Security Directory

The website demonstrates a generally strong network and SSL/TLS security posture, scoring 100 in these areas, which is positive for protecting data in transit and maintaining system availability. However, critical weaknesses exist in email security, notably the absence of email authentication mechanisms like SPF, DKIM, and DMARC, exposing the business to phishing, spoofing, and email-based attacks that can damage brand reputation and lead to data breaches. Additionally, medium-level issues in security headers, GDPR compliance, NIS2 readiness, and DNS health indicate gaps in regulatory adherence and foundational security controls. Failure to implement DNSSEC and CAA records further increases risks related to DNS spoofing and unauthorized certificate issuance. Overall, while core infrastructure security is solid, urgent remediation of email security and compliance-related gaps is necessary to protect the organization’s trust and meet regulatory requirements. Addressing these issues will reduce exposure to social engineering attacks and improve regulatory confidence.

The website's security posture demonstrates significant vulnerabilities that pose immediate operational and reputational risks. Critical issues in DNS health, including DNS resolution failure, missing name servers, and domain registration problems, threaten the website’s availability and domain ownership integrity. Email security is severely compromised due to the absence of email authentication mechanisms like DKIM and SPF, increasing the risk of phishing and spoofing attacks. Medium-level failures in security headers and GDPR compliance indicate gaps in regulatory adherence and web security best practices, potentially exposing the business to legal liabilities and data breaches. While SSL/TLS implementation is strong, network security scanning failures suggest incomplete visibility into potential network threats. Overall, these deficiencies could lead to service outages, data compromise, and damage to customer trust if left unaddressed. Immediate remediation is critical to safeguard business continuity and maintain compliance with data protection regulations. Proactive monitoring and structured security governance will be essential moving forward.

S

Sony Future Filmmaker Awards

sonyfuturefilmmakerawards.com

80

The website demonstrates a generally strong security posture with no critical issues and high scores in SSL/TLS and network security modules. However, significant gaps exist in security headers configuration, email security protocols, and compliance with GDPR and NIS2 requirements, which could expose the business to risks such as data breaches, regulatory penalties, and reputational damage. Missing key HTTP headers like Strict-Transport-Security and Content-Security-Policy increase vulnerability to man-in-the-middle and cross-site scripting attacks. Email authentication weaknesses, including lack of enforced DMARC and absent DKIM records, raise the risk of phishing and email spoofing. Additionally, the absence of DNSSEC and incomplete policy records weaken DNS security, potentially enabling DNS spoofing attacks. Addressing these medium and high severity issues will enhance overall protection and regulatory compliance, safeguarding customer trust and business continuity. Immediate remediation focused on security headers and email authentication will yield the most impactful risk reduction.

M

Mojo Entertainment

mojo-ent.com

87

The website's overall security posture is moderate, with no critical vulnerabilities but several issues that could expose the business to risk. The presence of a high-risk exposed FTP service is the most significant concern, as it can lead to unauthorized data access or compromise. Medium-level issues such as expiring SSL certificates, lack of HSTS, missing DNSSEC, and failure in GDPR and NIS2 compliance indicate gaps in both technical controls and regulatory adherence. Email security is strong, scoring 100/100, which is positive for protecting communication channels. However, the absence of important security headers and incomplete DNS configurations reduces the site's resilience against common web attacks. Addressing these gaps is crucial to safeguard customer data, maintain regulatory compliance, and protect brand reputation. Proactive remediation will reduce the risk of breaches and potential legal or financial penalties.

S

Saga Connections

sagaconnections.co.uk

75

The website demonstrates a generally strong network and email security posture but exhibits significant gaps in compliance and information security frameworks. Critical headers like Content-Security-Policy are missing, increasing exposure to web-based attacks. GDPR compliance is notably weak, with absent cookie policies and consent mechanisms, risking regulatory penalties and damage to customer trust. The absence of an information security framework, security policies, and incident response procedures indicates poor organizational security maturity and readiness. SSL/TLS and DNS configurations are mostly sound but require attention to certificate renewal and DNSSEC enablement. Overall, the site’s security is adequate for basic operations but falls short in regulatory adherence, governance, and advanced web protections, which could lead to operational disruptions and legal consequences. Immediate focus on governance, compliance, and security policy implementation is critical to mitigate risks and uphold business reputation.

D

Direxion

direxion.be

59

The website's overall security posture is currently weak, with critical gaps in foundational security controls and regulatory compliance, particularly related to GDPR and NIS2 requirements. Missing key security headers expose the site to common web attacks such as clickjacking, XSS, and content injection. The absence of essential GDPR elements, including cookie policies and consent mechanisms, presents significant legal and reputational risks for an EU business. Network security is compromised by the exposure of high-risk services like FTP, increasing the attack surface. While SSL/TLS and DNS configurations are relatively strong, gaps in email security and vulnerability management remain. The lack of documented security policies, incident response, and business continuity planning further undermines resilience. Immediate remediation is required to protect sensitive data, comply with regulations, and maintain customer trust. Addressing these issues will also reduce the likelihood of costly breaches and regulatory penalties.

