Security Directory

V

VR Payment GmbH

vr-payment.de

40

VR Payment GmbH is a specialized payment solutions provider serving the Volksbanken Raiffeisenbanken network and their merchants. The company offers a broad range of services including card readers, terminals, cashless payment methods, e-commerce payment integration, and value-added services such as digital receipt management and mobile payment solutions. The website reflects a professional and consistent brand presence targeting merchants, banks, and resellers within the financial and payment technology sectors in Germany. The company maintains a medium-sized market presence with a focus on innovation and customer-centric payment solutions. Technically, the website is built on the Contao CMS platform and leverages modern JavaScript libraries such as jQuery, jQuery UI, and Swipe.js for UI interactions. It uses Matomo for analytics and Usercentrics for consent management, indicating a mature approach to user privacy and data tracking. However, the website suffers from a critical security deficiency due to an invalid or missing SSL certificate and lack of enabled TLS protocols, which severely undermines HTTPS security and user trust. From a security perspective, while the site has HSTS enabled with preload and a valid SPF record, the absence of a valid SSL certificate and TLS support is a major vulnerability. No incident response or explicit security policy information is found, and no vulnerability disclosure or security.txt file is present. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Contact information is readily available through multiple channels including email, phone, and detailed contact forms. Overall, the website is content-rich, professionally designed, and privacy-conscious but critically impaired by its SSL/TLS configuration issues. Immediate remediation of the SSL certificate and enabling modern TLS protocols is essential to restore security posture and trustworthiness.

M

MaRS Discovery District

marsdd.com

53

MaRS Discovery District is a leading Canadian urban innovation hub focused on supporting startups and entrepreneurs in sectors such as cleantech, health, and fintech. It operates as a registered charity and provides a broad range of services including workspace leasing, investment facilitation, and community building. The website is built on WordPress with modern web technologies and integrates tools like Gravity Forms and OneSignal for enhanced user engagement. Despite a professional and content-rich website, the absence of a valid SSL certificate and HTTPS support significantly impacts the security posture. Privacy and terms policies are well documented, supporting compliance efforts. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent security improvements to protect user data and enhance trust.

E

Eurasia Group

eurasiagroup.net

64

Eurasia Group is a prominent global political risk consultancy headquartered in the United States with additional offices in Washington and London. The company specializes in providing political risk advisory, management consulting, thought leadership, speaking engagements, and event services to businesses and organizations navigating geopolitical uncertainties. Their market position is that of an established leader in the political risk and geopolitical analysis sector, supported by a strong digital presence and client engagement platforms. Technically, the website is built on a modern ASP.NET framework with extensive use of JavaScript libraries such as jQuery and UI components, hosted behind Cloudflare for performance and security. The site demonstrates good mobile optimization, fast loading times, and solid SEO practices. Integration with marketing and analytics tools like MailChimp, Hotjar, Facebook Pixel, and Twitter tracking indicates a mature digital marketing strategy. From a security perspective, the site employs HTTPS with TLS 1.3 and 1.2, uses secure and HttpOnly cookies, and has OCSP stapling enabled. However, it lacks some advanced security headers such as HSTS and Content-Security-Policy, which are recommended for enhanced protection. The site has well-defined privacy and cookie policies with consent mechanisms, indicating good privacy compliance. No critical vulnerabilities or exposed sensitive data were detected. Overall, Eurasia Group's website reflects a professional, secure, and privacy-conscious digital presence aligned with its business objectives. Strategic improvements in security headers and incident response transparency could further strengthen its security posture and trustworthiness.

6

6WIND

6wind.com

59

6WIND is a technology company specializing in virtualized and secure networking software solutions. Their offerings target communication service providers, mobile network operators, cloud providers, and enterprises worldwide. The company positions itself as a trusted provider of high-performance, scalable, and cost-effective networking software, including virtual service routers, host accelerators, and cloud-native solutions. The website reflects a professional and consistent brand with rich content, including testimonials, case studies, and video resources. Technically, the site is built on WordPress with the Avada theme and integrates modern libraries and marketing tools such as Google Analytics, Pardot, and LinkedIn widgets. However, the security posture is weakened by an invalid or missing SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications and trust. Privacy compliance is well-handled with a cookie consent mechanism and a comprehensive privacy policy. Overall, the site demonstrates good digital maturity but requires immediate attention to its SSL configuration to improve security and user trust.

