Security Directory

N

Nyetimber Limited

nyetimber.com

45

The website exhibits a critically weak security posture with multiple severe vulnerabilities that expose it to significant risks including data breaches, compliance violations, and service interruptions. The absence of HTTPS encryption, flagged as critical across SSL/TLS, GDPR, and NIS2 compliance areas, is the most alarming issue, leaving all data transmissions vulnerable to interception and manipulation. Key security headers critical for protecting against common web attacks are missing, increasing the risk of clickjacking, content injection, and cross-site scripting attacks. GDPR compliance is poor, notably lacking a cookie consent mechanism and potentially non-compliant privacy policies, which could result in regulatory penalties and damage to customer trust. NIS2 directives are largely unmet, with no documented security policies, incident response plans, or information security frameworks, exposing the business to operational risks and regulatory enforcement. Email security is moderately better but still incomplete, with missing DKIM records and weak DMARC enforcement that could facilitate phishing attacks. DNS security is fairly strong, but the absence of DNSSEC and CAA records leaves some attack vectors open. Network security within the infrastructure is solid, providing a good foundation to build upon. Immediate attention is required to address critical encryption and compliance gaps to protect the business, customers, and reputation.

The website security assessment reveals a critical vulnerability due to the lack of HTTPS encryption, exposing all data in transit to interception and manipulation. While the overall network security posture is strong, there are multiple medium-level issues including missing security headers, absence of DNSSEC, and failure to implement GDPR and NIS2 compliance measures. The absence of DKIM records increases the risk of email spoofing and phishing attacks, potentially damaging brand reputation. Low-level issues like missing CAA records further reduce DNS security hardening. These combined gaps indicate insufficient protection against common web threats and regulatory compliance risks, which could lead to data breaches, legal penalties, and loss of customer trust. Immediate action to secure communications and meet compliance requirements is essential to safeguard business continuity and credibility. Strengthening email authentication and DNS configurations will also reduce attack surface and improve resilience.

M

Musictime

musictime.cz

40

The website's overall security posture is critically weak, exposing the business to significant legal, operational, and reputational risks. The absence of HTTPS encryption is a severe vulnerability, compromising data confidentiality and trust, especially for EU customers subject to GDPR. Key security headers are missing, increasing susceptibility to web-based attacks such as cross-site scripting and clickjacking. GDPR compliance is lacking, including no privacy or cookie policies and no consent mechanisms, risking regulatory penalties. The absence of an information security framework, incident response plans, and vulnerability disclosure processes indicates immature security governance. Email authentication is incomplete, raising the likelihood of phishing and spoofing attacks. Additionally, exposing high-risk services like FTP further amplifies the attack surface. Immediate remediation is essential to safeguard customer data, ensure regulatory compliance, and protect business continuity.

T

Tyrus Capital

tyruscap.com

55

The website's overall security posture exhibits significant critical weaknesses, particularly the complete absence of HTTPS encryption, which exposes all transmitted data to interception and undermines regulatory compliance. Governance frameworks such as GDPR and NIS2 are poorly implemented, reflected in low scores and missing key elements including cookie consent, security policies, and incident response plans. While network security and email security show relative strength, critical gaps in secure communications and policy frameworks present substantial operational and reputational risks. The lack of GDPR-compliant privacy practices further increases the risk of regulatory penalties and customer trust erosion. Security headers are moderately implemented but missing important controls like the Permissions-Policy header. DNS security is partially addressed but lacks DNSSEC and CAA records, which could expose domain-related attacks. Immediate remediation is required to ensure data confidentiality, regulatory compliance, and resilience against cyber threats.

E

Euro Events

euro-events.nl

45

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing vulnerability to web-based attacks. Compliance with GDPR and NIS2 regulations is insufficient, notably with no privacy or cookie policies, lack of incident response plans, and missing security documentation. Although email security and network security show relatively strong postures, critical gaps in core web security and legal compliance overshadow these strengths. Immediate remediation is essential to protect customer data, meet regulatory obligations, and maintain business continuity. Without urgent action, the business risks legal penalties, customer trust erosion, and potential operational disruptions. Investment in a comprehensive security framework and governance is urgently needed to elevate the security maturity level.

R

RAX Group

pharmed-sam.net

44

The website's overall security posture is currently inadequate, with critical vulnerabilities that expose the business to significant risks. The absence of HTTPS encryption is a critical flaw, undermining data confidentiality and user trust while violating GDPR and NIS2 compliance requirements. Key security headers are missing, increasing exposure to common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is weak, lacking a privacy policy and cookie consent mechanisms, which may result in regulatory penalties and reputational damage. The lack of documented security policies, incident response, and business continuity plans highlights insufficient organizational security maturity. While DNS and network security are relatively strong, critical gaps in email security and vulnerability management remain. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and preserve brand reputation. Investment in security governance and technical controls is urgently required to mitigate these risks effectively.

