Security Directory

H

Hoozin

hoozin.com

40

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability that undermines data confidentiality and trust, while missing essential security headers leave the site open to common web attacks such as clickjacking and cross-site scripting. GDPR compliance is severely lacking, with no cookie policy or consent mechanisms, creating legal exposure and reputational damage risks. Network security is compromised by the exposure of high-risk services like FTP and MySQL without adequate protections, increasing the attack surface. The lack of incident response, security policies, and business continuity planning under the NIS2 framework indicates immature security governance. Although email security and DNS health score relatively well, these strengths do not offset the critical deficiencies elsewhere. Immediate remediation is required to protect customer data, maintain regulatory compliance, and safeguard business continuity. Without urgent action, the organization risks financial penalties, loss of customer trust, and potential service outages.

The website's security posture is currently poor, with multiple critical and high-severity issues exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The complete lack of HTTPS encryption is a critical vulnerability that undermines all web traffic security and violates GDPR and NIS2 regulations. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and data leakage attacks. Additionally, the absence of privacy and cookie policies, as well as consent mechanisms, exposes the organization to legal penalties under GDPR. The lack of documented information security frameworks and incident response procedures further increases the risk of inadequate breach handling and prolonged downtime. Exposed high-risk services like FTP and SSH without proper controls elevate the attack surface. Email security is moderately strong but should be improved with DMARC enforcement. Overall, immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain customer trust.

The website's overall security posture exhibits significant vulnerabilities, with one critical issue and multiple medium-level concerns that collectively expose the business to potential data breaches and regulatory non-compliance. The absence of HTTPS encryption is the most pressing risk, as it undermines data confidentiality and user trust. Additionally, failure to implement essential security headers and email authentication mechanisms like DKIM increases susceptibility to phishing and man-in-the-middle attacks. Compliance gaps relating to GDPR and NIS2 frameworks suggest potential legal and financial repercussions. DNS security can be improved by enabling DNSSEC and configuring CAA records to prevent domain hijacking and unauthorized certificate issuance. Despite a strong network security posture, these deficiencies represent immediate priorities to safeguard sensitive information and maintain regulatory compliance. Addressing these issues will enhance customer trust, protect brand reputation, and reduce the risk of costly security incidents.

The website's current security posture presents significant risks that could impact business operations and customer trust. The most critical issue is the absence of HTTPS encryption, exposing data transmissions to interception and manipulation. Additionally, the exposure of a high-risk service such as Remote Desktop Protocol (RDP) increases the attack surface, potentially leading to unauthorized access. Medium-level issues including missing security headers, lack of DKIM email authentication, and non-compliance with GDPR and NIS2 frameworks further weaken the security stance. The absence of DNSSEC and CAA records can lead to DNS spoofing and unauthorized certificate issuance, respectively. While some modules like email security and DNS health show moderate scores, the overall gaps indicate an urgent need for remediation. Addressing these vulnerabilities will enhance data protection, regulatory compliance, and overall resilience against cyber threats. Immediate action will reduce the risk of data breaches, reputational damage, and potential financial penalties.

The website's overall security posture is concerning due to a critical issue: the absence of HTTPS encryption, exposing users and business data to interception and tampering. While network security is strong, medium-level issues such as missing security headers, lack of DNSSEC, and failure to comply with GDPR and NIS2 requirements indicate gaps in regulatory compliance and security best practices. The lack of DKIM records increases the risk of email spoofing, potentially harming brand reputation and email deliverability. Low-level issues like missing CAA records further reduce the domain's resilience against unauthorized certificate issuance. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and avoid regulatory penalties. Addressing these issues will enhance data confidentiality, integrity, and compliance readiness, thereby strengthening the business’s cybersecurity defenses and reputation.

C

Crédit Foncier

creditfoncier.com

46

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory fines, and reputational damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all secure communications and violating multiple compliance requirements. Key security headers are missing or improperly configured, increasing susceptibility to common web attacks such as clickjacking and content injection. GDPR compliance is severely lacking, with missing privacy, cookie policies, and consent mechanisms, which may lead to regulatory penalties. The organization also shows minimal adherence to the NIS2 directive, lacking fundamental security policies, incident response plans, and information security frameworks. Email security is moderately strong but still requires improvements to prevent spoofing and phishing. DNS and network security are relatively better but need enhancements like DNSSEC implementation. Immediate remediation is essential to protect business operations, ensure customer trust, and comply with legal obligations.

H

Hazera

hazera.com

50

The website's overall security posture is currently at significant risk, primarily due to the complete lack of HTTPS encryption, which is critical for protecting data in transit and maintaining user trust. Multiple critical and high-severity issues indicate gaps in compliance with GDPR and NIS2 regulations, including missing privacy and cookie policies, absence of a cookie consent banner, and lack of security documentation and incident response procedures. While email security and network security show strong scores, foundational web security controls such as Content-Security-Policy headers and security frameworks are missing or weak. The absence of HTTPS not only affects security but also business credibility, search engine rankings, and regulatory compliance. Additionally, DNS security enhancements like DNSSEC are not enabled, increasing exposure to DNS-based attacks. The lack of clear privacy policies and consent mechanisms also poses legal and reputational risks. Immediate remediation is essential to safeguard customer data, ensure compliance, and protect the business from cyber threats and regulatory penalties.