Z

ZENIT GmbH

zenit.de

40

ZENIT GmbH is a regional innovation and technology center based in North Rhine-Westphalia, Germany, focused on transforming the Mittelstand (SMEs) through services in innovation, technology transfer, digitalization, funding, and internationalization. The company holds a strong market position as a key facilitator and network coordinator for SMEs and research institutions in NRW, leveraging partnerships with European and regional stakeholders. The website reflects a mature digital presence with comprehensive content, event management, and community testimonials. Technically, the site is built on WordPress with modern JavaScript libraries and SEO optimizations, but suffers from a critical lack of a valid SSL certificate and modern security configurations, exposing it to significant security risks. Privacy compliance is partially met with a detailed privacy policy but lacks cookie consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain credibility.

F

Firstlead GmbH

adcell.de

40

ADCELL, operated by Firstlead GmbH, is a well-established affiliate marketing network founded in 2003, targeting the German-speaking markets of Germany, Austria, and Switzerland. The platform connects publishers, advertisers, and agencies, offering a performance-based affiliate marketing model with no setup fees or monthly charges. The company enjoys a strong market position with over 64,000 active publishers and 2,426 partner programs, supported by multiple industry awards and certifications. The website content is rich, professionally designed, and targets a broad audience including publishers, advertisers, and agencies. Technically, the site uses common web technologies such as jQuery, Bootstrap, and slick sliders, hosted behind Cloudflare DNS services. However, the site lacks a valid SSL certificate and HTTPS support, which is a critical security shortfall. Privacy compliance is addressed with a consent management platform and clear privacy and cookie policies. Overall, the site demonstrates good business credibility but requires urgent security improvements.

E

EDITION Hotels

editionhotels.com

62

EDITION Hotels is a luxury boutique hotel brand operated under Marriott International, offering unique, localized hotel experiences across major global cities and emerging markets. The website reflects a strong brand presence with comprehensive information about hotel locations, services, and offerings. Technically, the site is built on WordPress with a rich set of modern JavaScript libraries and frameworks, ensuring good user experience and mobile optimization, though performance could be improved due to high resource count and page size. Security posture is solid with HTTPS, valid SPF and DMARC records, and no critical vulnerabilities detected, but improvements in security headers and SSL configurations are recommended. Privacy compliance is well addressed with a comprehensive privacy policy and OneTrust cookie consent mechanism. Overall, the site demonstrates a mature digital presence suitable for a large hospitality brand.

C

CyberForum e.V.

cyberlab-karlsruhe.de

40

CyberLab Karlsruhe is a well-established startup accelerator and community hub operating under CyberForum e.V. It offers comprehensive services including founding consulting, accelerator programs, coworking spaces, mentoring, coaching, and investment facilitation. The website targets startups and entrepreneurs primarily in Germany, positioning itself as a key regional player with over 28 years of experience and a large active network. Technically, the site is built on TYPO3 CMS, uses modern TLS protocols, and integrates various frontend libraries and APIs, though performance is hindered by a high number of resources and slow load times. Security posture is adequate with HTTPS and SPF records but lacks advanced features such as HSTS, OCSP stapling, DMARC, DNSSEC, and certificate transparency compliance. Privacy compliance is good with a clear privacy policy and cookie consent mechanism. Overall, the site is professional, trustworthy, and content-rich, but could improve technical and security aspects to enhance user experience and protection.

K

Koelncongress GmbH

koelncongress.de

52

Koelncongress GmbH is a well-established event management company based in Cologne, Germany, with a strong market position as the largest provider of exceptional event locations in the city. They offer full-service event planning and hosting for a wide range of events including conferences, corporate events, cultural and social gatherings. Their website reflects a mature digital presence built on WordPress, featuring detailed event calendars, news, and multiple location pages. Technically, the site uses modern TLS protocols and has implemented strong email authentication mechanisms such as SPF and DMARC, but lacks advanced SSL features like HSTS and OCSP stapling. The company demonstrates good privacy compliance with GDPR-aligned policies and cookie consent mechanisms. However, there are opportunities to enhance DNS security and SSL configurations. Overall, the security posture is moderate with room for improvement in certificate transparency and DNSSEC adoption.

M

Münchener Hypothekenbank eG

mhb.de

60

Münchener Hypothekenbank eG is a specialized financial institution focused on long-term real estate financing, serving private customers, commercial clients, and investors primarily in Germany. The bank emphasizes sustainability in its lending practices and maintains a strong market position with a history dating back to 1896. The website reflects a mature digital presence built on Drupal 10, integrating modern frontend technologies and a comprehensive cookie consent mechanism via Cookiebot. Analytics are handled through Matomo, balancing user tracking with privacy compliance. Security posture is solid with modern TLS protocols and no known vulnerabilities, though improvements such as DNSSEC, DMARC, and HSTS could enhance protection. Contact information is clearly presented, supporting customer engagement. Overall, the site demonstrates professionalism and trustworthiness aligned with its financial services business.

