Security Directory

M

Mojo Entertainment

mojo-ent.com

87

The website's overall security posture is moderate, with no critical vulnerabilities but several issues that could expose the business to risk. The presence of a high-risk exposed FTP service is the most significant concern, as it can lead to unauthorized data access or compromise. Medium-level issues such as expiring SSL certificates, lack of HSTS, missing DNSSEC, and failure in GDPR and NIS2 compliance indicate gaps in both technical controls and regulatory adherence. Email security is strong, scoring 100/100, which is positive for protecting communication channels. However, the absence of important security headers and incomplete DNS configurations reduces the site's resilience against common web attacks. Addressing these gaps is crucial to safeguard customer data, maintain regulatory compliance, and protect brand reputation. Proactive remediation will reduce the risk of breaches and potential legal or financial penalties.

S

Sony Corporation

sony-asia.com

73

The website demonstrates a generally solid security posture in network security, SSL/TLS configuration, and email security, indicating strong foundational protections. However, critical gaps exist in compliance with GDPR and NIS2 regulations, which pose significant legal and operational risks. The absence of essential GDPR elements such as a cookie policy and consent banner exposes the business to potential fines and reputational damage. Equally concerning is the lack of an information security framework, security policies, incident response procedures, and vulnerability management processes required by NIS2, which undermines the organization's ability to effectively manage cybersecurity threats and incidents. Security headers are moderately configured but require enhancements to improve protection against web-based attacks. DNS security is adequate but could be strengthened by enabling DNSSEC and configuring CAA records. Addressing these compliance and governance deficiencies is critical to mitigating regulatory penalties and enhancing overall resilience against cyber threats.

S

Sony Professional

pro.sony

71

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

S

Sony UK Limited

sony.co.uk

64

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

Q

Qualcomm Incorporated

qualcomm.com

72

The website demonstrates a mixed security posture with strong network security and SSL/TLS configurations, but significant gaps remain in compliance and governance areas. While no critical vulnerabilities were identified, the presence of multiple high-severity issues related to GDPR and NIS2 compliance exposes the business to regulatory and reputational risks. Key deficiencies include the absence of privacy and cookie policies, lack of cookie consent mechanisms, and missing fundamental information security frameworks and incident response plans. Security headers are partially implemented but require enhancement to protect against common web threats. Email security and DNS health are generally sound, though improvements such as enabling DKIM and DNSSEC are needed. Addressing these gaps will not only improve security resilience but also ensure compliance with evolving regulatory requirements, thus safeguarding customer trust and minimizing legal exposure. Immediate focus on governance and privacy-related controls is essential to align with industry standards and reduce potential penalties.

A

Advanced Micro Devices, Inc.

amd.com

76

The website demonstrates a strong foundation in network security, SSL/TLS configuration, and email security, scoring above 85 in these areas. However, significant gaps exist in compliance with GDPR and NIS2 regulations, reflected by low scores in these modules and multiple high-severity issues. The absence of a cookie policy and consent banner poses legal and reputational risks under GDPR, potentially leading to fines and customer distrust. Furthermore, the lack of documented security policies, incident response procedures, and business continuity planning under NIS2 threatens the organization's ability to manage security events effectively. Missing critical security headers and disabled DNSSEC also expose the site to certain attack vectors. Overall, while baseline technical controls are solid, strategic governance, regulatory compliance, and incident preparedness require urgent attention to minimize business risk and ensure regulatory adherence.

A

Amber Experiences

amber-experiences.com

70

The website's overall security posture reveals significant gaps, particularly in security headers, GDPR compliance, and adherence to NIS2 requirements, despite strong email security, SSL/TLS, DNS health, and network security. No critical vulnerabilities were detected, but the presence of multiple high and medium severity issues indicates potential risks that could lead to data exposure, regulatory non-compliance, and increased attack surface. The absence of key HTTP security headers such as Content-Security-Policy and X-Frame-Options exposes the site to common web attacks like clickjacking and cross-site scripting. GDPR compliance deficiencies, including missing cookie policies and consent mechanisms, risk legal penalties and damage to customer trust. Major shortcomings in NIS2-related policies and incident response preparedness undermine the organization's ability to effectively manage security events and comply with European cybersecurity regulations. SSL/TLS and DNS configurations are generally solid but require attention to certificate renewal and DNSSEC enablement. Immediate remediation of these issues will mitigate business risks, enhance customer confidence, and align the organization with regulatory standards.

S

Saga Connections

sagaconnections.co.uk

75

The website demonstrates a generally strong network and email security posture but exhibits significant gaps in compliance and information security frameworks. Critical headers like Content-Security-Policy are missing, increasing exposure to web-based attacks. GDPR compliance is notably weak, with absent cookie policies and consent mechanisms, risking regulatory penalties and damage to customer trust. The absence of an information security framework, security policies, and incident response procedures indicates poor organizational security maturity and readiness. SSL/TLS and DNS configurations are mostly sound but require attention to certificate renewal and DNSSEC enablement. Overall, the site’s security is adequate for basic operations but falls short in regulatory adherence, governance, and advanced web protections, which could lead to operational disruptions and legal consequences. Immediate focus on governance, compliance, and security policy implementation is critical to mitigate risks and uphold business reputation.