V

Vale

vale.com

50

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines user trust. Significant gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy and cookie policies, lack of consent mechanisms, and absence of essential security documentation such as incident response and information security frameworks. Security headers are inadequately configured, increasing vulnerability to common web attacks like cross-site scripting. While network security and email security show strong scores, foundational web security controls are missing, presenting substantial legal, reputational, and operational risks. Immediate remediation is essential to protect user data, comply with regulations, and sustain business continuity. Without urgent action, the business risks regulatory penalties, data breaches, and loss of customer confidence. Addressing these issues will significantly enhance the organization's security resilience and trustworthiness.

The website’s security posture reveals significant vulnerabilities that pose substantial risks to business operations and customer trust. The most critical concern is the absence of HTTPS encryption, exposing all data transmissions to interception and tampering, which can lead to data breaches and regulatory penalties. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, and inadequate email security measures further increase exposure to cyber threats and legal non-compliance. While network security and DNS health scores are relatively strong, DNSSEC and CAA records gaps could allow DNS spoofing or certificate mis-issuance attacks. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold the company’s reputation. Addressing these issues will significantly reduce the risk of cyber incidents and enhance customer confidence in the website’s security. Overall, the website is at moderate to high risk until critical and medium vulnerabilities are resolved.

I

IN Air Travel Experience

in-atx.com

45

The website's security posture is currently inadequate, with critical vulnerabilities primarily related to the absence of HTTPS encryption severely exposing user data and communications to interception. Significant GDPR compliance gaps, such as missing privacy and cookie policies and consent mechanisms, present legal and reputational risks. The lack of fundamental security headers increases the risk of common attacks like clickjacking and XSS, undermining user trust. Furthermore, the absence of an information security framework, incident response procedures, and vulnerability disclosure policies indicates immature security governance, which could lead to prolonged incident resolution and increased business disruption. While network security and email security scores are relatively strong, critical TLS and encryption failures overshadow these positives. Immediate remediation is needed to protect customer data, comply with regulations, and maintain business continuity. Overall, the organization faces substantial operational, legal, and reputational risks without swift action.

G

GetYourGuide

gyg.es

38

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a severe vulnerability affecting data confidentiality and integrity, impacting customer trust and compliance with GDPR and NIS2 regulations. Key security headers are largely missing, reducing protection against common web attacks such as clickjacking, XSS, and MIME sniffing. Furthermore, critical GDPR compliance issues, including lack of privacy and cookie policies and missing consent mechanisms, expose the business to legal penalties and reputational damage. Network security is inadequate, with critical services like MySQL exposed publicly, increasing the risk of unauthorized access. The lack of an information security framework, incident response plan, and vulnerability disclosure policies indicates immature cybersecurity governance. While email security and DNS health show some strengths, these do not compensate for the critical gaps in core website and infrastructure security. Immediate remediation is essential to protect customer data, ensure legal compliance, and maintain business continuity.

The website's overall security posture reveals significant vulnerabilities that could expose the business to substantial risks. The most critical issue is the lack of HTTPS encryption, which jeopardizes all data transmitted between users and the site, risking data interception and loss of trust. Medium-level issues such as missing security headers, absence of DKIM records for email, and failure to comply with GDPR and NIS2 regulations further increase the risk of data breaches, phishing, and regulatory penalties. DNS health concerns like missing DNSSEC and CAA records also reduce domain integrity and increase susceptibility to DNS hijacking. While network security is strong, the absence of foundational web security controls undermines the overall defense strategy. Immediate remediation is essential to protect customer data, ensure compliance, and maintain business reputation. Addressing these gaps will enhance user trust, reduce legal exposure, and strengthen the organization's cybersecurity posture.

M

Maison Goyard

goyard.com

52

The website's overall security posture reveals significant critical vulnerabilities, notably the complete lack of HTTPS encryption, which poses immediate risks to data confidentiality and user trust. Compliance with GDPR is severely lacking, with no cookie policy or consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of fundamental information security frameworks and incident response procedures further increases operational risk and potential downtime from security incidents. While network security and DNS health show relatively strong scores, critical gaps in TLS/SSL and email security configurations undermine these strengths. Security headers are partially implemented but missing key policies that help mitigate common web-based attacks. Immediate remediation is necessary to safeguard customer data, comply with regulations, and protect business continuity. Addressing these issues will also enhance customer confidence and reduce legal and financial exposure.