M

Medienfachverlag Johann Oberauer GmbH

oberauer.com

62

Medienfachverlag Johann Oberauer GmbH is a leading media publishing company in the DACH region specializing in journalism, PR, communication, and printing industry publications and events. The company operates multiple industry magazines, organizes prestigious events and awards, and manages digital portals and job platforms targeting media professionals. Technically, the website is built on WordPress with a modern tech stack including jQuery, WP Rocket, and Google Tag Manager, optimized for performance and SEO but currently lacks a valid SSL certificate, which is a critical security gap. The security posture shows good email authentication practices with SPF and DMARC but misses HTTPS enforcement and advanced DNS security features. Overall, the company demonstrates strong market positioning and digital maturity but should urgently address SSL/TLS issues to protect user data and enhance trust.

P

Protected Tomorrows Inc.

protectedtomorrows.com

67

Protected Tomorrows Inc. is a specialized non-profit organization dedicated to providing compassionate guidance and resources for families and caregivers of individuals with special needs. Their market position is focused on niche services including advocacy, financial advisory, educational programs, and membership-based community support. The website offers a comprehensive range of services and resources, including free tools, expert Q&A, and a shop with educational materials, positioning them as a trusted ally in future planning for special needs families. Technically, the website is built on WordPress with WooCommerce and integrates multiple plugins for events, forms, payments, and analytics. The hosting is managed via WP Engine with Cloudflare CDN, ensuring good performance and availability. Security-wise, the site has a valid SSL certificate but lacks modern TLS protocol support and some advanced security headers. Cookie consent and privacy policies are implemented with GDPR compliance in mind, and accessibility is addressed via an ADA widget. Overall, the site demonstrates a good balance of business focus, technical maturity, and security awareness, though there is room for improvement in security hardening and transparency.

Casino City's GlobalGamingAlmanac.com is a subscription-based online service providing comprehensive global casino and gaming market data, including jurisdictional gaming activities, property profiles, revenue data, and regulatory information. The platform targets gaming industry professionals and businesses seeking detailed analytics and market insights. Technically, the site is built on a legacy ASP.NET WebForms framework, utilizing jQuery and jQuery UI for client-side interactivity, and is hosted behind Cloudflare DNS services. While the SSL certificate is valid and HSTS is enabled with preload, the site lacks support for modern TLS protocols, which is a notable security gap. The site employs Google Analytics for user tracking but does not implement a cookie consent mechanism, which may impact privacy compliance. Security policies and incident response information are not publicly disclosed, indicating room for improvement in transparency and governance.

Casino City Press operates the North American Gaming Almanac website, providing detailed and comprehensive data on casino and gaming markets across North America. Their service targets industry professionals, regulators, and analysts by offering subscription-based access to gaming directories, revenue data, market analysis tools, and regulatory information. The company has an established market presence since 2003 and positions itself as a key data provider in the gaming media sector. Technically, the website is built on ASP.NET Web Forms with jQuery and uses Cloudflare for DNS and hosting services. While the site implements strong HSTS policies and has a valid SSL certificate, it lacks support for modern TLS protocols, which is a critical security gap. The site uses Google Analytics and Tag Manager for user tracking but does not implement explicit cookie consent mechanisms. Overall, the security posture is moderate with room for improvement in encryption protocols and DNS security. Business contact information is clearly provided, but no social media presence or physical address is listed.

Casino City's IndianGamingReport.com is a specialized subscription-based service providing comprehensive research and data on the U.S. Indian gaming industry. The platform offers detailed nationwide and state-level statistics, revenue figures, market analyses, historical data, and future outlooks tailored for a diverse audience including tribes, gaming companies, investors, and regulators. Technically, the website is built on an ASP.NET framework with legacy XHTML markup and utilizes jQuery libraries alongside Google Analytics and Tag Manager for tracking. The site is hosted behind Cloudflare DNS but suffers from an invalid SSL certificate and lacks support for modern TLS protocols, which undermines its security posture. While security headers such as HSTS and CSP are properly configured, the absence of a valid SSL certificate and cookie consent mechanisms indicate areas for improvement. Overall, the website demonstrates moderate professionalism and content relevance but requires technical and security enhancements to improve trust and compliance.