V

Vintage by Saga

vintagebysaga.co.uk

79

The website demonstrates a generally strong technical foundation with perfect scores in email security, SSL/TLS, and network security, reflecting effective implementation of core protections. However, significant gaps exist in governance, compliance, and security policy adherence, particularly concerning GDPR and NIS2 regulations, which pose considerable legal and operational risks. Missing critical headers like Content-Security-Policy increase exposure to client-side attacks. The absence of a cookie consent banner and potentially non-compliant privacy policies jeopardize regulatory compliance and may lead to fines or reputational damage. Lack of documented information security frameworks, incident response procedures, and security contact points severely limits the organization's ability to detect, respond to, and recover from security incidents. Medium risks such as missing vulnerability disclosure policies and DNSSEC further weaken the security posture. Immediate remediation of high-risk governance and compliance deficiencies will protect business continuity and regulatory standing while improving overall security maturity.

D

Direxion

direxion.be

59

The website's overall security posture is currently weak, with critical gaps in foundational security controls and regulatory compliance, particularly related to GDPR and NIS2 requirements. Missing key security headers expose the site to common web attacks such as clickjacking, XSS, and content injection. The absence of essential GDPR elements, including cookie policies and consent mechanisms, presents significant legal and reputational risks for an EU business. Network security is compromised by the exposure of high-risk services like FTP, increasing the attack surface. While SSL/TLS and DNS configurations are relatively strong, gaps in email security and vulnerability management remain. The lack of documented security policies, incident response, and business continuity planning further undermines resilience. Immediate remediation is required to protect sensitive data, comply with regulations, and maintain customer trust. Addressing these issues will also reduce the likelihood of costly breaches and regulatory penalties.

A

Apef

apefasbl.org

60

The website demonstrates several significant security weaknesses that could expose the business to data breaches, regulatory penalties, and operational disruptions. Critical headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing risk from man-in-the-middle and cross-site scripting attacks. GDPR compliance is notably lacking with no privacy or cookie policies, no consent banner, and insufficient third-party privacy management, which may lead to legal consequences and damage to customer trust. The absence of an information security framework, security policies, and incident response procedures indicates poor organizational security maturity, elevating the risk of prolonged breach impact. SSL/TLS configurations are weak, with expiring certificates and weak key lengths threatening secure communications. Some DNS and network security measures are adequate, but gaps like missing DNSSEC and exposed SSH services remain. Overall, the current posture suggests urgent remediation is needed to protect customer data, comply with regulations, and safeguard business continuity.

E

Emancipe

emancipe.be

58

The website's overall security posture is concerning, with multiple critical and high-severity issues primarily related to missing essential security headers, inadequate GDPR compliance, and insufficient network security controls. The absence of key HTTP security headers leaves the site vulnerable to common web attacks such as cross-site scripting (XSS), clickjacking, and data interception. GDPR compliance gaps, including missing privacy and cookie policies and lack of consent mechanisms, expose the business to regulatory penalties and reputational damage, especially as it operates within the EU. The lack of documented information security policies, incident response procedures, and business continuity planning further increases operational risk and reduces preparedness for security incidents. Network exposure of high-risk services like FTP and SSH without adequate controls significantly heightens the risk of unauthorized access and data breaches. While SSL/TLS and email security are strong, foundational security measures across web application and organizational policies need urgent attention. Addressing these vulnerabilities will reduce regulatory risk, enhance customer trust, and protect critical business assets from cyber threats.

K

KOTA

kota.co.uk

73

The website demonstrates a generally strong network and TLS security posture, with no critical vulnerabilities identified. However, significant gaps exist in GDPR compliance and NIS2 regulatory adherence, which pose legal and operational risks. High-severity issues such as the absence of a cookie policy, consent banner, security framework, incident response procedures, and security policy documentation undermine trust and regulatory standing. Medium-level risks like missing vulnerability disclosure and business continuity plans further amplify potential exposure to cyber threats and operational disruptions. Security headers and email security configurations are moderately implemented but require enhancements for better protection. Immediate focus on compliance and governance frameworks is essential to mitigate regulatory penalties and reputational damage. Addressing these weaknesses will strengthen overall security resilience and ensure alignment with legal requirements.