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Multiple high and critical issues indicate significant gaps in compliance with GDPR and NIS2 regulations, risking legal penalties and reputational damage. The lack of privacy and cookie policies, as well as no cookie consent mechanism, further exacerbates regulatory non-compliance. Security headers are inadequately configured, increasing vulnerability to common web attacks like clickjacking and cross-site scripting. Incident response, security policies, and business continuity planning are either missing or insufficient, leaving the organization unprepared for cyber incidents. Although email security and network security show strong scores, these strengths are overshadowed by critical website and data protection failures. DNS health is moderately good but can be improved with DNSSEC and proper CAA records. Immediate remediation is essential to safeguard sensitive information, maintain customer trust, and ensure regulatory adherence.

O

One Partners

onepartners.com.br

42

The website's overall security posture is critically weak, exposing the business to significant cyber risks and regulatory non-compliance. The absence of HTTPS encryption is a critical vulnerability impacting data confidentiality and user trust, with cascading effects on GDPR and NIS2 compliance. Multiple missing security headers increase susceptibility to common web attacks such as clickjacking, MIME sniffing, and cross-site scripting. The exposure of critical services like MySQL and FTP without adequate protections further elevates the risk of data breaches and unauthorized access. Additionally, the lack of essential documentation and policies—including privacy, cookie, security, and incident response—exposes the organization to legal and operational risks. Although email security and DNS health scores are relatively strong, they do not compensate for the critical infrastructure and governance gaps. Immediate remediation is necessary to protect sensitive data, maintain customer confidence, and ensure regulatory compliance. Failure to act could result in financial losses, reputational damage, and potential regulatory penalties.

W

White Castle Partners

whitecastle-partners.com

47

The website exhibits significant security deficiencies, notably the absence of HTTPS encryption, which is critical for protecting data in transit and establishing user trust. Compliance gaps with GDPR and NIS2 regulations pose legal and reputational risks, as the site lacks essential privacy policies, cookie consent mechanisms, and security governance documentation. Missing key security headers increase vulnerability to common web attacks such as cross-site scripting and content sniffing. While email security and network posture are relatively strong, the overall low scores in GDPR, NIS2 adherence, and SSL/TLS indicate urgent remediation needs. Failure to address these issues could result in data breaches, regulatory penalties, and loss of customer confidence. Immediate action is required to secure communications, implement privacy controls, and establish incident response capabilities. Strengthening these areas will enhance the site's security posture and ensure compliance with industry standards and regulations.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

V

VENUS

venus.com

51

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trustworthiness. Compliance with GDPR and NIS2 regulations is severely lacking, with no cookie policies, consent mechanisms, or documented security frameworks in place, putting the business at significant legal and operational risk. While network security and DNS health scores are relatively strong, critical gaps in encryption and incident response capabilities overshadow these strengths. Security headers and email security have moderate scores but require improvements to reduce attack surface and phishing risks. The lack of HTTPS also negatively impacts SEO and customer confidence. Immediate remediation is necessary to protect sensitive information, ensure regulatory compliance, and maintain business continuity. Failure to address these issues could result in data breaches, regulatory penalties, and reputational damage. The current state indicates an urgent need for a strategic security overhaul aligned with industry standards and legal requirements.

G

GS Monaco

gsmonaco.com

42

The website exhibits a severely deficient security posture, with multiple critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Most notably, the absence of HTTPS encryption critically undermines data confidentiality and integrity, violating GDPR and NIS2 requirements and risking customer trust and legal penalties. The lack of key security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options leaves the site vulnerable to man-in-the-middle attacks, clickjacking, and cross-site scripting. Additionally, missing privacy policies and cookie consent measures expose the business to compliance violations and reputational damage. Network services like FTP and SSH are exposed without adequate protections, increasing the attack surface. Overall, the current state indicates a lack of foundational cybersecurity governance and incident preparedness. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain business continuity. Without urgent action, the company risks financial loss, legal sanctions, and erosion of customer confidence.

M

MINDUS

mindus.co

50

The website exhibits a concerning overall security posture with several critical vulnerabilities, primarily the complete lack of HTTPS encryption, which exposes user data to interception and undermines trust. Compliance with GDPR and NIS2 regulations is severely lacking, especially regarding cookie management, data protection policies, and incident response readiness, which poses significant legal and reputational risks. Security header configurations are weak or missing, increasing susceptibility to common web attacks such as cross-site scripting and clickjacking. Although network security and email security measures are relatively strong, foundational elements like HTTPS and security policy documentation are absent. The absence of an information security framework and business continuity planning further endangers operational resilience. Immediate remediation is critical to protect sensitive data, ensure regulatory compliance, and maintain customer confidence. Without urgent improvements, the organization risks data breaches, regulatory penalties, and loss of business continuity.