Casino City Press operates the Gaming Almanac Online platform, providing specialized gaming market intelligence services including revenue data, statistics, property profiles, and market analysis tools for various gaming sectors such as North American, Indian, global gaming, and iGaming industries. The company targets gaming industry professionals and businesses seeking detailed market insights and operates a subscription and trial-based business model. Technically, the website is built on Microsoft IIS with ASP.NET 4.0 and uses jQuery libraries alongside Google Analytics for tracking. However, the site lacks a valid SSL certificate and modern security configurations, exposing it to potential risks. The security posture is weak with no GDPR compliance indicators or security policies visible. Overall, the site offers good content relevance but basic design and user experience, with moderate trustworthiness due to the lack of security best practices.

C

Casino City, Inc.

casinocitytimes.com

91

Casino City Times is an established online media platform specializing in casino and gaming industry news, strategy, and tips. It serves a niche audience of casino enthusiasts and industry professionals by providing regularly updated content including gaming strategy articles, featured stories, legal and financial news, and newsletters. The site is part of the broader Casino City Network, linking to several partner sites focused on online casinos, poker, and gaming news. Technically, the website uses legacy XHTML with a ColdFusion backend, enhanced by jQuery and Google Analytics for tracking. However, the site lacks a valid SSL certificate, which undermines its security posture despite having strong security headers like HSTS and CSP. The absence of GDPR-compliant cookie consent and limited visible contact information indicate areas for compliance improvement. Overall, the site maintains good content quality and user experience but requires modernization and enhanced security measures.

Casino City Press operates the iGaming Directory, a subscription-based platform providing comprehensive data and analytics on the online gaming industry. The website offers detailed profiles of gaming sites, operators, software suppliers, payment processors, regulatory jurisdictions, and affiliate programs, targeting industry professionals and businesses. The platform holds a strong market position as a leading provider of iGaming business intelligence with a medium-sized operation founded in 2003. Technically, the site uses ASP.NET Web Forms with jQuery and integrates Google Analytics and Tag Manager for tracking. Hosting and DNS services are managed via Cloudflare, enhancing availability and security. Security posture is solid with proper HTTP security headers and HSTS enabled; however, the SSL configuration lacks modern TLS protocol support, which is a notable gap. Privacy compliance is basic, with privacy and terms pages present but no cookie consent mechanism or GDPR-specific disclosures. Overall, the site is professional with good content relevance but could improve in mobile optimization and accessibility.

C

Casino City, Inc.

casinocity.com

69

Casino City, Inc. operates a comprehensive online casino directory and gambling information platform, serving a broad audience of casino enthusiasts and industry professionals. The website offers extensive listings of online casinos, poker sites, bingo, sportsbooks, and skill games, complemented by gaming news, strategy articles, and newsletters. The business model relies on advertising and affiliate marketing, supported by a network of related sites under the Casino City brand. Technically, the site uses legacy HTML and ColdFusion backend technology, with JavaScript libraries such as jQuery and Google Analytics for tracking. Hosting and DNS are managed via Cloudflare, providing some security and performance benefits. Security posture is moderate, with valid SSL and HSTS enabled, but lacking modern TLS protocols and cookie consent mechanisms. No explicit security or incident response policies are published, and no social media presence is directly linked. Overall, the site is functional and trusted within its niche but would benefit from modernization and enhanced security and privacy compliance.

Serveris.lv, operated by SIA Datateks, is a Latvian hosting service provider established in 2002, offering web hosting, virtual servers, SSL certificates, and server rental services. The company targets Latvian businesses and individuals requiring reliable and professional hosting solutions with 24/7 technical support. Their market position is solid within the local telecommunications sector, supported by long-term customer relationships and positive testimonials. Technically, the website runs on Apache with PHP 5.6.40, uses common JavaScript libraries like jQuery, and integrates marketing and analytics tools such as Google Analytics, Facebook Pixel, and Cookiebot for cookie consent. The SSL certificate is valid but lacks modern TLS protocol support, and security headers are minimal. No explicit privacy or security policies are published, though cookie consent is implemented. Contact information is clearly provided, including phone, email, WhatsApp, and Skype.

The website demonstrates a generally stable security posture with no critical vulnerabilities detected. However, there are significant gaps in compliance and governance, notably in GDPR and NIS2-related areas, which pose substantial legal and operational risks. The absence of privacy and cookie policies, along with missing consent mechanisms, exposes the business to regulatory penalties and undermines user trust. Furthermore, the lack of documented information security frameworks, incident response procedures, and vulnerability disclosure policies indicates immature security governance and preparedness. Email security weaknesses, such as missing SPF and DKIM records, increase the risk of phishing and email spoofing attacks that can damage brand reputation. While the SSL/TLS and network security configurations are strong, improvements are needed in security headers and DNS settings to enhance overall protection. Addressing these issues promptly will reduce compliance risks, protect sensitive data, and strengthen the company’s cybersecurity resilience.