W

Wyser

wyser-search.com

47

The website's current security posture is critically weak, with multiple severe vulnerabilities exposing it to significant risk. The absence of HTTPS encryption is a fundamental flaw, affecting data confidentiality and trust, and violates GDPR and NIS2 requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to common web attacks like XSS and protocol downgrade attacks. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory fines and reputational damage. The absence of documented information security frameworks, security policies, and incident response procedures indicates immature organizational security governance. While email security and network security are relatively strong, this does not compensate for the critical gaps in web application and data protection. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and preserve business reputation. Without swift action, the organization risks data breaches, regulatory penalties, and loss of customer trust.

S

Sonema

sonema.com

44

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, which exposes all data transmissions to interception and undermines trust and compliance. Multiple critical and high-risk issues span security headers, GDPR compliance, and NIS2 regulatory requirements, indicating significant gaps in both technical controls and governance documentation. The absence of essential headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to common web attacks such as man-in-the-middle and cross-site scripting. Non-compliance with GDPR and NIS2, including missing privacy policies, cookie consent mechanisms, and incident response procedures, exposes the business to legal risks and potential fines. While network security and DNS health show relatively stronger scores, these cannot compensate for foundational security failures. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and preserve customer trust. Without urgent action, the business faces increased risk of data breaches, legal penalties, and reputational damage. Overall, the current state demands prioritized investment in encryption, policy development, and security hardening.

I

Inside Systems A/S

insidesystems.com

50

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data in transit to interception and manipulation. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. GDPR compliance is severely lacking, with no cookie policy or consent banner, potentially leading to regulatory penalties and loss of customer trust. The absence of an information security framework, incident response procedures, and security policy documentation further exacerbates the organization's vulnerability to cyber threats and operational disruptions. While email and network security are strong, these isolated strengths do not mitigate the critical risks posed by the core deficiencies. The low scores in NIS2 compliance indicate the organization is unprepared to meet mandatory cybersecurity standards, risking legal and financial consequences. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold the company's reputation. Failure to address these issues may result in data breaches, regulatory fines, and significant business disruption.

A

Arcus Consulting LLP

arcus.uk.com

41

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental flaw impacting data confidentiality and trustworthiness. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy policy or cookie consent mechanisms, risking legal penalties and loss of customer trust. The lack of an information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. Email security measures like DMARC and DKIM are insufficient, raising the risk of phishing and spoofing attacks. Exposure of high-risk services like FTP further amplifies vulnerability to unauthorized access. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the business’s reputation.

G

Groupe Banque Richelieu

banquerichelieu.com

42

The website's security posture is currently poor, with multiple critical and high-severity issues significantly increasing business risk. The absence of HTTPS encryption is a critical vulnerability, exposing all data transmissions to interception and undermining customer trust and compliance with regulations. Key security headers are missing, which weakens protection against common web attacks such as clickjacking and cross-site scripting. The lack of GDPR compliance elements like privacy and cookie policies, and consent mechanisms, exposes the business to legal penalties and reputational damage. Additionally, the absence of fundamental NIS2 controls such as incident response procedures, security policies, and a security framework indicates immature security governance. Email authentication mechanisms are partially implemented but need enforcement to reduce phishing risks. DNS security is moderately healthy but could be improved by enabling DNSSEC. Overall, immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard customer trust.

A

AFIMAC Global

afimacglobal.com

45

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. Key deficiencies include the complete lack of HTTPS encryption, absence of essential security headers, and non-compliance with GDPR requirements such as missing cookie policies and consent mechanisms. Furthermore, the organization lacks foundational NIS2 framework elements like incident response procedures and security policy documentation, highlighting immature security governance. While email security and network security show relatively strong scores, critical SSL/TLS and web application security gaps undermine these strengths. Immediate remediation is crucial to protect customer data, ensure regulatory compliance, and maintain trust. Without swift action, the business risks financial loss, legal consequences, and operational disruptions. This assessment clearly indicates the need for urgent investment in web security controls and governance frameworks.