T

TheraScience

therascience.com

70

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity findings that could expose the business to regulatory, reputational, and operational risks. GDPR compliance is notably weak, with missing cookie policies and consent mechanisms, which could lead to significant legal penalties and loss of customer trust. The absence of a formal information security framework, security policies, and incident response procedures under NIS2 regulations indicates a lack of mature security governance, increasing vulnerability to cyber incidents. SSL/TLS configurations are suboptimal, with weak key lengths and an imminent certificate expiration, potentially compromising data confidentiality and user trust. DNS and network configurations are generally strong but could be improved by enabling DNSSEC and closing exposed services like SSH to reduce attack surfaces. Security header implementations are mostly sound but require enhancements to better protect user data privacy. Addressing these issues promptly will mitigate compliance risks, strengthen defenses against cyber threats, and enhance overall business resilience.

The website's overall security posture demonstrates strengths in network security and email security, with high scores of 100 and 95 respectively. However, there are critical vulnerabilities related to GDPR compliance and organizational security policies, particularly for EU business operations, which pose significant legal and reputational risks. The absence of a cookie policy, consent banner, and adequate privacy measures exposes the business to potential regulatory penalties under GDPR. Additionally, foundational security frameworks such as incident response procedures, security policies, and vulnerability disclosure mechanisms are lacking, undermining the organization's ability to manage and respond to cybersecurity events effectively. SSL/TLS configurations show weaknesses that could compromise data in transit, while DNS security features like DNSSEC are not fully implemented. Low-severity issues in security headers suggest room for improvement in protecting user data from leakage and caching risks. Immediate remediation of critical and high-risk issues will significantly enhance compliance posture and reduce threat exposure.

The website demonstrates a generally strong network and email security posture but exhibits significant deficiencies in compliance with GDPR and NIS2 regulations, which expose the business to legal and operational risks. The absence of fundamental privacy documentation such as Privacy and Cookie Policies, combined with missing consent mechanisms, places the company at high risk of regulatory penalties, particularly given its operations within the EU. Critical gaps in information security frameworks, incident response, and business continuity planning indicate insufficient preparedness against cybersecurity incidents. SSL/TLS configurations are suboptimal, with weak key lengths and an expiring certificate, potentially undermining data confidentiality and trust. While foundational DNS and security header settings are adequate, improvements are needed to enhance overall resilience. Addressing these issues promptly is essential to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Prioritizing remediation of privacy and security governance will significantly reduce business exposure and strengthen the security posture.

M

mstack

mstack.nl

68

The website's overall security posture shows strengths in network security and email security, with scores of 100 and 95 out of 100 respectively. However, critical vulnerabilities exist in GDPR compliance and NIS2 regulatory adherence, scoring 18 and 25 respectively, which pose significant legal and operational risks. Key issues include the absence of cookie policies and consent mechanisms, lack of incident response and security policy documentation, and weak SSL configurations. These gaps not only expose the business to potential data breaches but also to regulatory penalties, particularly within the EU jurisdiction. While basic security headers and DNS health are generally well configured, improvements are needed to align with best practices. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will reduce liability and strengthen customer trust.

The website exhibits a generally strong network and email security posture, but critical deficiencies exist in GDPR compliance, NIS2 security governance, and SSL/TLS configuration. The critical GDPR issue indicates the business is operating in the EU without adequate privacy measures, posing significant regulatory and reputational risks. Multiple high-severity issues around the lack of security policies, incident response, and vulnerability disclosure reflect immature information security management, potentially leading to delayed breach detection and response. SSL/TLS weaknesses, including an expiring certificate and weak key length, expose the site to man-in-the-middle attacks and data interception. While security headers and DNS health are relatively strong, minor improvements would further harden the environment. Immediate remediation of GDPR non-compliance and NIS2 framework adoption are essential to avoid legal penalties and ensure business continuity. Addressing these gaps will significantly reduce risk exposure and enhance trust with customers and regulators.

The website exhibits a mixed security posture with strong network security and email protections but significant gaps in GDPR compliance and information security governance. Critical and high-severity findings around privacy policies, cookie consent, and EU data protection requirements expose the business to regulatory penalties and reputational risk. Additionally, the absence of key NIS2 security governance elements—including incident response, security policies, and business continuity planning—indicates immature cybersecurity management. SSL/TLS configurations also present vulnerabilities, such as weak key lengths and imminent certificate expiration, which could lead to compromised data in transit. While foundational controls like security headers and DNS health are generally good, low-level misconfigurations suggest opportunities for improvement. Addressing these issues holistically will reduce legal exposure, enhance customer trust, and strengthen resilience against cyber incidents. Immediate focus on GDPR compliance and security governance will yield the highest business impact.

U

UC3

uc3.com

74

The website demonstrates a moderate to low overall security posture, with no critical vulnerabilities but several high and medium priority issues that pose significant business risks. Key deficiencies include missing essential security headers, lack of GDPR compliance elements such as a cookie consent banner, and absence of foundational NIS2 security documentation and policies. While email security, SSL/TLS, DNS health, and network security scores are strong, gaps in governance, incident response, and privacy controls expose the business to regulatory penalties, reputational damage, and potential exploitation. Immediate remediation is needed to reduce attack surface and comply with regulatory frameworks, especially NIS2 and GDPR. The absence of security policies and incident response procedures is especially concerning for business continuity and crisis management. Proactive enhancements in security headers, privacy controls, and policy documentation will strengthen defense-in-depth and regulatory compliance. Overall, the current posture may hinder customer trust and operational resilience if unaddressed.