A

Apef

apefasbl.org

60

The website demonstrates several significant security weaknesses that could expose the business to data breaches, regulatory penalties, and operational disruptions. Critical headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing risk from man-in-the-middle and cross-site scripting attacks. GDPR compliance is notably lacking with no privacy or cookie policies, no consent banner, and insufficient third-party privacy management, which may lead to legal consequences and damage to customer trust. The absence of an information security framework, security policies, and incident response procedures indicates poor organizational security maturity, elevating the risk of prolonged breach impact. SSL/TLS configurations are weak, with expiring certificates and weak key lengths threatening secure communications. Some DNS and network security measures are adequate, but gaps like missing DNSSEC and exposed SSH services remain. Overall, the current posture suggests urgent remediation is needed to protect customer data, comply with regulations, and safeguard business continuity.

E

Emancipe

emancipe.be

58

The website's overall security posture is concerning, with multiple critical and high-severity issues primarily related to missing essential security headers, inadequate GDPR compliance, and insufficient network security controls. The absence of key HTTP security headers leaves the site vulnerable to common web attacks such as cross-site scripting (XSS), clickjacking, and data interception. GDPR compliance gaps, including missing privacy and cookie policies and lack of consent mechanisms, expose the business to regulatory penalties and reputational damage, especially as it operates within the EU. The lack of documented information security policies, incident response procedures, and business continuity planning further increases operational risk and reduces preparedness for security incidents. Network exposure of high-risk services like FTP and SSH without adequate controls significantly heightens the risk of unauthorized access and data breaches. While SSL/TLS and email security are strong, foundational security measures across web application and organizational policies need urgent attention. Addressing these vulnerabilities will reduce regulatory risk, enhance customer trust, and protect critical business assets from cyber threats.

J

Jason Brooks

jason-brooks.com

56

This website has 12 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website's overall security posture demonstrates strengths in network security and email security, with high scores of 100 and 95 respectively. However, there are critical vulnerabilities related to GDPR compliance and organizational security policies, particularly for EU business operations, which pose significant legal and reputational risks. The absence of a cookie policy, consent banner, and adequate privacy measures exposes the business to potential regulatory penalties under GDPR. Additionally, foundational security frameworks such as incident response procedures, security policies, and vulnerability disclosure mechanisms are lacking, undermining the organization's ability to manage and respond to cybersecurity events effectively. SSL/TLS configurations show weaknesses that could compromise data in transit, while DNS security features like DNSSEC are not fully implemented. Low-severity issues in security headers suggest room for improvement in protecting user data from leakage and caching risks. Immediate remediation of critical and high-risk issues will significantly enhance compliance posture and reduce threat exposure.

The website demonstrates a generally strong network and email security posture but exhibits significant deficiencies in compliance with GDPR and NIS2 regulations, which expose the business to legal and operational risks. The absence of fundamental privacy documentation such as Privacy and Cookie Policies, combined with missing consent mechanisms, places the company at high risk of regulatory penalties, particularly given its operations within the EU. Critical gaps in information security frameworks, incident response, and business continuity planning indicate insufficient preparedness against cybersecurity incidents. SSL/TLS configurations are suboptimal, with weak key lengths and an expiring certificate, potentially undermining data confidentiality and trust. While foundational DNS and security header settings are adequate, improvements are needed to enhance overall resilience. Addressing these issues promptly is essential to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Prioritizing remediation of privacy and security governance will significantly reduce business exposure and strengthen the security posture.

The website exhibits significant security gaps, particularly in GDPR compliance and NIS2 regulatory adherence, posing substantial legal and operational risks for the business. While network security and email security demonstrate strong postures, critical issues such as the absence of cookie consent mechanisms and privacy policies expose the organization to regulatory penalties and reputational damage. The presence of a weak SSL key length and upcoming SSL certificate expiration increases the risk of encrypted data interception. Missing incident response, security policies, and business continuity plans indicate unpreparedness for security events, threatening operational resilience. Low scores in GDPR and NIS2 modules highlight urgent needs for privacy governance and information security frameworks. Overall, the site’s technical security measures are mixed, but compliance deficiencies must be addressed immediately to avoid fines and customer trust erosion. Immediate attention to privacy policies and foundational security documentation will substantially improve the business risk profile.

M

mstack

mstack.nl

68

The website's overall security posture shows strengths in network security and email security, with scores of 100 and 95 out of 100 respectively. However, critical vulnerabilities exist in GDPR compliance and NIS2 regulatory adherence, scoring 18 and 25 respectively, which pose significant legal and operational risks. Key issues include the absence of cookie policies and consent mechanisms, lack of incident response and security policy documentation, and weak SSL configurations. These gaps not only expose the business to potential data breaches but also to regulatory penalties, particularly within the EU jurisdiction. While basic security headers and DNS health are generally well configured, improvements are needed to align with best practices. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will reduce liability and strengthen customer trust.