P

Pearson

lumerit.com

67

The website demonstrates a moderate security posture with no critical vulnerabilities but multiple high and medium-risk issues that need immediate attention. Key weaknesses include missing essential security headers, weak SSL configurations, and significant GDPR compliance gaps such as the absence of privacy and cookie policies and consent mechanisms. Additionally, the lack of documented information security frameworks, incident response procedures, and business continuity plans exposes the organization to regulatory and operational risks, especially under NIS2 requirements. While email and network security appear robust, the overall low scores in GDPR and NIS2 compliance indicate potential legal liabilities and increased exposure to security incidents. Proactive remediation will safeguard customer trust, ensure regulatory compliance, and protect business continuity. Prioritizing these improvements is crucial to mitigating reputational and financial risks associated with data breaches and non-compliance penalties.

P

Pearson

pearsonaccelerated.com

70

The website's overall security posture reveals significant gaps primarily in compliance with privacy regulations and foundational security policies. While technical protections like email security, SSL/TLS configurations, and network security are strong, critical governance and policy frameworks such as GDPR compliance and NIS2 requirements are largely absent or insufficient. Missing privacy and cookie policies, lack of consent mechanisms, and absence of incident response and security documentation expose the business to regulatory fines and reputational damage. Additionally, key security headers are missing, increasing the risk of client-side attacks. The DNS security posture is moderate but can be improved. Addressing these issues promptly will reduce legal risks, protect customer data, and strengthen the company’s cybersecurity resilience. Overall, the website is vulnerable to regulatory scrutiny and certain attack vectors, necessitating immediate attention to governance and policy controls alongside technical improvements.

P

Pearson

pearsonhighered.com

67

The website demonstrates a generally strong technical security foundation in network security, SSL/TLS configurations, and email security, with scores above 80% in these areas. However, significant gaps exist in security headers implementation, data privacy compliance (GDPR), and adherence to the NIS2 directive, with scores as low as 25%. The absence of critical policies such as Privacy Policy, Cookie Policy, incident response, and security documentation exposes the business to regulatory and reputational risks. Missing Content-Security-Policy and Permissions-Policy headers increase the risk of client-side attacks. Lack of GDPR compliance elements, including cookie consent and third-party privacy transparency, could lead to legal penalties and loss of customer trust. The absence of a vulnerability disclosure policy and business continuity planning further weakens the organization's resilience against cyber threats. Overall, while technical defenses are solid, governance, compliance, and data protection require urgent attention to safeguard the business and maintain stakeholder confidence.

N

National Payments Corporation of India

upichalega.com

62

The website's overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Key deficiencies include the absence of core email authentication protocols, lack of a documented information security framework, and missing critical security headers, which collectively weaken both technical defenses and compliance standing. GDPR compliance gaps, such as missing cookie policies and consent mechanisms, increase the risk of regulatory penalties and customer trust erosion. While network security and DNS health show relative strength, foundational controls like SSL/TLS key management and incident response procedures are inadequate. Immediate remediation is needed to protect sensitive data, uphold legal requirements, and ensure business continuity. Addressing these issues will enhance customer confidence and reduce exposure to cyber threats. The current state suggests the need for a prioritized security improvement plan integrating policy, technical, and compliance measures.

The website exhibits significant security and compliance gaps that could expose the business to legal, reputational, and operational risks. While there are no critical vulnerabilities, multiple high-severity issues related to missing security headers, absence of GDPR compliance measures, and lack of foundational information security frameworks are evident. The absence of a Privacy Policy, Cookie Policy, and consent mechanisms increases the risk of regulatory penalties and undermines user trust. Additionally, missing incident response and security policy documentation hampers the organization's ability to effectively manage and respond to security incidents. Although email security, SSL/TLS, DNS health, and network security scores are relatively strong, foundational security controls such as HSTS and DNSSEC require improvement. Immediate remediation is essential to align with industry best practices and relevant regulations like GDPR and NIS2. Addressing these gaps will substantially reduce the risk of data breaches, regulatory fines, and damage to brand reputation.

The website demonstrates a concerning overall security posture with significant gaps in foundational web security headers and regulatory compliance, particularly related to GDPR and NIS2 directives. Although no critical vulnerabilities were identified, the presence of 11 high-severity issues—especially missing key security headers and lack of privacy policies—exposes the business to risks including data breaches, legal non-compliance, and reputational damage. The absence of incident response and security policy documentation further increases organizational risk by limiting preparedness for potential cyber incidents. Email security, SSL/TLS, DNS health, and network security show relatively strong scores, indicating good controls in these areas. However, the lack of strict transport security (HSTS) and DNSSEC weakens the overall defense posture. Immediate remediation of compliance gaps and security header misconfigurations is essential to reduce legal liabilities and improve customer trust. The business should prioritize establishing clear security governance and incident response capabilities to align with industry and regulatory standards.