The website's overall security posture reveals significant gaps, especially in compliance and critical security controls. While network security appears robust, there are critical vulnerabilities in email authentication and SSL configurations that expose the business to phishing and data interception risks. The absence of GDPR-compliant measures such as a cookie consent banner and clear privacy policies could lead to regulatory penalties and reputational damage. Moreover, severe deficiencies in NIS2-related governance—like missing incident response procedures and security policy documentation—indicate unpreparedness for cyber incidents, increasing operational risk. Security headers are partially implemented but require strengthening to protect user data and prevent information leakage. DNS security is moderate but can be improved with DNSSEC and CAA records. Immediate remediation is essential to mitigate potential breaches, comply with regulations, and safeguard customer trust and business continuity.

C

Culture Montréal

culturemontreal.ca

56

The website's overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key security headers are missing, weakening protections against common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy or cookie policies and absence of consent mechanisms, which could lead to legal penalties and reputational damage. The lack of a formal information security framework, incident response plans, and security documentation under NIS2 regulations further heightens operational risk and regulatory exposure. Critical network services like MySQL and FTP are exposed publicly, representing immediate high-risk attack vectors. Email security is relatively strong but could be improved with stricter DMARC enforcement and reporting. SSL/TLS configurations require attention to avoid certificate expiry and enable HSTS for improved transport security. Overall, urgent remediation is needed to reduce exposure, ensure compliance, and safeguard customer trust.

I

Inforoutes 06

inforoutes06.fr

57

The website's overall security posture reveals significant gaps, particularly in privacy compliance and core security controls. Critical issues include the absence of essential email authentication, exposing the organization to phishing risks, and non-compliance with GDPR regulations despite operating in the EU, which could result in legal penalties and reputational damage. The lack of security policies, incident response procedures, and vulnerability disclosure mechanisms indicates immature information security governance. Missing key HTTP security headers such as Content-Security-Policy and X-Frame-Options increase exposure to common web attacks like clickjacking and cross-site scripting. Additionally, the presence of a high-risk exposed FTP service and issues within SSL/TLS configurations further elevate the risk profile. While DNS and network security show moderate maturity, critical controls require immediate attention. Addressing these findings will enhance regulatory compliance, reduce cyber risk, and protect customer trust.

B

BNP Paribas

integrated-report.bnpparibas

61

The website exhibits significant security weaknesses across several critical domains, posing substantial risks to business operations and regulatory compliance. Notably, the absence of key email authentication mechanisms and poor SSL/TLS configurations expose the site to phishing, spoofing, and data interception threats. GDPR compliance is severely lacking, with no privacy policy or cookie consent banner, increasing legal and reputational risks. The missing security framework, policies, and incident response plans reflect immature cybersecurity governance, undermining the organization's ability to manage and recover from security incidents. While network security posture and DNS health are relatively strong, fundamental security headers and content security policies are not properly implemented, leaving the site vulnerable to common web attacks. Overall, the current posture could lead to data breaches, regulatory fines, and erosion of customer trust if not addressed promptly. Immediate action is essential to strengthen defenses and align with industry best practices and regulatory requirements.

The website demonstrates a generally strong technical security posture with robust SSL/TLS settings and good network security. However, significant gaps exist in compliance with GDPR and NIS2 regulations, posing substantial legal and operational risks. Critical issues include the complete absence of essential privacy policies and cookie consent mechanisms, which threaten regulatory compliance and customer trust, especially for EU users. The lack of documented information security frameworks, policies, and incident response procedures further exposes the business to heightened cyber risk and potential operational disruption. Email and DNS security configurations require improvement to prevent spoofing and enhance domain integrity. While security headers are mostly adequate, refinements can strengthen defense-in-depth. Immediate focus on regulatory compliance and governance frameworks is imperative to mitigate potential fines, reputational damage, and business continuity risks.

B

BMCI

bmci.ma

69

The website demonstrates a generally strong technical security foundation with robust network security, SSL/TLS configurations, and email security. However, significant gaps exist in regulatory compliance, particularly GDPR and NIS2, which present considerable legal and operational risks. Missing privacy and cookie policies, lack of consent mechanisms, and absent security governance documentation indicate insufficient organizational controls. Security headers are partially implemented but require enhancements to mitigate common web-based attacks. The absence of incident response and business continuity planning exacerbates potential downtime and breach impact. Addressing these deficiencies is critical to maintain customer trust, avoid regulatory penalties, and strengthen overall risk management. Prioritizing compliance and governance reforms will align security posture with legal requirements and industry best practices. Immediate remediation will reduce exposure to data privacy violations and operational disruptions.