The website exhibits a generally strong network and email security posture, but critical deficiencies exist in GDPR compliance, NIS2 security governance, and SSL/TLS configuration. The critical GDPR issue indicates the business is operating in the EU without adequate privacy measures, posing significant regulatory and reputational risks. Multiple high-severity issues around the lack of security policies, incident response, and vulnerability disclosure reflect immature information security management, potentially leading to delayed breach detection and response. SSL/TLS weaknesses, including an expiring certificate and weak key length, expose the site to man-in-the-middle attacks and data interception. While security headers and DNS health are relatively strong, minor improvements would further harden the environment. Immediate remediation of GDPR non-compliance and NIS2 framework adoption are essential to avoid legal penalties and ensure business continuity. Addressing these gaps will significantly reduce risk exposure and enhance trust with customers and regulators.

The website exhibits a mixed security posture with strong network security and email protections but significant gaps in GDPR compliance and information security governance. Critical and high-severity findings around privacy policies, cookie consent, and EU data protection requirements expose the business to regulatory penalties and reputational risk. Additionally, the absence of key NIS2 security governance elements—including incident response, security policies, and business continuity planning—indicates immature cybersecurity management. SSL/TLS configurations also present vulnerabilities, such as weak key lengths and imminent certificate expiration, which could lead to compromised data in transit. While foundational controls like security headers and DNS health are generally good, low-level misconfigurations suggest opportunities for improvement. Addressing these issues holistically will reduce legal exposure, enhance customer trust, and strengthen resilience against cyber incidents. Immediate focus on GDPR compliance and security governance will yield the highest business impact.

C

Culture Montréal

culturemontreal.ca

56

The website's overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key security headers are missing, weakening protections against common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy or cookie policies and absence of consent mechanisms, which could lead to legal penalties and reputational damage. The lack of a formal information security framework, incident response plans, and security documentation under NIS2 regulations further heightens operational risk and regulatory exposure. Critical network services like MySQL and FTP are exposed publicly, representing immediate high-risk attack vectors. Email security is relatively strong but could be improved with stricter DMARC enforcement and reporting. SSL/TLS configurations require attention to avoid certificate expiry and enable HSTS for improved transport security. Overall, urgent remediation is needed to reduce exposure, ensure compliance, and safeguard customer trust.

R

Réseau Scènes

reseauscenes.com

56

The website’s overall security posture is currently inadequate, exposing the business to significant risk from both technical vulnerabilities and regulatory non-compliance. Critical and high-severity issues, including exposed critical services such as MySQL and FTP, combined with missing essential security headers, indicate a high likelihood of exploitation. The absence of key GDPR policies (Privacy Policy, Cookie Policy, and consent mechanisms) exposes the company to potential legal and reputational damage. Additionally, the lack of a formal information security framework, incident response plans, and security documentation under NIS2 requirements suggests immature security governance. While email security and DNS health scores are relatively strong, foundational web security controls, encryption enforcement (HSTS), and secure service exposure are lacking. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and avoid regulatory penalties. Addressing these gaps will also improve resilience against cyberattacks and support business continuity.

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but multiple high and medium-risk issues, particularly in security headers, GDPR compliance, and NIS2 regulatory adherence. Key gaps include missing essential HTTP security headers such as Strict-Transport-Security and Content-Security-Policy, exposing the site to man-in-the-middle and cross-site scripting attacks. GDPR compliance is poor, lacking privacy and cookie policies and consent mechanisms, risking regulatory penalties and reputational damage. Similarly, the absence of documented information security frameworks, incident response procedures, and security contact points undermines operational resilience and regulatory compliance under NIS2. Email security controls like DMARC and DKIM are partially implemented but need enforcement to prevent phishing risks. SSL/TLS and DNS configurations are relatively strong but can be further improved by enabling HSTS and DNSSEC. Network security posture is solid, indicating good infrastructure controls. Addressing these issues promptly will reduce legal risks, enhance customer trust, and strengthen overall cyber resilience.

The website exhibits a mixed security posture with strong email, SSL/TLS, and network security measures, reflected in high module scores. However, significant gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and absence of essential security governance documents. A critical issue flagged is operating as an EU business without adequate privacy safeguards, exposing the organization to regulatory fines and reputational damage. Medium-level security header deficiencies and DNS configuration gaps further increase the risk surface. While foundational technical controls are solid, the lack of formalized incident response, business continuity, and vulnerability disclosure processes signals immature security management. This combination represents a substantial compliance and operational risk that must be addressed promptly to safeguard customer trust and avoid legal penalties. Immediate attention to privacy, policy documentation, and incident readiness will provide the greatest business value and risk reduction.