S

Skitsanos

skitsanos.com

51

The website’s overall security posture is concerning, with critical deficiencies in foundational security controls, particularly the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines user trust. Compliance with GDPR is severely lacking, missing key elements such as privacy policies, cookie consent mechanisms, and sufficient contact information, risking regulatory penalties and reputational damage. The security headers implementation is incomplete, raising the risk of various web-based attacks and data leakage. Furthermore, the organization lacks mature information security governance, incident response, and business continuity planning, exposing it to operational risks and prolonged recovery times after security incidents. While network security and email security scores are strong, critical gaps in SSL/TLS, GDPR compliance, and NIS2 requirements highlight urgent areas for remediation. DNS security is moderate but can be enhanced by enabling DNSSEC and CAA records. Overall, immediate attention to encryption, legal compliance, and security governance is required to protect the business, its customers, and ensure regulatory adherence.

I

Indigo Books & Music Inc.

indigo.ca

54

The website's overall security posture reveals significant critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes data in transit to interception and compromises user trust. Compliance-related deficiencies are severe, with extremely low GDPR and NIS2 scores indicating non-compliance risks that could result in substantial regulatory penalties and reputational damage. While network security and email security are relatively strong, foundational security controls such as security headers are only moderately implemented and require improvement. The lack of formal security policies, incident response procedures, and vulnerability disclosure mechanisms further amplifies the organization's risk exposure. Additionally, missing cookie consent mechanisms and privacy policy issues threaten legal compliance with data protection laws. DNS health is good but can be enhanced by enabling DNSSEC to prevent DNS spoofing attacks. Immediate remediation is essential to protect sensitive user data, ensure regulatory compliance, and maintain business continuity.

D

Dimco

dimco.mc

49

The website's overall security posture is critically weak, primarily due to the complete absence of HTTPS encryption, exposing all data transmissions to interception and manipulation. The lack of essential security headers such as Strict-Transport-Security and Content-Security-Policy further increases vulnerability to common web-based attacks like man-in-the-middle and cross-site scripting. Additionally, the site fails to comply with GDPR requirements by not providing a privacy policy, cookie policy, or consent mechanisms, risking significant regulatory penalties and reputational damage. From a NIS2 directive perspective, there is a notable absence of documented security policies, incident response procedures, and security contact information, indicating poor organizational readiness for cyber incidents. Although email and network security settings are strong, these strengths are overshadowed by foundational security and compliance gaps. DNS configurations are somewhat healthy but can be improved with DNSSEC and CAA records to enhance domain authenticity and prevent certificate misuse. Immediate remediation is crucial to mitigate data breach risks, regulatory fines, and loss of customer trust, which can severely impact business continuity and growth.

The website's overall security posture shows critical vulnerabilities that pose significant business risks, particularly the absence of HTTPS encryption, which jeopardizes data confidentiality and user trust. While some areas like email and network security demonstrate strong controls, multiple medium-severity issues related to security headers, GDPR compliance, NIS2 directives, and DNS health indicate gaps that could be exploited or lead to regulatory penalties. The failure to implement security headers reduces protection against common web attacks, and missing GDPR and NIS2 compliance increases legal and operational risks in regulated markets. DNSSEC is not enabled, exposing the domain to potential DNS spoofing attacks. Although network security is rated highly, the critical SSL/TLS deficiency overshadows these strengths. Immediate remediation is necessary to protect sensitive information, maintain customer confidence, and ensure regulatory compliance.

K

Kona Bicycle Company USA

konaworld.com

55

The website's overall security posture is currently weak and exposes the business to significant risks, particularly due to the absence of HTTPS encryption, which is critical for protecting data in transit. Compliance with GDPR and NIS2 regulations is severely lacking, putting the organization at risk of legal penalties and reputational damage. While network security and email security show relatively strong scores, foundational gaps such as missing security policies, incident response plans, and consent mechanisms undermine trust and resilience. Security headers are partially implemented but need improvement to enhance browser-based protections. DNS health is adequate but can be strengthened further. Immediate focus is required on encryption, regulatory compliance, and formalizing information security governance to safeguard customer data and ensure business continuity. Failure to address these issues could lead to data breaches, regulatory fines, and erosion of customer confidence.