The website demonstrates a generally strong foundation in network security, SSL/TLS implementation, and email security, reflected by high module scores in these areas. However, critical weaknesses exist in GDPR compliance and NIS2 regulatory adherence, posing significant legal and operational risks, especially for EU business operations. Missing privacy and cookie policies, lack of cookie consent mechanisms, and inadequate privacy measures expose the business to potential fines and reputational damage. The absence of an information security framework, incident response plans, and documented security policies undermines the organization's ability to manage and respond to security incidents effectively. Additionally, some security headers and DNS configurations are incomplete, which could increase exposure to data leakage and DNS-based attacks. Immediate remediation in privacy compliance and governance documentation is essential to mitigate regulatory risks and enhance trust with customers and partners. Overall, while technical defenses are strong, governance and compliance gaps represent the most pressing concerns for business continuity and legal compliance.

L

La Clinique Monte-Carlo

lacliniquemontecarlo.com

58

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. While there are no critical vulnerabilities detected, numerous high and medium severity issues exist, particularly around security headers, GDPR compliance, and information security governance aligned with NIS2 requirements. The absence of key HTTP security headers such as Strict-Transport-Security and Content-Security-Policy increases risk of web-based attacks. GDPR deficiencies, including missing privacy and cookie policies, expose the company to potential legal penalties and customer trust erosion. Lack of documented security policies and incident response plans under NIS2 further weakens the organization’s ability to manage and respond to cyber incidents effectively. SSL/TLS weaknesses and suboptimal email security settings present additional attack vectors. However, network security and DNS-related controls show relatively strong maturity. Immediate remediation in these areas will reduce risk and improve compliance posture substantially.

M

MYSEA

mysea.co

64

The website's overall security posture is weak, with critical and high-severity vulnerabilities that expose the business to significant risks including data breaches and compliance violations. Key deficiencies include the absence of essential security headers, lack of GDPR compliance mechanisms such as cookie consent, and missing foundational NIS2 security policies and incident response plans. Critically, the exposure of database services (MySQL and PostgreSQL) and unsecured FTP services presents immediate threats that could lead to unauthorized access and data compromise. While email security and SSL/TLS configurations show moderate strength, gaps like impending SSL certificate expiration and missing HSTS reduce resilience against interception attacks. DNS security is fairly solid but could be improved with DNSSEC and CAA records. Overall, urgent remediation is required to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Failure to address these issues could result in financial loss, reputational damage, and legal penalties.

A

Andbank

andbank.es

55

The website's security posture is currently weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Critical and high-severity issues dominate the assessment, especially in privacy compliance (GDPR) and foundational web security headers, indicating gaps in legal and technical safeguards. The absence of key security headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to man-in-the-middle and cross-site scripting attacks. Lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks, especially for EU customers. The missing security framework, incident response procedures, and vulnerability disclosure policies reflect immature security governance, increasing exposure to prolonged or unmitigated incidents. Exposure of high-risk services such as FTP further elevates the attack surface. While email security, SSL/TLS, DNS health, and network security show moderate maturity, they still require improvements. Immediate attention to these issues will reduce risk, support regulatory compliance, and enhance customer trust.

The website demonstrates a generally stable security posture with no critical or high severity vulnerabilities detected. However, several medium and low-risk issues indicate areas requiring improvement to strengthen overall defenses and regulatory compliance. Notably, failures in security headers, GDPR, and NIS2 compliance analyses suggest gaps in privacy and cybersecurity controls that could expose the business to regulatory and reputational risks. DNS configuration weaknesses such as lack of DNSSEC and CAA records increase susceptibility to DNS spoofing and certificate mis-issuance. The exposure of SSH services without adequate controls represents a potential entry point for attackers if not properly secured. Email security is mostly robust, though the absence of DMARC reporting reduces visibility into email abuse. Addressing these medium and low-level issues will enhance the company’s security posture, reduce risk exposure, and support compliance with evolving regulations.

The website's overall security posture shows significant vulnerabilities in foundational security controls, privacy compliance, and incident preparedness, despite no critical issues detected. High-severity gaps in HTTP security headers expose the site to common web attacks such as clickjacking, content injection, and data interception. There is a notable absence of GDPR compliance elements like privacy policies and cookie consent mechanisms, posing legal and reputational risks. Furthermore, the lack of an information security framework, incident response procedures, and business continuity planning indicates immature security governance, increasing the impact of potential security incidents. While email security and TLS/DNS configurations are relatively strong, expiring SSL certificates and missing HSTS reduce the effectiveness of encryption protections. The presence of an exposed high-risk FTP service significantly raises the risk of unauthorized data access. Overall, immediate remediation is needed to protect customer data, ensure regulatory compliance, and reduce operational risks from cyber threats.