C

Centre d'Imagerie du Sport de Monaco : IRM, scanner, échographie

centre-imagerie-sport-monaco.com

60

The website demonstrates a mixed security posture with no critical issues but multiple high and medium severity vulnerabilities that could significantly impact both security and regulatory compliance. Key weaknesses include missing essential security headers, inadequate GDPR compliance due to absent privacy and cookie policies, and a lack of foundational security governance frameworks such as incident response and security policies aligned with NIS2 requirements. SSL/TLS configurations and email security have notable gaps that could expose communications to interception or spoofing. However, network security and DNS health show relatively strong performance, indicating a stable underlying infrastructure. Failure to address these gaps increases the risk of data breaches, legal penalties, and reputational damage. Prioritizing compliance and foundational security controls will better protect customer data and maintain trust. Immediate remediation is critical to reduce exposure and align with industry best practices and regulatory mandates.

L

La Clinique Monte-Carlo

lacliniquemontecarlo.com

58

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. While there are no critical vulnerabilities detected, numerous high and medium severity issues exist, particularly around security headers, GDPR compliance, and information security governance aligned with NIS2 requirements. The absence of key HTTP security headers such as Strict-Transport-Security and Content-Security-Policy increases risk of web-based attacks. GDPR deficiencies, including missing privacy and cookie policies, expose the company to potential legal penalties and customer trust erosion. Lack of documented security policies and incident response plans under NIS2 further weakens the organization’s ability to manage and respond to cyber incidents effectively. SSL/TLS weaknesses and suboptimal email security settings present additional attack vectors. However, network security and DNS-related controls show relatively strong maturity. Immediate remediation in these areas will reduce risk and improve compliance posture substantially.

A

Agence Z&KO

zandko.fr

56

The website exhibits a concerning security posture with multiple critical and high-severity issues that expose the business to regulatory, operational, and reputational risks. Key deficiencies include the absence of fundamental security headers, lack of GDPR compliance mechanisms such as privacy and cookie policies, and missing core information security framework documentation required under NIS2 regulations. These gaps indicate inadequate protection of user data and insufficient preparedness for incident response, which could lead to regulatory fines and loss of customer trust. Additionally, the presence of high-risk exposed services like FTP and incomplete SSL/TLS configurations increase vulnerability to cyberattacks. While some areas like email security and DNS health show relative strength, the overall security maturity is low, necessitating immediate remediation. Addressing these issues will improve compliance, reduce attack surface, and safeguard business continuity. Without prompt action, the organization risks data breaches, legal penalties, and damage to its brand reputation.

M

MYSEA

mysea.co

64

The website's overall security posture is weak, with critical and high-severity vulnerabilities that expose the business to significant risks including data breaches and compliance violations. Key deficiencies include the absence of essential security headers, lack of GDPR compliance mechanisms such as cookie consent, and missing foundational NIS2 security policies and incident response plans. Critically, the exposure of database services (MySQL and PostgreSQL) and unsecured FTP services presents immediate threats that could lead to unauthorized access and data compromise. While email security and SSL/TLS configurations show moderate strength, gaps like impending SSL certificate expiration and missing HSTS reduce resilience against interception attacks. DNS security is fairly solid but could be improved with DNSSEC and CAA records. Overall, urgent remediation is required to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Failure to address these issues could result in financial loss, reputational damage, and legal penalties.

D

D-EDGE

fastbooking.com

65

The website's overall security posture reveals significant gaps in key areas critical to protecting business assets and customer trust. While no critical vulnerabilities were detected, there are multiple high and medium severity issues, particularly concerning missing security headers, GDPR compliance, and lack of formalized security frameworks. The absence of essential security headers like Strict-Transport-Security and Content-Security-Policy exposes users to elevated risks from man-in-the-middle and cross-site scripting attacks. GDPR compliance deficiencies, including no cookie consent banner and incomplete privacy policies, pose regulatory and reputational risks, especially in EU markets. The lack of incident response procedures and security policy documentation indicates immature organizational security governance, increasing potential downtime and breach impact. Email security and network infrastructure are relatively stronger but still require improvements to prevent phishing and spoofing threats. Immediate remediation will bolster customer confidence, reduce compliance risks, and lower the likelihood and impact of cyber incidents.

A

Andbank

andbank.es

55

The website's security posture is currently weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Critical and high-severity issues dominate the assessment, especially in privacy compliance (GDPR) and foundational web security headers, indicating gaps in legal and technical safeguards. The absence of key security headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to man-in-the-middle and cross-site scripting attacks. Lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks, especially for EU customers. The missing security framework, incident response procedures, and vulnerability disclosure policies reflect immature security governance, increasing exposure to prolonged or unmitigated incidents. Exposure of high-risk services such as FTP further elevates the attack surface. While email security, SSL/TLS, DNS health, and network security show moderate maturity, they still require improvements. Immediate attention to these issues will reduce risk, support regulatory compliance, and enhance customer trust.