M

Molori Private Collection

molorisafari.com

42

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and trust. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, content injection, and MIME-type sniffing. GDPR compliance deficiencies, including lack of privacy and cookie policies, place the company at risk of legal penalties. Additionally, the lack of an information security framework, incident response plan, and vulnerability disclosure policy signals immature security governance. Email security is moderately strong but could be improved. DNS configurations are generally good but could be enhanced with DNSSEC and CAA records. Network security posture is solid but insufficient to compensate for fundamental web security gaps. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

I

InspireME Monte Carlo sarl

inspireme-mc.com

40

The website's security posture is currently poor, with multiple critical and high-severity vulnerabilities that expose the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical flaw that jeopardizes all data in transit, undermining customer trust and violating GDPR and NIS2 regulations. Missing essential security headers like Strict-Transport-Security and Content-Security-Policy further increase exposure to common web attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, risks regulatory penalties and loss of customer confidence. Additionally, inadequate incident response, security policies, and business continuity planning indicate insufficient preparedness for security incidents. The exposure of high-risk services like FTP, which is inherently insecure, amplifies the attack surface. Overall, immediate remediation is needed to protect sensitive customer data, ensure regulatory compliance, and maintain business continuity.

N

NEOFA

neofa.com

35

The website's security posture is currently poor, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical issues include the complete lack of HTTPS encryption, which undermines all data confidentiality and integrity. The absence of essential security headers and policies leaves the site vulnerable to common web attacks such as clickjacking, cross-site scripting, and content injection. Furthermore, the lack of GDPR compliance elements such as privacy and cookie policies, and missing consent mechanisms, poses legal risks and potential fines. Deficiencies in NIS2 compliance and incident response planning highlight gaps in organizational readiness to address and recover from security incidents. While network security is strong, foundational elements like DNS health and email authentication require improvement to prevent domain spoofing and phishing. Immediate remediation is essential to protect customers, maintain trust, and comply with legal obligations.

M

Magtor

magtor.tech

34

The website's security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption across the site is the most alarming vulnerability, leaving all data transmissions unprotected and potentially interceptable by attackers. Critical gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and essential security documentation, which could result in hefty regulatory penalties. Email systems lack fundamental authentication protocols, increasing the risk of phishing and spoofing attacks that could damage brand trust. The website also exposes high-risk services like FTP, which are known vectors for compromise. Additionally, basic security headers are misconfigured or absent, increasing susceptibility to common web-based attacks. Overall, the current security state undermines customer trust and business continuity. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the company’s digital assets.

M

MTN Bénin

mtn.bj

54

The website exhibits a concerning overall security posture with several critical and high-risk vulnerabilities that expose the business to significant legal, reputational, and operational risks. The absence of HTTPS encryption is a critical flaw, undermining data confidentiality and integrity for all website visitors and users. The lack of foundational GDPR compliance elements, such as a privacy policy and cookie consent banner, further exposes the business to potential regulatory penalties and customer trust erosion. Additionally, the missing security frameworks and incident response plans highlight insufficient readiness to detect and mitigate cyber threats or respond effectively to security incidents. While email and network security postures are strong, fundamental gaps in web security headers and DNS configurations must be addressed. Immediate remediation is needed to protect customer data, ensure regulatory compliance, and safeguard business continuity. Without these improvements, the organization remains vulnerable to data breaches, legal actions, and reputational damage.

N

Nico Rosberg

nicorosberg.com

38

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key deficiencies include the absence of HTTPS encryption, leading to insecure data transmission, and missing fundamental security headers that protect against common web attacks. Additionally, the lack of GDPR compliance elements—such as privacy policies and cookie consent—poses legal risks and potential fines. Network exposure of critical services like MySQL and FTP further increases the attack surface, making unauthorized access more likely. The organization's security governance is underdeveloped, with no formal information security framework, incident response procedures, or vulnerability disclosure policies in place. Although email security and DNS health show moderate maturity, the overall low scores in core security domains highlight urgent remediation needs. Immediate action is required to safeguard business assets, maintain customer trust, and comply with regulatory requirements.

I

ITECO Oil Field Supply Group

iteco-supply.com

38

The website's security posture is critically weak, exposing the business to substantial risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability that jeopardizes all data transmissions, undermining user trust and violating GDPR and NIS2 requirements. Key security headers are largely missing, increasing susceptibility to common web attacks like clickjacking and cross-site scripting. The lack of fundamental GDPR compliance elements such as a Privacy Policy, Cookie Policy, and Consent Banner further exposes the company to legal penalties. Network services like FTP and SSH are unnecessarily exposed, elevating the risk of unauthorized access. Email security is moderately strong, but critical DNS security measures such as DNSSEC are absent. Overall, urgent remediation is required to protect customer data, ensure compliance with industry regulations, and maintain business continuity.

C

COFIP

cofip.pro

37

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant operational, reputational, and regulatory risks. The absence of HTTPS encryption is the most alarming issue, compromising data confidentiality and violating GDPR and NIS2 compliance requirements. Key HTTP security headers are missing, increasing the risk of client-side attacks such as clickjacking, XSS, and content injection. GDPR compliance is deficient, lacking privacy policies and cookie consent mechanisms, which may result in legal penalties. Network services expose critical ports like MySQL and FTP without adequate protections, creating high-risk attack surfaces. The lack of documented security policies, incident response procedures, and vulnerability disclosure policies further weakens the organization's ability to detect and respond to threats. Email and DNS security are relatively stronger, but the overall risk profile remains critical. Immediate remediation is necessary to safeguard business continuity, customer trust, and regulatory compliance.

