderately strong but insufficient to offset the broader systemic issues. Immediate remediation is essential to protect business operations, customer trust, and regulatory compliance.

The website exhibits significant security vulnerabilities, most notably the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. While network security posture is strong, critical gaps exist in foundational security controls such as email authentication and DNS protections. Compliance-related frameworks including GDPR and NIS2 are not adequately addressed, potentially risking regulatory penalties and reputational damage. The lack of proper security headers and missing DNS security configurations further increase the attack surface. Overall, the current security posture leaves the business vulnerable to data breaches, phishing attacks, and compliance violations. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory compliance. Addressing these issues will also strengthen the business's resilience against evolving cyber threats. Prioritizing HTTPS implementation and email security improvements will yield the highest impact in reducing risk.

F

FIPARC

fiparc.fr

46

The website exhibits significant security weaknesses, particularly in encryption, privacy compliance, and security governance, which pose substantial risks to business operations and customer trust. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and regulatory compliance, especially for EU customers under GDPR. Privacy policies and cookie consent mechanisms are missing, exposing the business to legal penalties and reputational damage. Security headers are inadequately configured, increasing susceptibility to common web attacks such as cross-site scripting. The lack of a formal information security and incident response framework demonstrates immature security governance, potentially delaying breach detection and response. While network security and email protections score relatively well, critical gaps in NIS2 compliance and data protection remain. Immediate remediation is needed to secure communications, ensure regulatory adherence, and establish foundational security policies. Addressing these issues will protect business continuity, customer data, and brand reputation.

The website's current security posture presents significant risks that could impact business operations and customer trust. The most critical issue is the absence of HTTPS encryption, exposing data transmissions to interception and manipulation. Additionally, the exposure of a high-risk service such as Remote Desktop Protocol (RDP) increases the attack surface, potentially leading to unauthorized access. Medium-level issues including missing security headers, lack of DKIM email authentication, and non-compliance with GDPR and NIS2 frameworks further weaken the security stance. The absence of DNSSEC and CAA records can lead to DNS spoofing and unauthorized certificate issuance, respectively. While some modules like email security and DNS health show moderate scores, the overall gaps indicate an urgent need for remediation. Addressing these vulnerabilities will enhance data protection, regulatory compliance, and overall resilience against cyber threats. Immediate action will reduce the risk of data breaches, reputational damage, and potential financial penalties.

H

Hallmark

hallmark.com

49

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines compliance with GDPR and NIS2 regulations. While network security and DNS health show relatively strong practices, significant gaps exist in governance, incident response, and data protection policies. Missing GDPR elements such as cookie consent and comprehensive privacy policies put the business at legal and reputational risk. The lack of a security framework and incident response procedures further increases vulnerability to cyberattacks and operational disruptions. Email security configurations are partial but require improvements to prevent phishing and spoofing. Security headers are suboptimal, potentially exposing the site to cross-site scripting and other attacks. Immediate remediation is required to protect customer data, maintain regulatory compliance, and safeguard business continuity.

A

Attention Required! | Cloudflare

montecarlosbm.com

43

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising all data in transit and violating GDPR and NIS2 requirements. Key security headers are missing, which increases susceptibility to common web attacks such as XSS and content injection. The lack of privacy and cookie policies and absence of consent mechanisms creates legal exposure under GDPR regulations. Additionally, the organization lacks fundamental information security frameworks, incident response plans, and vulnerability disclosure policies, indicating immature security governance. Email security is relatively stronger, but incomplete DMARC enforcement leaves phishing risks unmitigated. DNS health and network security are satisfactory, providing a foundation to build upon. Immediate remediation is essential to protect customer data, maintain compliance, and preserve business trust.

F

fortepharmashop-int

fortepharma.com

48

The website's overall security posture reveals significant critical vulnerabilities that pose immediate risks to business operations and compliance. The absence of HTTPS encryption is a critical failure affecting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 requirements. Key governance frameworks, such as information security policies, incident response, and business continuity plans, are missing, undermining the organization's ability to manage and recover from security incidents. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking regulatory penalties and reputational damage. Network security and DNS health are relatively strong, but email security can be improved to reduce phishing and spoofing risks. Security headers are partially implemented but require strengthening to enhance protection against web-based attacks. Immediate remediation efforts should focus on establishing fundamental security controls and compliance documentation to safeguard the business and its customers.

S

SwissBorg

swissborg.com

53

The website exhibits a severely weak security posture with critical deficiencies in fundamental areas such as HTTPS encryption, GDPR compliance, and adherence to NIS2 cybersecurity directives. Absence of HTTPS encryption exposes data in transit to interception, posing significant risks to user privacy and trust. The lack of cookie policy and consent mechanisms highlights potential legal non-compliance risks under GDPR, increasing exposure to regulatory penalties. Security governance is notably inadequate, with missing incident response, vulnerability disclosure, and security policy documentation, creating vulnerabilities to cyber threats and operational disruptions. While network and email security appear strong, critical gaps in security headers and DNS configurations further weaken defenses. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and uphold the organization’s reputation. Without swift action, the business faces increased risk of data breaches, legal liabilities, and loss of customer confidence.

A

Arrow Monaco

arrowyacht.com

40

The website's overall security posture is critically weak, with multiple high and critical risk findings that expose the business to significant threats. The absence of HTTPS encryption is the most severe issue, jeopardizing data confidentiality and integrity, and violating compliance standards such as GDPR and NIS2. Key HTTP security headers are missing or misconfigured, increasing the risk of web-based attacks like clickjacking and cross-site scripting. GDPR compliance is notably deficient, lacking fundamental privacy policies and consent mechanisms, which can lead to legal and reputational consequences. The lack of an established information security framework, incident response procedures, and business continuity planning indicates an immature security governance posture. Network exposure of high-risk services like FTP and SSH further increases the attack surface. While email security and DNS health show moderate strength, critical gaps in encryption and policy frameworks present urgent risks. Immediate remediation is essential to protect sensitive data, maintain customer trust, and ensure regulatory compliance.

E

Engineering Search Firm

esf.careers

42

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and missing key security headers leave user data vulnerable to interception and attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including privacy policies and cookie consent mechanisms, further increases legal exposure. Additionally, there is a severe deficiency in adherence to NIS2 requirements, with no security frameworks, incident response plans, or security policies documented. While network security and email security show relatively strong scores, foundational SSL/TLS protections and DNS security features like DNSSEC are inadequate or missing. Immediate remediation is essential to protect sensitive customer information, comply with regulations, and maintain trust. Without swift action, the business risks financial penalties and operational disruptions.