S

Solamito Properties

solamito-properties.mc

44

The website's overall security posture is critically deficient, with multiple high and critical severity issues across key areas such as encryption, privacy compliance, and security policies. The absence of HTTPS encryption exposes all data transmissions to interception and manipulation, representing the most urgent risk to both users and business integrity. Critical gaps in GDPR compliance, including missing privacy and cookie policies as well as lack of cookie consent mechanisms, put the organization at risk of regulatory sanctions and reputational damage. Security headers essential for protecting against common web attacks are largely missing, increasing vulnerability to clickjacking, XSS, and other exploits. Furthermore, foundational governance elements like incident response procedures, security policies, and vulnerability disclosure frameworks are absent, indicating a lack of mature security management. DNS and email security posture are relatively strong, but these do not compensate for the critical failures in encryption and compliance. Immediate remediation is required to safeguard customer data, maintain trust, and meet legal obligations. Without prompt action, the organization faces significant operational, financial, and reputational risks.

D

Deloitte

deloitte.be

50

The website exhibits significant security and compliance deficiencies that present substantial business risks. Critical issues such as lack of HTTPS encryption and inadequate privacy measures expose the organization to data breaches, regulatory penalties, and reputational damage, especially under GDPR and NIS2 regulations. The absence of a privacy policy, cookie consent mechanisms, and security framework further threatens legal compliance and customer trust. While network security and email configurations are relatively strong, key foundational controls like security headers and DNS protections need improvement. Overall, the current posture is high risk and requires immediate remediation to safeguard sensitive data, ensure regulatory compliance, and maintain business continuity. Addressing these issues promptly will protect the organization from financial losses and operational disruptions. Failure to act could result in severe fines, loss of customer confidence, and increased vulnerability to cyber attacks.

G

Gucci

gucci.com

53

The website's overall security posture is currently poor, primarily due to critical gaps in fundamental security controls such as the absence of HTTPS encryption and essential security headers. This exposes the business to significant risks including data interception, non-compliance with GDPR and NIS2 regulations, and reputational damage. The lack of a cookie consent banner and GDPR-compliant privacy policies further amplify legal exposure. Additionally, key governance elements like incident response, security policies, and vulnerability disclosure are missing, indicating immature security management. While network security and email configurations are relatively strong, they cannot compensate for the critical deficiencies in encryption and compliance. Immediate remediation is necessary to protect sensitive user data, ensure regulatory compliance, and maintain customer trust. Addressing these issues will also reduce potential financial liabilities stemming from data breaches or regulatory penalties.

C

CNI MARINE SERVICES

cnimarine.com

34

The website’s current security posture is critically weak, exposing the business to significant legal, operational, and reputational risks. The absence of HTTPS encryption is a severe vulnerability affecting data confidentiality and user trust, while missing key security headers leave the site exposed to multiple web-based attacks such as clickjacking and cross-site scripting. GDPR compliance is lacking, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties. Additionally, critical backend services like MySQL and PostgreSQL are exposed publicly, increasing the risk of unauthorized access and data breaches. The lack of fundamental security policies, incident response, and business continuity planning indicates immature security governance. DNS and email security measures are moderately implemented but require improvement. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

The website's overall security posture exhibits critical vulnerabilities, notably the absence of HTTPS encryption and lack of email authentication, which pose significant risks to data confidentiality and email integrity. Medium-level issues related to security headers, GDPR compliance, NIS2 alignment, and DNS security measures further weaken the security framework and could lead to regulatory non-compliance and increased attack surface. While network security measures are strong and DNS health is relatively good, the failure to implement foundational protections like SSL/TLS and email authentication undermines user trust and exposes the business to potential data breaches and phishing attacks. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and uphold the organization's reputation. Addressing these gaps will also support long-term security resilience and business continuity. The current email security score (75/100) and DNS health score (85/100) indicate room for improvement despite some positive aspects. Prioritizing encryption and authentication will deliver the highest security and business impact benefits. Overall, the assessment reveals critical weaknesses that require urgent and strategic attention.

O

Oceanco

builtbyoceanco.com

50

The website's overall security posture presents significant risks, primarily due to the complete lack of HTTPS encryption, which is flagged as a critical issue across multiple security domains (GDPR, NIS2, SSL/TLS). This exposes the website and its users to data interception and undermines user trust. Additionally, there are severe compliance gaps with GDPR and NIS2 regulations, including missing privacy and cookie policies, lack of cookie consent mechanisms, and absence of essential security governance documents such as incident response and security policies. While network security and security headers are relatively strong, critical foundational elements like encryption and governance are missing, which could lead to regulatory penalties, reputational damage, and increased vulnerability to cyberattacks. The absence of a vulnerability disclosure policy and business continuity planning further exacerbates risks. On a positive note, email security and DNS health receive moderate scores but still require improvements to fully mitigate risks. Immediate remediation is imperative to protect the business, comply with regulations, and maintain customer trust.