A

Actyus | Fintech venture capital

actyus.com

63

The website demonstrates a moderate overall security posture with no critical issues but multiple high-severity vulnerabilities predominantly in governance, compliance, and configuration areas. Key deficiencies exist in GDPR compliance, including missing privacy and cookie policies and absence of a consent banner, exposing the organization to regulatory and reputational risks. Security headers are inadequately configured, increasing exposure to common web-based attacks such as clickjacking and cross-site scripting. The lack of a formal information security framework, incident response procedures, and security policy documentation indicates immature cybersecurity governance, which could delay breach detection and response. Email security and DNS health are relatively strong, though improvements in DMARC enforcement and DNSSEC could further reduce phishing and spoofing risks. SSL/TLS configuration issues, including weak key length and imminent certificate expiration, present risks to secure communications and customer trust. Network security posture is solid, providing a stable foundation for other improvements. Addressing these issues promptly will reduce regulatory exposure, enhance customer trust, and strengthen overall risk management.

I

Icecat NV

icecat.com

61

The website demonstrates a moderate to low overall security posture with no critical issues but multiple high and medium severity findings that pose significant risks. Key vulnerabilities include missing essential security headers, weak SSL configurations, and inadequate GDPR compliance due to absent privacy and cookie policies. Additionally, the absence of a formal information security framework and incident response procedures under NIS2 regulations exposes the business to regulatory non-compliance and operational risks. Email security and network security scores are relatively strong, but improvements are necessary to maintain trust and safeguard data. Immediate remediation is required to protect against clickjacking, cross-site scripting, data leakage, and legal penalties. Addressing these gaps will enhance customer confidence, reduce exposure to cyber threats, and ensure regulatory compliance. Failure to act promptly may result in reputational damage, financial losses, and legal consequences.

I

International University of Monaco

monaco-executive-education.com

67

The website exhibits a mixed security posture with strong network security and SSL/TLS configurations but significant gaps in compliance and core security policies. Critical and high-severity issues primarily surround email authentication, regulatory compliance (GDPR and NIS2), and absence of formal security documentation and procedures. The lack of email authentication poses immediate risks of phishing and email spoofing, undermining brand trust and deliverability. GDPR compliance deficiencies, including missing cookie policies and consent banners, expose the business to potential legal penalties and reputational damage. The absence of an information security framework, incident response plan, and vulnerability disclosure process under NIS2 indicates a maturity gap in organizational security governance. While technical controls like DNS and SSL are generally solid, missing headers and policy configurations reduce defense-in-depth effectiveness. Addressing these vulnerabilities is critical to safeguarding customer data, ensuring regulatory compliance, and maintaining operational resilience. Immediate action will mitigate risks, enhance customer trust, and support long-term business continuity.

O

OMNES Education

omneseducation.com

65

The website security assessment reveals a concerning overall security posture with no critical issues but multiple high and medium severity findings, particularly in governance, compliance, and security policy domains. Key weaknesses exist in security headers, GDPR compliance, and NIS2 regulatory adherence, exposing the business to legal risks, data privacy violations, and increased vulnerability to cyber threats. Email security and network security show relatively strong performance, reducing risk from phishing and network-based attacks. SSL/TLS configurations need urgent improvement to maintain secure communications, especially given the impending certificate expiry and weak key length. The absence of incident response and business continuity plans further heightens operational risk. Addressing these gaps will significantly reduce the risk of data breaches, regulatory fines, and reputational damage. Immediate focus on compliance and foundational security controls is essential to protect customer trust and meet regulatory requirements.

S

SupplHi S.r.l. Società Unipersonale

supplhi.com

63

The website demonstrates a moderate security posture with no critical vulnerabilities but several high and medium risk issues that warrant immediate attention. Key deficiencies exist in security header implementations, GDPR compliance, and adherence to NIS2 requirements, potentially exposing the business to regulatory, reputational, and operational risks. The absence of essential headers like Content-Security-Policy and X-Frame-Options increases susceptibility to web-based attacks such as clickjacking and cross-site scripting. GDPR-related gaps, including missing cookie policies and consent mechanisms, expose the company to legal penalties and erode customer trust. NIS2 compliance is particularly weak, lacking formal security frameworks, incident response plans, and documented policies, which could impair the company’s ability to handle cyber incidents effectively. Email security measures are moderate but require improvements to prevent phishing and spoofing threats. SSL/TLS and DNS configurations are relatively strong but need minor updates to maintain robustness. Overall, the organization should prioritize closing regulatory gaps and enhancing web security controls to protect its assets and reputation.

The website's security posture is currently weak, with critical gaps in privacy compliance, network security, and foundational security headers. Critical services like MySQL are exposed, significantly increasing the risk of data breaches and unauthorized access. The absence of GDPR-required policies and consent mechanisms puts the business at high legal and reputational risk, especially as it operates within the EU. Security headers are largely missing or misconfigured, leaving the site vulnerable to common web attacks such as clickjacking, XSS, and content injection. The lack of an established information security framework, incident response procedures, and vulnerability disclosure policies indicates immature cybersecurity governance. While email security and DNS health show moderate strength, SSL/TLS implementation needs improvement to ensure secure communications. Immediate remediation is necessary to reduce risk exposure and ensure regulatory compliance, protecting both customer data and business continuity.