C

Capefront Energies

naurexgroup.com

48

The website exhibits a poor overall security posture with critical vulnerabilities significantly impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical failure, exposing user data to interception and undermining trust. Missing key security headers such as Content-Security-Policy and X-Frame-Options increase the risk of cross-site scripting and clickjacking attacks. GDPR compliance is insufficient due to the lack of a cookie consent banner and incomplete privacy policy, risking regulatory penalties and reputational damage. The site also lacks essential NIS2 mandate elements including security policies, incident response procedures, and a vulnerability disclosure policy, indicating immature cybersecurity governance. Email security gaps, notably the missing DMARC record, increase the risk of phishing and email spoofing attacks. DNS security is relatively strong but could be improved with DNSSEC and CAA record implementation. Overall, urgent remediation is needed to protect customer data, ensure regulatory compliance, and maintain business continuity.

A

Arrow Monaco

arrowyacht.com

40

The website's overall security posture is critically weak, with multiple high and critical risk findings that expose the business to significant threats. The absence of HTTPS encryption is the most severe issue, jeopardizing data confidentiality and integrity, and violating compliance standards such as GDPR and NIS2. Key HTTP security headers are missing or misconfigured, increasing the risk of web-based attacks like clickjacking and cross-site scripting. GDPR compliance is notably deficient, lacking fundamental privacy policies and consent mechanisms, which can lead to legal and reputational consequences. The lack of an established information security framework, incident response procedures, and business continuity planning indicates an immature security governance posture. Network exposure of high-risk services like FTP and SSH further increases the attack surface. While email security and DNS health show moderate strength, critical gaps in encryption and policy frameworks present urgent risks. Immediate remediation is essential to protect sensitive data, maintain customer trust, and ensure regulatory compliance.

A

ACCE International

acceintl.com

47

The website's security posture is currently poor, with multiple critical and high-severity issues significantly increasing risk exposure. The absence of HTTPS encryption critically undermines data confidentiality and trust, exposing users and the business to interception and man-in-the-middle attacks. Key security headers are missing, leaving the site vulnerable to clickjacking, content injection, and cross-site scripting attacks. GDPR compliance is severely lacking, notably the absence of cookie policies and consent mechanisms, risking regulatory penalties and reputational damage. The lack of documented security policies, incident response procedures, and information security frameworks indicates immature security governance. Additionally, exposure of high-risk services like FTP further elevates attack surface risk. While email security and DNS health are relatively strong, the overall environment requires urgent remediation to protect business assets, customer data, and maintain regulatory compliance.

A

ADOM

africasie.mc

44

The website’s current security posture is critically weak, exposing the business to significant risks from data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is a fundamental flaw that jeopardizes all data in transit, violating GDPR and NIS2 requirements and undermining user trust. Essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy are missing, leaving the site vulnerable to common web attacks like clickjacking and cross-site scripting. GDPR compliance is severely lacking, with no privacy policy or cookie consent mechanisms, increasing legal exposure. The lack of a formal information security framework, incident response, and business continuity plans further weakens the organization's resilience to cyber incidents. While network security and email security show some strengths, critical gaps in encryption and policy documentation overshadow these positives. Immediate remediation is vital to protect sensitive data, meet legal obligations, and maintain customer confidence. Without urgent action, the business risks costly breaches and regulatory fines that could impact operations and brand reputation.

E

Engineering Search Firm

esf.careers

42

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and missing key security headers leave user data vulnerable to interception and attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including privacy policies and cookie consent mechanisms, further increases legal exposure. Additionally, there is a severe deficiency in adherence to NIS2 requirements, with no security frameworks, incident response plans, or security policies documented. While network security and email security show relatively strong scores, foundational SSL/TLS protections and DNS security features like DNSSEC are inadequate or missing. Immediate remediation is essential to protect sensitive customer information, comply with regulations, and maintain trust. Without swift action, the business risks financial penalties and operational disruptions.

F

FlyPrivate

flyprivate.com

50

The website’s current security posture exhibits significant vulnerabilities that expose the business to substantial risks, particularly due to the absence of HTTPS encryption which is flagged as critical across multiple compliance frameworks including GDPR, NIS2, and SSL/TLS standards. Key security controls such as Content-Security-Policy and X-Frame-Options headers are missing, increasing the risk of web-based attacks like clickjacking and cross-site scripting. Compliance with GDPR is severely lacking, with no cookie policy or consent mechanism in place, potentially exposing the business to regulatory fines and reputational damage. Additionally, the absence of documented security policies, incident response procedures, and vulnerability disclosure mechanisms under NIS2 requirements indicates immature information security governance. While email and network security are strong points, foundational gaps in encryption and security headers undermine overall defenses. The DNS configuration is moderately healthy but could be improved with DNSSEC and CAA records. Immediate remediation is needed to protect customer data, ensure regulatory compliance, and safeguard business continuity. Without prompt action, the business faces operational disruptions, legal penalties, and loss of customer trust.