I

Icecat NV

icecat.com

61

The website demonstrates a moderate to low overall security posture with no critical issues but multiple high and medium severity findings that pose significant risks. Key vulnerabilities include missing essential security headers, weak SSL configurations, and inadequate GDPR compliance due to absent privacy and cookie policies. Additionally, the absence of a formal information security framework and incident response procedures under NIS2 regulations exposes the business to regulatory non-compliance and operational risks. Email security and network security scores are relatively strong, but improvements are necessary to maintain trust and safeguard data. Immediate remediation is required to protect against clickjacking, cross-site scripting, data leakage, and legal penalties. Addressing these gaps will enhance customer confidence, reduce exposure to cyber threats, and ensure regulatory compliance. Failure to act promptly may result in reputational damage, financial losses, and legal consequences.

I

International University of Monaco

monaco-executive-education.com

67

The website exhibits a mixed security posture with strong network security and SSL/TLS configurations but significant gaps in compliance and core security policies. Critical and high-severity issues primarily surround email authentication, regulatory compliance (GDPR and NIS2), and absence of formal security documentation and procedures. The lack of email authentication poses immediate risks of phishing and email spoofing, undermining brand trust and deliverability. GDPR compliance deficiencies, including missing cookie policies and consent banners, expose the business to potential legal penalties and reputational damage. The absence of an information security framework, incident response plan, and vulnerability disclosure process under NIS2 indicates a maturity gap in organizational security governance. While technical controls like DNS and SSL are generally solid, missing headers and policy configurations reduce defense-in-depth effectiveness. Addressing these vulnerabilities is critical to safeguarding customer data, ensuring regulatory compliance, and maintaining operational resilience. Immediate action will mitigate risks, enhance customer trust, and support long-term business continuity.

S

SupplHi S.r.l. Società Unipersonale

supplhi.com

63

The website demonstrates a moderate security posture with no critical vulnerabilities but several high and medium risk issues that warrant immediate attention. Key deficiencies exist in security header implementations, GDPR compliance, and adherence to NIS2 requirements, potentially exposing the business to regulatory, reputational, and operational risks. The absence of essential headers like Content-Security-Policy and X-Frame-Options increases susceptibility to web-based attacks such as clickjacking and cross-site scripting. GDPR-related gaps, including missing cookie policies and consent mechanisms, expose the company to legal penalties and erode customer trust. NIS2 compliance is particularly weak, lacking formal security frameworks, incident response plans, and documented policies, which could impair the company’s ability to handle cyber incidents effectively. Email security measures are moderate but require improvements to prevent phishing and spoofing threats. SSL/TLS and DNS configurations are relatively strong but need minor updates to maintain robustness. Overall, the organization should prioritize closing regulatory gaps and enhancing web security controls to protect its assets and reputation.

V

Volcanic

volcanic.co.uk

76

The website demonstrates a generally strong technical security foundation with perfect SSL/TLS and network security scores, and good email and DNS configurations. However, significant shortcomings exist in governance and compliance areas, particularly regarding NIS2 and GDPR requirements, which expose the business to regulatory risks and potential operational disruptions. The absence of critical security policies, incident response plans, and clear security contact information severely undermines the organization's ability to manage security incidents effectively. Additionally, missing security headers and weak email authentication configurations increase vulnerability to attacks such as cross-site scripting and email spoofing. The lack of a cookie consent banner and potentially non-compliant privacy policies also risk non-compliance with GDPR, potentially resulting in legal penalties and reputational damage. Overall, while technical controls are mostly robust, governance and compliance gaps present the most urgent business risks. Addressing these will improve resilience, regulatory compliance, and customer trust.

U

UDITIS SA

formalites-export.com

69

The website demonstrates a generally strong technical security foundation with no critical issues found and excellent scores in network security (100/100) and SSL/TLS (97/100). However, significant gaps exist in regulatory compliance and governance, particularly concerning GDPR and NIS2 frameworks, which present high-risk exposure for legal penalties and operational risks. The absence of privacy and cookie policies, as well as missing consent mechanisms, undermines user trust and compliance with data protection laws. Furthermore, the lack of formal information security frameworks, incident response plans, and security policy documentation exposes the organization to increased vulnerability and reputational damage in case of a breach. Email security posture is moderate but requires improvement to prevent phishing and spoofing attacks. Security headers are generally well-implemented but missing critical policies that enhance protection against clickjacking and information leakage. Addressing these issues promptly will reduce compliance risks, strengthen incident readiness, and improve overall security resilience.

The website's overall security posture shows significant gaps, particularly in compliance with data protection regulations and information security management. Critical and high-severity issues, including lack of email authentication and absence of privacy and cookie policies, expose the business to legal risks and potential reputational damage. The missing security headers and absence of incident response and security policy documentation indicate vulnerabilities to common web-based attacks and inadequate preparedness for cybersecurity incidents. While network security and SSL/TLS configurations score reasonably well, foundational controls like HSTS and DNSSEC are missing, reducing the effectiveness of transport layer security. The very low NIS2 compliance score highlights a critical deficiency in meeting regulatory and operational cybersecurity standards. Addressing these issues promptly is essential to reduce risks of data breaches, regulatory penalties, and customer trust erosion. A structured security improvement plan aligned with business objectives and compliance requirements is urgently recommended.