B

Balearic Marine Cluster

balearicmarinecluster.com

61

The website’s security posture reveals significant gaps in foundational security controls and regulatory compliance, posing risks to both business operations and customer trust. While there are no critical vulnerabilities, multiple high and medium severity issues indicate a lack of essential security headers, incomplete GDPR compliance, and absence of key information security policies aligned with NIS2 requirements. The missing security headers expose the site to common web-based attacks like clickjacking, content injection, and cross-site scripting. GDPR non-compliance, including the absence of a privacy policy and cookie consent, risks regulatory penalties and reputational damage. The lack of incident response, security policies, and vulnerability disclosure procedures undermines the organization’s ability to manage and mitigate security incidents effectively. Exposure of high-risk services such as FTP further increases attack surface and potential data breaches. Although email security and DNS health are relatively strong, SSL/TLS and network security require immediate attention to prevent service disruptions and data interception. Overall, addressing these deficiencies is critical to protect customer data, maintain regulatory compliance, and safeguard business continuity.

U

USLI

bizresourcecenter.com

58

The website exhibits significant security weaknesses, particularly in foundational security controls such as HTTP security headers, email authentication, and compliance with GDPR and NIS2 regulations. Critical gaps like the absence of email authentication and incident response procedures expose the business to phishing risks and operational disruption. Missing key headers such as Strict-Transport-Security and Content-Security-Policy increase susceptibility to man-in-the-middle attacks and cross-site scripting. Compliance-related issues, including lack of cookie policies and privacy measures, present legal and reputational risks. While network security and DNS health show relatively strong postures, the presence of weak SSL configurations and expiring certificates further degrade trustworthiness. Overall, these vulnerabilities could lead to data breaches, regulatory penalties, and loss of customer confidence. Immediate remediation focused on critical security controls and compliance frameworks is essential to safeguard business operations and reputation.

The website security assessment reveals significant security gaps, particularly in foundational security headers, GDPR compliance, and adherence to NIS2 cybersecurity standards. While no critical issues were identified, the presence of multiple high and medium severity issues indicates a heightened risk of data breaches, regulatory fines, and reputational damage. The absence of key headers like Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks and cross-site scripting vulnerabilities. Non-compliance with GDPR, including missing privacy policies and cookie consent mechanisms, risks legal penalties and undermines customer trust. Additionally, poor NIS2 compliance, such as lacking incident response procedures and security policies, suggests unpreparedness for cyber incidents. SSL/TLS weaknesses and expiring certificates further threaten secure communications. However, strong network security and DNS health scores demonstrate a solid foundation to build upon. Immediate remediation is necessary to protect sensitive data, ensure regulatory compliance, and maintain business continuity.

M

Monaco Planning

monacoklanten.nl

52

The website's security posture is currently weak, with significant gaps in foundational security controls and compliance measures. Critical and high-severity issues predominantly stem from missing essential HTTP security headers, absent GDPR compliance elements, and lack of formal information security frameworks aligned with NIS2 regulations. These deficiencies expose the business to data breaches, regulatory penalties, and reputational damage, especially given the critical GDPR non-compliance for an EU business. While network and DNS security show relatively better maturity, critical gaps remain such as exposed SSH services and missing DNSSEC. Email security is moderately sound but can be further improved. SSL/TLS configurations need urgent attention to avoid man-in-the-middle attacks and ensure secure communications. Addressing these issues promptly will strengthen defense against cyber threats and demonstrate due diligence to customers and regulators.

A

AS Monaco Football Club

asmonaco.com

65

The website’s overall security posture reveals significant gaps, particularly in compliance with GDPR and NIS2 regulations, which pose high business and legal risks. While no critical vulnerabilities were detected, multiple high-severity issues, such as missing privacy policies, absence of security frameworks, and an expiring SSL certificate, threaten data protection and trust. Security headers are inadequately configured, increasing exposure to common web attacks. DNS and network security are relatively stronger but still have room for improvement. Immediate attention to legal compliance and foundational security policies is essential to avoid regulatory penalties and reputational damage. The lack of incident response and business continuity plans further exposes the organization to prolonged disruptions. Remediation efforts should prioritize legal compliance and securing communication channels to maintain customer trust and operational resilience.

B

Black Bull Group

blackbull-group.com

60

The website's security posture reveals significant gaps that expose the business to potential cyber risks and regulatory non-compliance. While there are no critical vulnerabilities, several high and medium-level issues, particularly in security headers, GDPR compliance, and network security, present serious concerns. Missing essential HTTP security headers increases exposure to web-based attacks such as clickjacking, content injection, and cross-site scripting. The absence of privacy and cookie policies, alongside missing cookie consent mechanisms, risks violating data protection regulations like GDPR, potentially resulting in legal penalties and reputational damage. Additionally, the lack of incident response procedures and vulnerability disclosure policies hampers the organization's ability to effectively manage and recover from security incidents. The exposure of high-risk services like FTP further elevates the threat landscape. Overall, immediate remediation is essential to enhance security posture, protect customer data, and ensure regulatory compliance to safeguard business continuity and trust.