G

GrowUp Consulting

growup-hr.com

44

The website demonstrates significant security deficiencies, particularly a complete lack of HTTPS encryption, which poses critical risks to data confidentiality and user trust. Missing essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy increase vulnerability to common web attacks including clickjacking and cross-site scripting. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the business to regulatory non-compliance and potential legal penalties under GDPR. Furthermore, critical gaps in security governance, including missing information security frameworks, incident response procedures, and security policy documentation, indicate immature cybersecurity management. While email security and network security posture are strong, the overall security posture is weak, making the business susceptible to data breaches, reputational damage, and compliance violations. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and safeguard business continuity. Prioritizing HTTPS implementation and establishing a comprehensive security and privacy framework will significantly enhance risk mitigation. DNS security and some network controls are adequate but insufficient to compensate for the critical issues identified.

The website's overall security posture exhibits significant vulnerabilities that could expose the business to substantial risks. The absence of HTTPS encryption is a critical flaw, jeopardizing data confidentiality and user trust. Several medium-level issues, including missing security headers, inadequate GDPR compliance, lack of DNSSEC, and missing DKIM records, further increase exposure to data breaches and regulatory penalties. While the network security posture is strong, foundational web security controls need urgent attention to protect sensitive data and maintain compliance. Addressing these issues promptly will enhance customer confidence and reduce the risk of cyberattacks and legal repercussions. The current lack of key security protocols may also negatively impact SEO rankings and brand reputation. Immediate remediation of the critical SSL/TLS deficiency should be prioritized, followed by strengthening email and DNS security measures. Ensuring compliance with GDPR and NIS2 directives will safeguard against regulatory fines and improve overall security governance.

The website's security posture is concerning, primarily due to the absence of HTTPS encryption, which critically exposes all data transmissions to interception and manipulation. Several medium-severity issues, including failures in implementing key security headers, GDPR and NIS2 compliance gaps, and missing DNS security features, indicate an elevated risk of data breaches and regulatory non-compliance. Email security measures are partially implemented but lack critical components like DKIM and DMARC reporting, increasing susceptibility to spoofing and phishing attacks. Network security is moderately strong but exposing SSH services publicly can be an entry point for attackers. Overall, the site is vulnerable to both external cyber threats and legal/regulatory repercussions, necessitating immediate remedial action to protect business operations and customer trust.

E

Elkho Group

elkho-group.com

44

The website's overall security posture is critically weak, with multiple high and critical severity issues identified across core security domains. The absence of HTTPS encryption is the most severe vulnerability, exposing all communications to interception and undermining GDPR compliance. Missing key security headers such as Strict-Transport-Security and Content-Security-Policy further increase the risk of web-based attacks like man-in-the-middle, clickjacking, and cross-site scripting. The lack of GDPR-mandated elements like a cookie policy and consent banner exposes the business to regulatory penalties and reputational damage. Additionally, there is a significant deficiency in compliance with the NIS2 directive, with no documented security policies, incident response, or information security framework in place. While email security and DNS health show some strengths, critical gaps remain, including DMARC enforcement and DNSSEC configuration. Immediate remediation is essential to protect sensitive customer data, ensure regulatory compliance, and maintain customer trust. Without prompt action, the business faces increased risk of data breaches, legal sanctions, and operational disruption.

F

Frank Europe GmbH

frankeurope.com

53

The website's overall security posture presents significant concerns, particularly regarding foundational protections and regulatory compliance. Critical issues such as the lack of HTTPS encryption severely expose user data to interception and compromise trust. GDPR compliance is markedly deficient, posing legal and reputational risks due to missing cookie policies, consent mechanisms, and inadequate privacy documentation. The absence of a formal information security framework and incident response plans under NIS2 regulations further escalates operational and compliance vulnerabilities. While network security and email security scores are relatively strong, the missing security headers and weak configurations increase susceptibility to web-based attacks. DNS health is adequate but could be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is essential to protect sensitive data, maintain customer confidence, and avoid regulatory penalties. Addressing these gaps will also enhance the company’s resilience against cyber threats and align security practices with industry standards.

D

DEF

def-online.com

43

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation, undermining both GDPR and NIS2 compliance. Multiple critical and high-severity issues related to missing security headers and lack of key security governance frameworks further expose the business to risks such as clickjacking, cross-site scripting, and data breaches. The absence of privacy and cookie policies, alongside missing consent mechanisms, significantly increases legal and regulatory exposure under GDPR. Additionally, the lack of documented security policies, incident response procedures, and business continuity planning suggests poor operational preparedness for cyber incidents. While email security and DNS health scores indicate some controls are in place, critical gaps remain that could lead to reputational damage, financial penalties, and loss of customer trust. Immediate remediation is essential to safeguard sensitive data, ensure regulatory compliance, and maintain business continuity. Overall, the website requires a comprehensive security overhaul to align with industry best practices and legal requirements.