B

Balearic Marine Cluster

balearicmarinecluster.com

61

The website’s security posture reveals significant gaps in foundational security controls and regulatory compliance, posing risks to both business operations and customer trust. While there are no critical vulnerabilities, multiple high and medium severity issues indicate a lack of essential security headers, incomplete GDPR compliance, and absence of key information security policies aligned with NIS2 requirements. The missing security headers expose the site to common web-based attacks like clickjacking, content injection, and cross-site scripting. GDPR non-compliance, including the absence of a privacy policy and cookie consent, risks regulatory penalties and reputational damage. The lack of incident response, security policies, and vulnerability disclosure procedures undermines the organization’s ability to manage and mitigate security incidents effectively. Exposure of high-risk services such as FTP further increases attack surface and potential data breaches. Although email security and DNS health are relatively strong, SSL/TLS and network security require immediate attention to prevent service disruptions and data interception. Overall, addressing these deficiencies is critical to protect customer data, maintain regulatory compliance, and safeguard business continuity.

U

USLI

bizresourcecenter.com

58

The website exhibits significant security weaknesses, particularly in foundational security controls such as HTTP security headers, email authentication, and compliance with GDPR and NIS2 regulations. Critical gaps like the absence of email authentication and incident response procedures expose the business to phishing risks and operational disruption. Missing key headers such as Strict-Transport-Security and Content-Security-Policy increase susceptibility to man-in-the-middle attacks and cross-site scripting. Compliance-related issues, including lack of cookie policies and privacy measures, present legal and reputational risks. While network security and DNS health show relatively strong postures, the presence of weak SSL configurations and expiring certificates further degrade trustworthiness. Overall, these vulnerabilities could lead to data breaches, regulatory penalties, and loss of customer confidence. Immediate remediation focused on critical security controls and compliance frameworks is essential to safeguard business operations and reputation.

U

USLI

usli.ca

63

The website's overall security posture reveals significant vulnerabilities, particularly in foundational security controls and regulatory compliance. While no critical issues were found, numerous high and medium severity gaps exist, notably in security headers, GDPR compliance, and adherence to NIS2 requirements. The absence of key HTTP security headers like Strict-Transport-Security and Content-Security-Policy exposes the site to common web attacks such as clickjacking and cross-site scripting. GDPR non-compliance, especially lacking cookie policies and consent mechanisms, risks substantial legal and reputational damage. NIS2 deficiencies, including missing security policies and incident response plans, indicate unpreparedness for managing cybersecurity incidents. However, email security, SSL/TLS configurations, DNS health, and network security demonstrate comparatively better maturity. Immediate remediation is essential to mitigate risk exposure, protect customer data, and align with regulatory frameworks. Addressing these weaknesses will enhance trust, reduce liability, and strengthen the organization's cybersecurity resilience.

M

Monaco Planning

monacoklanten.nl

52

The website's security posture is currently weak, with significant gaps in foundational security controls and compliance measures. Critical and high-severity issues predominantly stem from missing essential HTTP security headers, absent GDPR compliance elements, and lack of formal information security frameworks aligned with NIS2 regulations. These deficiencies expose the business to data breaches, regulatory penalties, and reputational damage, especially given the critical GDPR non-compliance for an EU business. While network and DNS security show relatively better maturity, critical gaps remain such as exposed SSH services and missing DNSSEC. Email security is moderately sound but can be further improved. SSL/TLS configurations need urgent attention to avoid man-in-the-middle attacks and ensure secure communications. Addressing these issues promptly will strengthen defense against cyber threats and demonstrate due diligence to customers and regulators.

B

Black Bull Group

blackbull-group.com

60

The website's security posture reveals significant gaps that expose the business to potential cyber risks and regulatory non-compliance. While there are no critical vulnerabilities, several high and medium-level issues, particularly in security headers, GDPR compliance, and network security, present serious concerns. Missing essential HTTP security headers increases exposure to web-based attacks such as clickjacking, content injection, and cross-site scripting. The absence of privacy and cookie policies, alongside missing cookie consent mechanisms, risks violating data protection regulations like GDPR, potentially resulting in legal penalties and reputational damage. Additionally, the lack of incident response procedures and vulnerability disclosure policies hampers the organization's ability to effectively manage and recover from security incidents. The exposure of high-risk services like FTP further elevates the threat landscape. Overall, immediate remediation is essential to enhance security posture, protect customer data, and ensure regulatory compliance to safeguard business continuity and trust.