F

Federal Hotel

federal-hotel.com

40

The website exhibits a significantly weak security posture with multiple critical vulnerabilities, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Key security headers are missing, increasing susceptibility to common web-based attacks such as clickjacking, MIME sniffing, and cross-site scripting. GDPR compliance is severely lacking, with no privacy or cookie policies, no consent mechanisms, and insufficient contact information, risking regulatory penalties and loss of customer trust. The absence of an information security framework, security policies, and incident response procedures further highlights immature security governance, exposing the business to operational risks and regulatory non-compliance under frameworks like NIS2. Email authentication is inadequately configured, increasing the risk of phishing and email spoofing attacks. While network security and DNS health show some positive aspects, these strengths are overshadowed by critical gaps in encryption and governance. Immediate remediation is required to protect customer data, maintain trust, and comply with legal requirements, thereby safeguarding the business’s reputation and operational continuity.

M

Multinational Force and Observers

mfo.org

45

The website currently exhibits critical vulnerabilities that severely compromise its security posture, most notably the complete absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. The lack of fundamental security headers such as Content-Security-Policy further increases the risk of cross-site scripting and other client-side attacks. Additionally, non-compliance with GDPR regulations due to missing privacy and cookie policies, as well as absence of cookie consent mechanisms, presents significant legal and reputational risks. Deficiencies in security governance, including missing information security frameworks, incident response procedures, and vulnerability disclosure policies, weaken the organization's ability to detect and respond to cyber threats effectively. Email security measures are partially implemented but require enforcement improvements to prevent phishing and spoofing attacks. DNS configurations lack advanced protections like DNSSEC, which could lead to domain hijacking risks. Overall, the combined technical and compliance gaps place the business at high risk of data breaches, regulatory penalties, and operational disruption.

P

Peugeot

peugeot.com

47

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, exposing all data in transit to interception and undermining user trust and regulatory compliance. Multiple critical and high-severity issues related to missing essential security headers such as Content-Security-Policy and X-Frame-Options further increase the risk of cross-site scripting and clickjacking attacks. The lack of GDPR compliance artifacts, including privacy policies, cookie consent mechanisms, and third-party privacy transparency, poses significant legal and reputational risks. From a regulatory perspective, the absence of a structured information security framework, incident response, and business continuity plans indicates unpreparedness for security incidents, risking operational disruptions. While network security and email security controls are strong, these positives do not offset fundamental web security deficiencies. DNS security is moderately addressed but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is necessary to protect customer data, maintain compliance, and secure business operations. Without urgent action, the organization faces elevated risks of data breaches, regulatory penalties, and customer trust erosion.

C

Centurion Bulk

centurionbulk.com

34

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is a critical vulnerability that undermines all data confidentiality and integrity, putting customer data and business communications at risk. Missing essential security headers such as Strict-Transport-Security and Content-Security-Policy increase susceptibility to common web attacks like man-in-the-middle, clickjacking, and cross-site scripting. Non-compliance with GDPR is evident due to missing privacy policies, cookie consent mechanisms, and third-party privacy disclosures, which can result in heavy fines and reputational damage. Several NIS2 directive requirements are unmet, including lack of incident response, security policies, and business continuity planning, exposing the company to operational risks and regulatory penalties. Network security is compromised by exposing critical services like FTP and MySQL publicly, heightening the risk of unauthorized access. Email security is moderately implemented but lacks enforcement and reporting mechanisms, potentially increasing phishing and spoofing risks. Overall, urgent remediation is needed to protect sensitive data, comply with regulations, and maintain customer trust.

The website exhibits significant security vulnerabilities, most notably the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. While network security posture is strong, critical gaps exist in foundational security controls such as email authentication and DNS protections. Compliance-related frameworks including GDPR and NIS2 are not adequately addressed, potentially risking regulatory penalties and reputational damage. The lack of proper security headers and missing DNS security configurations further increase the attack surface. Overall, the current security posture leaves the business vulnerable to data breaches, phishing attacks, and compliance violations. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory compliance. Addressing these issues will also strengthen the business's resilience against evolving cyber threats. Prioritizing HTTPS implementation and email security improvements will yield the highest impact in reducing risk.