B

Banque Palatine

palatine.fr

47

The website's security posture exhibits significant critical vulnerabilities, particularly the absence of HTTPS encryption, which poses severe risks to data confidentiality and regulatory compliance. Critical GDPR compliance gaps, including missing privacy and cookie policies and lack of a cookie consent banner, expose the business to potential legal penalties and reputational damage within the EU market. The lack of foundational security policies and incident response procedures further increases operational risk and undermines stakeholder trust. While network security measures appear strong, key headers like X-Frame-Options are missing, increasing susceptibility to clickjacking attacks. Email security and DNS configurations are moderately sound but can be improved to prevent phishing and DNS spoofing threats. Overall, the current state demands urgent remediation to secure customer data, ensure compliance with regulations such as GDPR and NIS2, and protect the business from cyber threats and legal consequences. Addressing these issues promptly will safeguard the organization’s reputation and maintain customer trust.

S

Siamp

siamp.com

40

The website's security posture is currently poor, with multiple critical and high-risk vulnerabilities that expose the business to significant cyber threats and regulatory non-compliance. The absence of HTTPS encryption is the most critical issue, risking data interception and eroding customer trust. Missing key security headers and lack of a Content-Security-Policy increase susceptibility to cross-site scripting and clickjacking attacks. Non-compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent, and incident response plans, could lead to legal penalties and reputational damage. Email security protocols are partially implemented but require improvement to prevent spoofing and phishing. DNS security practices are moderate but could be enhanced by enabling DNSSEC and configuring CAA records. While the network security posture is strong, foundational web and regulatory security gaps need urgent addressing to protect business operations and customer data effectively.

E

Eve Media

evemedia.fr

40

The website's security posture is critically weak, exposing the business to significant cybersecurity risks and regulatory non-compliance. Key deficiencies include the complete absence of HTTPS encryption, which jeopardizes data confidentiality and integrity in transit, and missing fundamental security headers that protect against common web attacks. The lack of GDPR compliance, such as no privacy or cookie policies and no consent mechanisms, places the business at risk of severe legal penalties, especially as it operates within the EU. Additionally, there is no established information security framework, incident response plan, or security policy documentation, which undermines the organization's ability to manage and respond to security incidents effectively. Email authentication is also poorly configured, increasing the likelihood of phishing attacks and email spoofing. While the network security posture and DNS health show some strengths, these are overshadowed by critical systemic vulnerabilities. Immediate remediation is essential to protect customer data, maintain trust, and comply with regulatory requirements.

S

Silva International Investments

silvainternational.com

38

The website's overall security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption is a fundamental flaw, undermining data confidentiality and trust, and contravening GDPR requirements. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, XSS, and content injection. Furthermore, the lack of privacy and cookie policies, alongside missing consent mechanisms, exposes the company to regulatory fines and legal challenges under data protection laws. Critical internal security controls and documentation, including incident response and information security frameworks, are absent, leaving the organization vulnerable to cyber incidents and operational disruptions. The exposure of sensitive services like FTP and PostgreSQL to the internet presents high-risk attack vectors that can lead to data breaches. Although email security and DNS health show moderate maturity, critical gaps like unenforced DMARC and missing DNSSEC reduce overall resilience. Immediate remediation is essential to protect customer data, maintain compliance, and safeguard business continuity.

E

Encore®

psav.com

42

The website's overall security posture is critically weak, with numerous high and critical severity issues identified, particularly in encryption, security headers, and regulatory compliance. The absence of HTTPS encryption represents a fundamental risk, exposing all data exchanges to interception and undermining trust. Key security headers are missing, increasing vulnerability to attacks such as clickjacking, content injection, and cross-site scripting. Compliance with GDPR and NIS2 regulations is severely lacking, with missing cookie policies, consent mechanisms, and security governance documentation, exposing the business to potential legal and financial penalties. While network security and DNS health show relatively better scores, critical gaps remain, especially in email security protocols. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and preserve brand reputation. Without urgent action, the business faces increased risks of data breaches, regulatory fines, and loss of customer trust.

E

e-Celtic Ltd.

eceltic.ie

54

The website's overall security posture is weak, with critical and high-severity issues indicative of significant vulnerabilities and compliance gaps. Missing key security headers such as Strict-Transport-Security and Content-Security-Policy expose the site to various web-based attacks, including man-in-the-middle and clickjacking. The absence of GDPR-required privacy documentation and consent mechanisms poses considerable legal and reputational risks, especially for EU operations. Lack of an information security framework, incident response plan, and security policies reflects poor organizational security maturity, further increasing exposure to threats. Network security is compromised by the presence of high-risk services like FTP and exposed SSH, which can be exploited if left unprotected. SSL/TLS configurations are suboptimal, with expiring certificates and mixed content issues undermining user trust and data confidentiality. While email security scores well, other critical areas demand immediate attention to safeguard business continuity and regulatory compliance. Addressing these gaps will reduce risk, protect customer data, and enhance stakeholder confidence.