M

Move, Inc.

move.com

63

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but numerous high and medium risk issues, particularly in security headers, GDPR compliance, and NIS2 regulatory alignment. Key gaps include missing essential HTTP security headers and absence of privacy and cookie policies, which increase exposure to data breaches and regulatory penalties. The lack of incident response procedures, security policy documentation, and security framework indicate immature security governance, potentially impacting business resilience. Email security, SSL/TLS configuration, DNS health, and network security show relatively strong controls, mitigating some risks. However, missing GDPR elements and security headers threaten customer trust and compliance standing, which could lead to legal consequences and brand damage. Immediate remediation in these areas will strengthen defense-in-depth and regulatory compliance. Overall, the site needs focused improvements in baseline security controls and policy implementations to reduce risk and ensure data protection.

I

Inforoutes 06

inforoutes06.fr

57

The website's overall security posture reveals significant gaps, particularly in privacy compliance and core security controls. Critical issues include the absence of essential email authentication, exposing the organization to phishing risks, and non-compliance with GDPR regulations despite operating in the EU, which could result in legal penalties and reputational damage. The lack of security policies, incident response procedures, and vulnerability disclosure mechanisms indicates immature information security governance. Missing key HTTP security headers such as Content-Security-Policy and X-Frame-Options increase exposure to common web attacks like clickjacking and cross-site scripting. Additionally, the presence of a high-risk exposed FTP service and issues within SSL/TLS configurations further elevate the risk profile. While DNS and network security show moderate maturity, critical controls require immediate attention. Addressing these findings will enhance regulatory compliance, reduce cyber risk, and protect customer trust.

The website demonstrates a concerning security posture with no critical issues but several high-impact vulnerabilities primarily related to missing security headers, lack of GDPR compliance, and absence of essential security policies. Key risks include exposure to man-in-the-middle attacks due to missing Strict-Transport-Security, clickjacking threats from absent X-Frame-Options, and legal/regulatory risks stemming from missing privacy and cookie policies. The lack of an incident response plan and security framework further exposes the business to prolonged downtime and data breaches. While email security, DNS health, and network security scores are relatively strong, deficiencies in SSL/TLS configuration and mixed content issues reduce overall trustworthiness. Immediate remediation is necessary to protect user data, comply with regulations, and maintain customer confidence. Addressing these gaps will significantly reduce the risk of cyber incidents and potential financial and reputational damage. Overall, the site requires focused security governance and technical improvements to elevate its security maturity to an acceptable business standard.

M

Monaco Planning

monacoklanten.nl

52

The website's security posture is currently weak, with significant gaps in foundational security controls and compliance measures. Critical and high-severity issues predominantly stem from missing essential HTTP security headers, absent GDPR compliance elements, and lack of formal information security frameworks aligned with NIS2 regulations. These deficiencies expose the business to data breaches, regulatory penalties, and reputational damage, especially given the critical GDPR non-compliance for an EU business. While network and DNS security show relatively better maturity, critical gaps remain such as exposed SSH services and missing DNSSEC. Email security is moderately sound but can be further improved. SSL/TLS configurations need urgent attention to avoid man-in-the-middle attacks and ensure secure communications. Addressing these issues promptly will strengthen defense against cyber threats and demonstrate due diligence to customers and regulators.

B

Best Western Plus Casino Royale Hotel

casinoroyalehotel.com

45

The website's overall security posture is critically weak, with multiple high and critical severity issues posing significant risks to business operations and compliance. The absence of HTTPS encryption represents an immediate threat to data confidentiality and integrity, undermining user trust and exposing sensitive information to interception. Key security headers are missing, leaving the site vulnerable to common web attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. GDPR compliance is severely lacking, increasing regulatory and legal risks due to missing cookie policies, consent mechanisms, and privacy safeguards. The lack of an established information security framework, incident response procedures, and business continuity plans further exacerbates operational risks under the NIS2 directive. While network security and email security show some strengths, critical gaps in SSL/TLS implementation and DNS security reduce overall trustworthiness. Urgent remediation is required to protect user data, ensure regulatory compliance, and maintain business continuity in the face of evolving cyber threats.