The website's security posture is currently poor, with multiple critical and high-severity issues exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The complete lack of HTTPS encryption is a critical vulnerability that undermines all web traffic security and violates GDPR and NIS2 regulations. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and data leakage attacks. Additionally, the absence of privacy and cookie policies, as well as consent mechanisms, exposes the organization to legal penalties under GDPR. The lack of documented information security frameworks and incident response procedures further increases the risk of inadequate breach handling and prolonged downtime. Exposed high-risk services like FTP and SSH without proper controls elevate the attack surface. Email security is moderately strong but should be improved with DMARC enforcement. Overall, immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain customer trust.

The website's overall security posture exhibits significant vulnerabilities, with one critical issue and multiple medium-level concerns that collectively expose the business to potential data breaches and regulatory non-compliance. The absence of HTTPS encryption is the most pressing risk, as it undermines data confidentiality and user trust. Additionally, failure to implement essential security headers and email authentication mechanisms like DKIM increases susceptibility to phishing and man-in-the-middle attacks. Compliance gaps relating to GDPR and NIS2 frameworks suggest potential legal and financial repercussions. DNS security can be improved by enabling DNSSEC and configuring CAA records to prevent domain hijacking and unauthorized certificate issuance. Despite a strong network security posture, these deficiencies represent immediate priorities to safeguard sensitive information and maintain regulatory compliance. Addressing these issues will enhance customer trust, protect brand reputation, and reduce the risk of costly security incidents.

The website's current security posture presents significant risks that could impact business operations and customer trust. The most critical issue is the absence of HTTPS encryption, exposing data transmissions to interception and manipulation. Additionally, the exposure of a high-risk service such as Remote Desktop Protocol (RDP) increases the attack surface, potentially leading to unauthorized access. Medium-level issues including missing security headers, lack of DKIM email authentication, and non-compliance with GDPR and NIS2 frameworks further weaken the security stance. The absence of DNSSEC and CAA records can lead to DNS spoofing and unauthorized certificate issuance, respectively. While some modules like email security and DNS health show moderate scores, the overall gaps indicate an urgent need for remediation. Addressing these vulnerabilities will enhance data protection, regulatory compliance, and overall resilience against cyber threats. Immediate action will reduce the risk of data breaches, reputational damage, and potential financial penalties.

The website's overall security posture is concerning due to a critical issue: the absence of HTTPS encryption, exposing users and business data to interception and tampering. While network security is strong, medium-level issues such as missing security headers, lack of DNSSEC, and failure to comply with GDPR and NIS2 requirements indicate gaps in regulatory compliance and security best practices. The lack of DKIM records increases the risk of email spoofing, potentially harming brand reputation and email deliverability. Low-level issues like missing CAA records further reduce the domain's resilience against unauthorized certificate issuance. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and avoid regulatory penalties. Addressing these issues will enhance data confidentiality, integrity, and compliance readiness, thereby strengthening the business’s cybersecurity defenses and reputation.

W

Wyser

wyser-search.com

47

The website's current security posture is critically weak, with multiple severe vulnerabilities exposing it to significant risk. The absence of HTTPS encryption is a fundamental flaw, affecting data confidentiality and trust, and violates GDPR and NIS2 requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to common web attacks like XSS and protocol downgrade attacks. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory fines and reputational damage. The absence of documented information security frameworks, security policies, and incident response procedures indicates immature organizational security governance. While email security and network security are relatively strong, this does not compensate for the critical gaps in web application and data protection. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and preserve business reputation. Without swift action, the organization risks data breaches, regulatory penalties, and loss of customer trust.

I

Inside Systems A/S

insidesystems.com

50

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data in transit to interception and manipulation. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. GDPR compliance is severely lacking, with no cookie policy or consent banner, potentially leading to regulatory penalties and loss of customer trust. The absence of an information security framework, incident response procedures, and security policy documentation further exacerbates the organization's vulnerability to cyber threats and operational disruptions. While email and network security are strong, these isolated strengths do not mitigate the critical risks posed by the core deficiencies. The low scores in NIS2 compliance indicate the organization is unprepared to meet mandatory cybersecurity standards, risking legal and financial consequences. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold the company's reputation. Failure to address these issues may result in data breaches, regulatory fines, and significant business disruption.

A

Arcus Consulting LLP

arcus.uk.com

41

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental flaw impacting data confidentiality and trustworthiness. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy policy or cookie consent mechanisms, risking legal penalties and loss of customer trust. The lack of an information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. Email security measures like DMARC and DKIM are insufficient, raising the risk of phishing and spoofing attacks. Exposure of high-risk services like FTP further amplifies vulnerability to unauthorized access. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the business’s reputation.