N

Navitrans

navitrans.com

64

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but multiple high and medium severity issues, primarily related to missing security headers, GDPR compliance gaps, and inadequate security policies. Key risks include exposure of sensitive data due to absent headers like Strict-Transport-Security and Content-Security-Policy, and significant non-compliance with GDPR and NIS2 regulations, which could lead to regulatory fines and reputational damage. Additionally, the presence of a high-risk exposed FTP service and lack of incident response and security documentation pose risks of unauthorized access and inadequate breach handling. SSL/TLS and DNS configurations are fair but require improvements to ensure stronger encryption and domain integrity. Business continuity and vulnerability disclosure policies are also missing, undermining preparedness and transparency. Immediate remediation and policy development are essential to strengthen security, regulatory compliance, and customer trust.

B

Braque

braque.ca

52

The website demonstrates significant security weaknesses across multiple domains, presenting substantial risks to the business. Critical and high-severity findings include exposed critical services like MySQL and FTP, missing essential security headers, and lacking fundamental information security policies, which collectively leave the organization vulnerable to data breaches and compliance violations. The absence of GDPR-required elements such as privacy and cookie policies indicates regulatory non-compliance risks, potentially leading to fines and reputational damage. Email security and DNS health exhibit moderate maturity but require improvements to prevent phishing and domain spoofing. SSL/TLS configurations are suboptimal, with expiring certificates and mixed content issues that may undermine user trust and data confidentiality. Network security is particularly concerning due to exposed critical services without adequate protections. Overall, the organization is at high risk of cyber incidents, regulatory penalties, and customer trust erosion, necessitating urgent remediation efforts and governance improvements.

The website's overall security posture reveals significant vulnerabilities that pose both legal and operational risks. The presence of a critical SSL certificate issue undermines secure communications, potentially exposing sensitive user data and damaging customer trust. Several high-severity gaps in GDPR compliance, including missing privacy and cookie policies and absence of a cookie consent banner, expose the business to regulatory fines and reputational damage. Additionally, the lack of a formal security framework, incident response plan, and security documentation reflects immature cybersecurity governance, increasing the risk of prolonged downtime or data breaches. Security headers are poorly configured, missing critical protections against common web attacks. Although network security and email security show relatively strong scores, fundamental DNS security enhancements are needed. Immediate action is required to address these deficiencies to protect customer data, maintain compliance, and ensure business continuity.

3

3S-Innovation

3s-innovation.com

57

The website demonstrates several significant security weaknesses that expose the business to reputational, compliance, and operational risks. Critical security headers are missing, undermining protection against common web attacks such as clickjacking, content sniffing, and cross-site scripting. GDPR compliance is notably deficient, with absent privacy and cookie policies and no consent mechanisms, risking legal penalties and loss of customer trust. The absence of a formal information security framework, policies, and incident response procedures further exposes the organization to unmanaged threats and regulatory scrutiny under NIS2 directives. Weaknesses in SSL configuration, such as weak keys and impending certificate expiration, jeopardize data confidentiality and integrity during transmission. While network security posture and email security are relatively strong, urgent remediation is needed in web security headers, compliance documentation, and security governance. Addressing these vulnerabilities promptly will reduce potential breaches, ensure regulatory compliance, and strengthen stakeholder confidence.

The website currently exhibits significant security gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. Critical security headers are missing, weakening defenses against common web-based attacks such as clickjacking and content injection. GDPR compliance is insufficient, notably lacking cookie policies and consent mechanisms, increasing legal and financial risk. The absence of a formal information security framework and incident response plans highlights a lack of organizational maturity in cybersecurity governance. SSL/TLS configuration weaknesses and expiring certificates risk undermining encrypted communications and user trust. Although email security and network posture scores are relatively strong, DNS security can be improved. Overall, urgent remediation is needed to protect customer data, maintain regulatory compliance, and safeguard business continuity.

A

Alcantara S.p.A.

alcantara.com

67

The website demonstrates a concerning overall security posture with critical gaps in foundational security controls, particularly in web security headers, GDPR compliance, and adherence to NIS2 regulatory requirements. While no critical vulnerabilities were identified, multiple high-severity issues expose the business to risks such as data breaches, regulatory penalties, and reputational damage. Key deficiencies include absence of essential HTTP security headers, lack of documented security policies, and missing GDPR cookie consent mechanisms. Email security, SSL/TLS, DNS health, and network security show relatively strong performance, mitigating some risk vectors. However, the insufficient information security framework and incident response preparedness significantly reduce resilience against cyber incidents. Immediate remediation is needed to strengthen compliance, protect customer data, and ensure business continuity. Addressing these issues will enhance trust, reduce legal exposure, and align with industry best practices.