M

Monaco Mediax

tvfestival.com

43

The website’s security posture is currently poor, with multiple critical and high-risk vulnerabilities that expose the business to significant cyber threats and compliance violations. The absence of HTTPS encryption is a critical and immediate risk, compromising data confidentiality and integrity, and violating GDPR and NIS2 regulatory requirements. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of privacy and cookie policies, as well as the absence of a cookie consent banner, places the business at risk of GDPR non-compliance and potential legal penalties. Additionally, the organization has not implemented essential information security frameworks, policies, or incident response procedures, weakening its ability to manage and recover from security incidents. Although email security and network security postures are relatively strong, gaps in DNS security and policy documentation remain. Immediate remediation is necessary to protect customer data, maintain trust, and comply with regulatory mandates, thereby safeguarding the business’s reputation and operational continuity.

T

TB Events

tbevents.nl

38

The website exhibits a severely deficient security posture with multiple critical vulnerabilities that expose it to significant risks, including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most critical flaw, leaving all data transmissions unprotected and violating EU GDPR and NIS2 regulations. Key security headers are missing, increasing the risk of clickjacking, cross-site scripting, and content injection attacks. The lack of privacy policies and cookie consent mechanisms further exposes the business to legal and compliance penalties under GDPR. Critical gaps in information security frameworks, incident response, and business continuity planning indicate immature security governance. Email security mechanisms like DMARC and DKIM are partially implemented but need enforcement and reporting improvements. DNS security is moderate but can be enhanced by enabling DNSSEC and configuring CAA records. Overall, urgent remediation of encryption, privacy compliance, and security policy documentation is essential to safeguard business operations and customer trust.

S

Solamito Properties

solamito-properties.mc

44

The website's overall security posture is critically deficient, with multiple high and critical severity issues across key areas such as encryption, privacy compliance, and security policies. The absence of HTTPS encryption exposes all data transmissions to interception and manipulation, representing the most urgent risk to both users and business integrity. Critical gaps in GDPR compliance, including missing privacy and cookie policies as well as lack of cookie consent mechanisms, put the organization at risk of regulatory sanctions and reputational damage. Security headers essential for protecting against common web attacks are largely missing, increasing vulnerability to clickjacking, XSS, and other exploits. Furthermore, foundational governance elements like incident response procedures, security policies, and vulnerability disclosure frameworks are absent, indicating a lack of mature security management. DNS and email security posture are relatively strong, but these do not compensate for the critical failures in encryption and compliance. Immediate remediation is required to safeguard customer data, maintain trust, and meet legal obligations. Without prompt action, the organization faces significant operational, financial, and reputational risks.

B

BOURBON

bourbonoffshore.com

42

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is a fundamental flaw affecting GDPR, NIS2, and general security compliance, making all data transmissions vulnerable to interception. Key security headers are missing, increasing susceptibility to common web attacks such as XSS and clickjacking. GDPR compliance is severely lacking due to missing cookie consent mechanisms and incomplete privacy documentation, which could lead to heavy fines. The lack of an established information security framework, incident response procedures, and vulnerability disclosure policies signals immature security governance. Email security is insufficient, with no authentication protocols configured, raising the risk of phishing and spoofing attacks. While network security and DNS health show relatively better posture, critical gaps in SSL/TLS and governance overshadow these strengths. Immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity.

The website exhibits a severely deficient security posture, with critical vulnerabilities that expose it to significant risk, including the absence of HTTPS encryption, which compromises data confidentiality and trust. Multiple missing security headers weaken defenses against common web attacks such as clickjacking, cross-site scripting, and content sniffing. GDPR compliance is notably lacking due to the absence of a privacy policy, cookie consent mechanisms, and transparent third-party data handling, exposing the business to regulatory penalties. The NIS2-related findings reveal a lack of foundational security governance, including no information security framework, incident response plans, or business continuity strategies, which jeopardizes operational resilience. While email and DNS security show moderate maturity, critical network security risks remain, such as the exposure of high-risk services like FTP. The cumulative effect of these issues poses significant risks to data integrity, customer trust, regulatory compliance, and business continuity. Immediate remediation is essential to mitigate potential breaches, legal consequences, and reputational damage.

G

GROUP Andbank

andbank.com

45

The website's overall security posture is currently poor, with critical vulnerabilities that pose significant risks to both the business and its users. The absence of HTTPS encryption is a severe issue, exposing data in transit to interception and undermining compliance with GDPR and NIS2 regulations. Key security headers are either missing or weakly configured, increasing susceptibility to common web attacks such as clickjacking and content injection. Privacy compliance is lacking, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Additionally, the organization lacks foundational security governance, including incident response, security policies, and vulnerability disclosure procedures, which impairs its ability to manage and respond to threats effectively. Email security is moderately strong but could be improved with stricter DMARC enforcement and reporting. DNS security measures like DNSSEC are not enabled, reducing protection against DNS spoofing. Network security itself is well managed, indicating some internal controls are in place. Immediate remediation is critical to prevent data breaches, regulatory fines, and erosion of customer trust.