The website's overall security posture is currently at significant risk, primarily due to critical issues related to DNS health and email security. The failure in DNS resolution and absence of name servers critically impair website availability and expose the domain to potential hijacking or downtime, directly impacting business operations and customer trust. Email authentication is not configured, increasing the risk of phishing attacks, email spoofing, and reputational damage. Medium issues such as missing security headers, GDPR and NIS2 compliance failures, and lack of DNSSEC implementation further increase vulnerability to data breaches and regulatory penalties. While SSL/TLS configuration is strong and network security shows reasonable resilience, the fundamental infrastructure weaknesses must be addressed immediately. The absence of domain registration stability compounds these risks, threatening the website's accessibility and legal standing. Immediate remediation is essential to protect business continuity, customer data, and regulatory compliance. Without prompt action, the company faces operational disruption, legal exposure, and reputational harm.

The website's overall security posture is currently weak, with critical deficiencies in privacy compliance, email authentication, and security policy frameworks. Missing essential security headers and outdated SSL/TLS configurations expose the site to common web-based attacks and data interception risks. The absence of GDPR-related policies and consent mechanisms puts the business at significant regulatory and reputational risk, especially as it operates within the EU. Lack of documented incident response and security policies also undermines the organization's ability to manage breaches effectively. While DNS and network security scores are relatively strong, critical gaps in email security and encryption weaken overall defenses. Immediate attention is required to mitigate regulatory penalties, safeguard customer data, and maintain trust. Addressing these will also improve customer confidence and reduce potential operational disruptions from security incidents.

M

Miells - Christie's

miells.com

63

The website's overall security posture reveals significant weaknesses in compliance, network security, and incident preparedness, posing considerable legal and operational risks. While foundational protections such as email security and some security headers score moderately well, critical exposure of backend services like MySQL and FTP dramatically increase the risk of unauthorized access and data breaches. The absence of GDPR-mandated policies and consent mechanisms exposes the business to regulatory penalties and reputational damage. Additionally, the lack of a formal information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. SSL/TLS configurations are suboptimal and could undermine user trust and data confidentiality. DNS security measures are partially implemented but could be strengthened. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and safeguard business continuity.

N

New Jet

newjet.com

57

The website's overall security posture is concerning, with no critical issues but numerous high and medium severity vulnerabilities that expose the business to compliance risks, data breaches, and operational disruptions. Key security headers are missing, reducing protection against common web attacks and data leakage. GDPR compliance is severely lacking, with the absence of privacy and cookie policies and consent mechanisms, exposing the company to potential regulatory fines and reputational damage. The absence of an established information security framework, incident response procedures, and security policies indicates immature security governance, which could delay response to cyber incidents. Network security is weakened by the exposure of high-risk services such as FTP and SSH, increasing the attack surface. While email security, SSL/TLS, and DNS health scores are relatively better, there remain medium risks like expiring certificates and missing DNSSEC that should be addressed. Immediate remediation and governance improvements are critical to protect customer data, ensure regulatory compliance, and maintain business continuity.

G

Groupecomplus

groupecomplus.com

60

The website currently demonstrates significant security gaps, particularly in foundational web security headers, GDPR compliance, and overall information security governance. While there are no critical vulnerabilities detected, the presence of multiple high and medium severity issues exposes the business to risks including data breaches, regulatory penalties, and reputational damage. Key deficiencies include missing critical security headers like Strict-Transport-Security and Content-Security-Policy, absence of privacy and cookie policies, and a lack of documented security and incident response frameworks. Email and network security postures are relatively strong, but SSL/TLS and DNS configurations require improvements to ensure secure communication channels. Immediate attention to legal compliance and security governance will mitigate risks related to GDPR and NIS2 regulations. Without addressing these issues, the organization risks non-compliance fines and increased vulnerability to common web attacks. Overall, the current posture suggests an urgent need for comprehensive security and privacy policy implementation alongside technical hardening measures.

W

Western Stevedoring Company Limited

westeve.com

69

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but several high and medium risk issues that could expose the business to significant security, compliance, and reputational risks. Key weaknesses include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and major gaps in NIS2 framework adherence including absence of incident response and security policies. While email security, SSL/TLS, DNS health, and network security show strong configurations, the lack of governance and protective controls on the web application layer and privacy compliance may lead to data breaches, regulatory penalties, and loss of customer trust. The website’s SSL certificate nearing expiration adds urgency to maintain encrypted communication uninterrupted. Addressing these gaps will enhance resilience against common web attacks, ensure regulatory compliance, and protect the organization’s brand. Immediate focus should be on implementing security headers, GDPR cookie compliance, and establishing formal security policies and incident response plans. Strengthening these areas will provide a solid foundation for ongoing security and compliance maturity.