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to significant threats. Major gaps exist in security headers, GDPR compliance, and adherence to the NIS2 directive, particularly around incident response and information security frameworks. The absence of essential security headers like Content-Security-Policy and X-Frame-Options increases the risk of web-based attacks such as clickjacking and cross-site scripting. GDPR compliance weaknesses, including missing cookie consent and privacy policy concerns, expose the business to regulatory penalties and reputational damage. Key NIS2 deficiencies highlight a lack of documented security policies and incident management, which could impair response to cyber incidents. SSL/TLS weaknesses and missing DNS security measures further elevate risk by potentially allowing interception or manipulation of data. Positively, email security and network security postures are strong, reducing some risks related to email spoofing and network-based attacks. Overall, urgent remediation is needed to protect the business, customer data, and ensure regulatory compliance while maintaining stakeholder trust.

L

Landmark Trust Group

landmarktrustgroup.com

63

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. Critical security headers are missing, undermining protection against common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is notably weak, with missing cookie policies and consent mechanisms, risking fines and legal repercussions. The absence of documented information security frameworks, incident response, and business continuity plans highlights operational vulnerabilities according to NIS2 standards. Email security is relatively strong but could be improved further. SSL/TLS and DNS configurations require attention to maintain trust and secure communications. While network security appears robust, foundational web and compliance security improvements are urgently needed to safeguard the business and customer data.

The website's overall security posture reveals significant vulnerabilities that pose both legal and operational risks. The presence of a critical SSL certificate issue undermines secure communications, potentially exposing sensitive user data and damaging customer trust. Several high-severity gaps in GDPR compliance, including missing privacy and cookie policies and absence of a cookie consent banner, expose the business to regulatory fines and reputational damage. Additionally, the lack of a formal security framework, incident response plan, and security documentation reflects immature cybersecurity governance, increasing the risk of prolonged downtime or data breaches. Security headers are poorly configured, missing critical protections against common web attacks. Although network security and email security show relatively strong scores, fundamental DNS security enhancements are needed. Immediate action is required to address these deficiencies to protect customer data, maintain compliance, and ensure business continuity.

The website currently exhibits significant security gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. Critical security headers are missing, weakening defenses against common web-based attacks such as clickjacking and content injection. GDPR compliance is insufficient, notably lacking cookie policies and consent mechanisms, increasing legal and financial risk. The absence of a formal information security framework and incident response plans highlights a lack of organizational maturity in cybersecurity governance. SSL/TLS configuration weaknesses and expiring certificates risk undermining encrypted communications and user trust. Although email security and network posture scores are relatively strong, DNS security can be improved. Overall, urgent remediation is needed to protect customer data, maintain regulatory compliance, and safeguard business continuity.

A

Alcantara S.p.A.

alcantara.com

67

The website demonstrates a concerning overall security posture with critical gaps in foundational security controls, particularly in web security headers, GDPR compliance, and adherence to NIS2 regulatory requirements. While no critical vulnerabilities were identified, multiple high-severity issues expose the business to risks such as data breaches, regulatory penalties, and reputational damage. Key deficiencies include absence of essential HTTP security headers, lack of documented security policies, and missing GDPR cookie consent mechanisms. Email security, SSL/TLS, DNS health, and network security show relatively strong performance, mitigating some risk vectors. However, the insufficient information security framework and incident response preparedness significantly reduce resilience against cyber incidents. Immediate remediation is needed to strengthen compliance, protect customer data, and ensure business continuity. Addressing these issues will enhance trust, reduce legal exposure, and align with industry best practices.

F

FMS Solutions

fmssolutions.com

60

The website demonstrates significant security weaknesses, particularly in critical HTTP security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements. No critical vulnerabilities were found, but twelve high-severity issues indicate substantial risk exposure, especially related to missing security headers and lack of privacy policies. The absence of key headers like Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy increases susceptibility to common web attacks such as clickjacking, man-in-the-middle, and cross-site scripting. GDPR compliance gaps, including missing privacy and cookie policies and consent mechanisms, expose the business to regulatory penalties and reputational damage. Additionally, the lack of documented information security frameworks, incident response, and business continuity plans under NIS2 requirements presents operational risks. SSL/TLS implementation is weak due to expiring certificates, weak key lengths, and mixed content, which may undermine user trust and data confidentiality. DNS and network security are relatively strong, but DNSSEC and CAA records should be configured to enhance domain integrity. Immediate remediation is necessary to protect customer data, maintain compliance, and safeguard business continuity.

G

Gianvito Rossi Global

gianvitorossi.com

54

The website's overall security posture is concerning, with multiple critical and high-severity issues identified that expose the business to significant risks. The absence of HTTPS encryption is a critical vulnerability, impacting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 mandates. Additionally, the lack of key security headers and weak privacy controls reduces protection against common web attacks and privacy violations. Governance and compliance frameworks such as NIS2 and GDPR are poorly implemented, with missing policies, procedures, and contact information, raising potential legal and reputational risks. While email security and network security show relatively strong scores, foundational web and application security practices require urgent remediation. Immediate action is required to secure communications, ensure compliance, and establish incident response capabilities. Without addressing these gaps, the business risks data breaches, regulatory fines, and damage to customer trust.