F

Fortellis

fortellis.io

65

The website fortellis.io demonstrates a moderate technical security setup with strong network, SSL/TLS, and email security foundations; however, it lacks critical governance and compliance measures, particularly in privacy policies and incident management. The absence of essential headers and GDPR/NIS2 compliance documentation exposes the business to regulatory, reputational, and operational risks. Addressing these compliance and policy gaps is imperative to reduce legal liability and enhance customer trust.

E

Enterprise Holdings, Inc.

enterprisecarshare.ca

75

The website https://enterprisecarshare.ca demonstrates a generally strong network and email security posture but exhibits significant gaps in web security headers, GDPR compliance, and critical NIS2 regulatory requirements. These deficiencies expose the business to data privacy risks, regulatory non-compliance penalties, and potential incident management failures. Immediate attention is needed to strengthen security policies, user data protection measures, and incident response capabilities to safeguard brand reputation and ensure legal compliance.

A

Avis Budget Group

unlimited-rewards.com

60

The website https://unlimited-rewards.com exhibits a significantly weak security posture with multiple critical and high-risk issues spanning security headers, GDPR compliance, email authentication, and information security policies. Key gaps in foundational security controls and regulatory compliance expose the business to data breaches, legal penalties, and reputational damage. Immediate remediation is necessary to protect sensitive customer data and ensure business continuity.

C

Commute with Enterprise

commutewithenterprise.com

75

The website commutewithenterprise.com demonstrates strong network, SSL/TLS, and email security controls, but suffers from significant gaps in governance and compliance, particularly related to GDPR and NIS2 requirements. Missing critical security policies, headers, and consent mechanisms expose the business to regulatory risks and potential operational disruptions despite a generally secure infrastructure.

M

ManaBite

manabite.lv

60

The website https://manabite.lv exhibits significant security and compliance deficiencies, particularly related to GDPR and NIS2 regulatory requirements, putting the business at high risk of legal penalties and reputational damage. While network security appears robust, critical gaps in privacy policies, security frameworks, and email authentication protocols need immediate attention to safeguard customer data and ensure regulatory compliance.

The website exhibits significant security weaknesses, particularly in foundational web security controls, privacy compliance, and incident management frameworks, posing substantial risks to user trust and regulatory adherence. While network security and DNS health are relatively strong, critical gaps in email authentication, SSL/TLS configuration, and GDPR compliance demand immediate attention to protect the business and its customers.

The security posture of dtiportal.com is currently poor, with critical gaps in email authentication, security headers, and compliance with privacy regulations, exposing the business to increased risk of data breaches, regulatory penalties, and reputational damage. While network security and DNS health are relatively strong, the absence of key policies and protections represents significant vulnerabilities that must be addressed promptly.

Theamerican.org currently exhibits significant security gaps primarily in web security headers, GDPR compliance, and adherence to NIS2 cybersecurity framework requirements, resulting in a high-risk posture despite strong network, email, and TLS configurations. The absence of core policies and protections exposes the organization to regulatory penalties, data breaches, and reputational damage. Immediate remediation is critical to strengthen legal compliance and reduce attack surface.

The website https://pensoft.net exhibits significant security gaps, particularly in foundational security headers, GDPR compliance, and critical information security policies, resulting in a high-risk posture. While network and email security show strength, the absence of key protections like Strict-Transport-Security and privacy policies exposes the business to regulatory, reputational, and operational risks. Immediate remediation is needed to safeguard data, maintain customer trust, and align with compliance requirements.

The website actionmapping.com exhibits significant security gaps, particularly in web security headers, GDPR compliance, and foundational security policies, resulting in an overall unknown risk rating. While network and email security measures appear strong, critical deficiencies in SSL configuration and incident response readiness expose the business to data breaches, regulatory penalties, and reputational damage. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain trust.

E

Exclusive Networks

exclusive-networks.com

64

The website exclusive-networks.com exhibits significant security weaknesses, particularly in web security headers, GDPR compliance, and NIS2 regulatory adherence, which collectively expose it to data breaches, regulatory penalties, and reputational damage. While network security and email security show strengths, critical SSL/TLS and privacy policy gaps present immediate risks that must be addressed to safeguard business operations and customer trust.