D

DreamCatcher

dreamcatcher.mc

61

The website demonstrates notable security weaknesses primarily in its HTTP security headers, GDPR compliance, and adherence to the NIS2 cybersecurity framework, resulting in a low overall security posture in these critical areas. While there are no critical vulnerabilities detected, multiple high and medium severity issues expose the business to risks such as data breaches, regulatory fines, reputational damage, and operational disruptions. The absence of essential security headers like Strict-Transport-Security and Content-Security-Policy increases susceptibility to man-in-the-middle and cross-site scripting attacks. Non-compliance with GDPR requirements, including missing privacy and cookie policies and lack of a consent banner, elevates legal risk and undermines customer trust. Deficiencies in NIS2-related documentation and procedures reflect inadequate organizational readiness for incident response and business continuity. Conversely, strong network security and good email, SSL/TLS, and DNS configurations provide a solid foundation to build upon. Addressing these gaps promptly will significantly improve security resilience, regulatory compliance, and stakeholder confidence.

R

RSVP Call Centre

rsvp.co.uk

62

The website exhibits significant security weaknesses with a critical issue of an exposed PostgreSQL service, posing a severe risk of unauthorized data access. Multiple high and medium severity issues in security headers, GDPR compliance, and NIS2 regulatory adherence reflect inadequate foundational security controls and governance. Missing key HTTP headers such as Strict-Transport-Security and Content-Security-Policy increase the risk of man-in-the-middle attacks and cross-site scripting vulnerabilities. Absence of cookie consent mechanisms and incomplete privacy documentation jeopardize regulatory compliance, potentially exposing the business to legal and reputational consequences. The lack of incident response and security policy frameworks severely limits the organization's ability to detect, respond to, and recover from cyber incidents. Network exposure of legacy services like FTP further elevates the attack surface. However, email security and DNS health are relatively stronger, indicating some focused security efforts. Immediate remediation and a structured security program are critical to mitigate risks, comply with regulations, and safeguard business operations.

C

Caroline Olds Real Estate

carolineolds.com

68

The website demonstrates a concerning security posture with no critical issues but multiple high and medium risk vulnerabilities, primarily related to missing security headers, insufficient GDPR compliance, and lack of key NIS2 security frameworks. The absence of crucial HTTP security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks, clickjacking, and cross-site scripting risks. GDPR non-compliance, including the lack of a cookie consent banner and incomplete privacy policies, poses legal and reputational risks, especially in jurisdictions enforcing data protection laws. Additionally, the site lacks documented security policies, incident response plans, and business continuity procedures required under the NIS2 directive, increasing operational risk and regulatory exposure. SSL/TLS configurations are suboptimal, with weak key lengths and impending certificate expiry risking data confidentiality and trust. DNS security is moderate but could be strengthened by enabling DNSSEC and configuring CAA records. While email and network security appear robust, the overall low scores in security headers and NIS2 compliance indicate urgent remediation is necessary to protect business assets and maintain customer trust.

T

TWW Yachts

twwyachts.com

57

The website exhibits multiple significant security gaps that pose risks to data protection, regulatory compliance, and business continuity. While no critical issues were found, 11 high-severity and 14 medium-severity findings indicate vulnerabilities in key areas such as security headers, GDPR compliance, network security, and incident response readiness. Essential security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to man-in-the-middle and cross-site scripting attacks. GDPR compliance is inadequate, with no privacy policy or cookie consent banner, which could lead to legal penalties and reputational damage. Network security risks are heightened by the exposure of high-risk services like FTP and insufficient protection in email and SSL/TLS configurations. The absence of a formal information security framework, security policies, and incident response procedures presents significant operational risks. Overall, the organization's security posture requires urgent attention to protect customer data, ensure regulatory compliance, and reduce exposure to cyber threats.

L

LEVMET

levmet.com

62

The website displays a concerning security posture with no critical issues but multiple high and medium-risk vulnerabilities primarily related to compliance, policy documentation, and security headers. GDPR compliance is notably weak, lacking fundamental privacy and cookie policies, consent mechanisms, and adequate contact information, exposing the business to regulatory penalties and reputational damage. The absence of an information security framework, incident response procedures, and security policy documentation indicates immature governance, increasing operational risk and potential downtime. Weak SSL configurations and missing email authentication mechanisms could lead to data interception and phishing risks. DNS and network security appear relatively strong, with good DNS health and network posture. Immediate remediation is necessary to address privacy and policy gaps to ensure regulatory compliance and protect customer trust. Strengthening security headers and cryptographic configurations will enhance protection against common web attacks. Overall, the website requires focused improvements in governance, compliance, and technical controls to reduce business risk and meet industry standards.