M

Majestas

billionairelife.com

73

The website demonstrates a moderate security posture with no critical vulnerabilities detected but multiple high and medium-risk issues that could expose the business to compliance risks and operational threats. Key concerns include non-compliance with GDPR due to the absence of a cookie consent banner and potential privacy policy gaps, which can lead to regulatory penalties and reputational damage. The lack of an information security framework, incident response procedures, and security policy documentation highlights significant gaps in governance, increasing the risk of inadequate incident handling and prolonged downtime. Weak security header configurations and exposed software versioning may facilitate exploitation by attackers. Additionally, email security and DNS configurations show room for improvement to prevent spoofing and enhance trustworthiness. Addressing these issues is essential to safeguard customer data, maintain regulatory compliance, and ensure business continuity. Immediate remediation efforts will strengthen defenses against cyber threats and regulatory scrutiny, supporting long-term business resilience.

F

FMS Solutions

fmssolutions.com

60

The website demonstrates significant security weaknesses, particularly in critical HTTP security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements. No critical vulnerabilities were found, but twelve high-severity issues indicate substantial risk exposure, especially related to missing security headers and lack of privacy policies. The absence of key headers like Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy increases susceptibility to common web attacks such as clickjacking, man-in-the-middle, and cross-site scripting. GDPR compliance gaps, including missing privacy and cookie policies and consent mechanisms, expose the business to regulatory penalties and reputational damage. Additionally, the lack of documented information security frameworks, incident response, and business continuity plans under NIS2 requirements presents operational risks. SSL/TLS implementation is weak due to expiring certificates, weak key lengths, and mixed content, which may undermine user trust and data confidentiality. DNS and network security are relatively strong, but DNSSEC and CAA records should be configured to enhance domain integrity. Immediate remediation is necessary to protect customer data, maintain compliance, and safeguard business continuity.

The website's overall security posture is critically weak, with multiple severe vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Notably, the absence of HTTPS encryption is a critical issue affecting confidentiality and trust. The lack of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy further increases susceptibility to web-based attacks. Compliance with GDPR and NIS2 frameworks is severely lacking, with missing privacy policies, cookie consent mechanisms, and no documented security or incident response procedures. DNS and network configurations also present vulnerabilities, such as missing name servers and exposed services. While email security is relatively strong, the overall risk profile is dominated by critical deficiencies in encryption, policy, and governance. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business reputation.

M

Medicis Consult

medicis-consult.com

44

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is a fundamental vulnerability, affecting confidentiality, integrity, and trust with users and partners. Missing critical security headers, such as Strict-Transport-Security and Content-Security-Policy, leaves the site vulnerable to common web attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including a privacy policy and cookie consent, poses legal and reputational risks. Furthermore, the absence of an information security framework, incident response procedures, and security policy documentation suggests immature security governance. Exposure of high-risk services like FTP and insufficient DNS security controls further increase the attack surface. While email security scores relatively well, the overall environment requires urgent remediation to protect business assets, customer data, and maintain regulatory compliance. Immediate action is needed to mitigate these critical vulnerabilities and establish a robust security foundation.

R

Rosengart

rosengart.mc

38

The website's security posture is currently poor, with multiple critical and high-severity issues posing significant risks to data confidentiality, integrity, and regulatory compliance. Most notably, the absence of HTTPS encryption critically exposes user data to interception and undermines trust. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, content injection, and cross-site scripting. The lack of GDPR compliance elements such as a privacy policy, cookie policy, and consent mechanisms exposes the business to legal penalties and reputational damage. Additionally, the absence of NIS2-related security frameworks, policies, and incident response plans indicates inadequate preparedness against cyber threats and regulatory requirements. While network security posture and DNS health show relative strength, other foundational security controls need urgent implementation. Overall, immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity and trust.

D

Dan-Bunkering

dan-bunkering.com

50

The website's overall security posture is currently poor, with critical deficiencies in fundamental protections such as HTTPS encryption and essential security headers. The absence of HTTPS puts all data transmissions at risk of interception, undermining user trust and regulatory compliance. Additionally, the site lacks key GDPR compliance elements, including a cookie policy and consent mechanisms, exposing the business to legal and financial penalties. The NIS2-related controls are notably weak, with missing security policies, incident response plans, and vulnerability disclosure procedures, increasing operational risk. While email security and network security are strong, these are overshadowed by critical gaps in web and data protection layers. DNS health is moderate, but enabling DNSSEC would enhance DNS integrity. Immediate attention to these critical vulnerabilities is essential to safeguard customer data, maintain regulatory compliance, and protect brand reputation.

The website's overall security posture is severely deficient, with multiple critical vulnerabilities that expose the business to significant risks including data breaches, non-compliance penalties, and reputational damage. The absence of HTTPS encryption is a glaring issue impacting confidentiality and user trust. Key security headers are missing, increasing susceptibility to web-based attacks such as XSS and clickjacking. The lack of GDPR compliance elements like privacy policies and consent mechanisms exposes the company to regulatory fines and legal challenges. Additionally, there is no formal information security framework or incident response plan, which hinders the ability to manage and recover from security incidents effectively. While network security and some email/dns security aspects are relatively strong, they do not compensate for the critical gaps in web application security and regulatory adherence. Immediate remediation is necessary to protect customer data, maintain compliance, and uphold brand integrity. Without prompt action, the business faces escalating operational and legal risks.