A

AFIMAC Global

afimacglobal.com

45

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. Key deficiencies include the complete lack of HTTPS encryption, absence of essential security headers, and non-compliance with GDPR requirements such as missing cookie policies and consent mechanisms. Furthermore, the organization lacks foundational NIS2 framework elements like incident response procedures and security policy documentation, highlighting immature security governance. While email security and network security show relatively strong scores, critical SSL/TLS and web application security gaps undermine these strengths. Immediate remediation is crucial to protect customer data, ensure regulatory compliance, and maintain trust. Without swift action, the business risks financial loss, legal consequences, and operational disruptions. This assessment clearly indicates the need for urgent investment in web security controls and governance frameworks.

M

Molori Private Collection

molorisafari.com

42

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and trust. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, content injection, and MIME-type sniffing. GDPR compliance deficiencies, including lack of privacy and cookie policies, place the company at risk of legal penalties. Additionally, the lack of an information security framework, incident response plan, and vulnerability disclosure policy signals immature security governance. Email security is moderately strong but could be improved. DNS configurations are generally good but could be enhanced with DNSSEC and CAA records. Network security posture is solid but insufficient to compensate for fundamental web security gaps. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

I

InspireME Monte Carlo sarl

inspireme-mc.com

40

The website's security posture is currently poor, with multiple critical and high-severity vulnerabilities that expose the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical flaw that jeopardizes all data in transit, undermining customer trust and violating GDPR and NIS2 regulations. Missing essential security headers like Strict-Transport-Security and Content-Security-Policy further increase exposure to common web attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, risks regulatory penalties and loss of customer confidence. Additionally, inadequate incident response, security policies, and business continuity planning indicate insufficient preparedness for security incidents. The exposure of high-risk services like FTP, which is inherently insecure, amplifies the attack surface. Overall, immediate remediation is needed to protect sensitive customer data, ensure regulatory compliance, and maintain business continuity.

M

Magtor

magtor.tech

34

The website's security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption across the site is the most alarming vulnerability, leaving all data transmissions unprotected and potentially interceptable by attackers. Critical gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and essential security documentation, which could result in hefty regulatory penalties. Email systems lack fundamental authentication protocols, increasing the risk of phishing and spoofing attacks that could damage brand trust. The website also exposes high-risk services like FTP, which are known vectors for compromise. Additionally, basic security headers are misconfigured or absent, increasing susceptibility to common web-based attacks. Overall, the current security state undermines customer trust and business continuity. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the company’s digital assets.

A

AppList Media

applistmedia.com

41

The website exhibits a severely deficient security posture with multiple critical vulnerabilities, most notably the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation. The absence of foundational security headers and policies increases susceptibility to common web attacks such as clickjacking, content sniffing, and cross-site scripting. Compliance with GDPR and NIS2 regulations is substantially lacking, risking legal penalties and reputational damage due to missing privacy policies, cookie consent mechanisms, and security governance documentation. Email security mechanisms like DMARC and DKIM are partially implemented but not enforced, increasing phishing risks. While network security and DNS health appear relatively robust, the critical gaps in secure communication and regulatory adherence overshadow these strengths. Immediate remediation is essential to protect customer data, maintain trust, and ensure regulatory compliance. Failure to act promptly could result in data breaches, regulatory fines, and loss of customer confidence.

M

MTN Bénin

mtn.bj

54

The website exhibits a concerning overall security posture with several critical and high-risk vulnerabilities that expose the business to significant legal, reputational, and operational risks. The absence of HTTPS encryption is a critical flaw, undermining data confidentiality and integrity for all website visitors and users. The lack of foundational GDPR compliance elements, such as a privacy policy and cookie consent banner, further exposes the business to potential regulatory penalties and customer trust erosion. Additionally, the missing security frameworks and incident response plans highlight insufficient readiness to detect and mitigate cyber threats or respond effectively to security incidents. While email and network security postures are strong, fundamental gaps in web security headers and DNS configurations must be addressed. Immediate remediation is needed to protect customer data, ensure regulatory compliance, and safeguard business continuity. Without these improvements, the organization remains vulnerable to data breaches, legal actions, and reputational damage.

O

Opéra de Monte-Carlo

opera.mc

71

The website's overall security posture is currently at risk due to a critical vulnerability: the absence of HTTPS encryption, which compromises data confidentiality and user trust. While network security and email security measures are strong, several medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, and DNSSEC not being enabled expose the business to regulatory, operational, and reputational risks. The failure to implement essential security headers leaves the site vulnerable to common web attacks. Non-compliance with GDPR and NIS2 could result in legal penalties and fines. DNS vulnerabilities could allow domain hijacking or spoofing attacks, impacting service availability and customer confidence. Immediate remediation of HTTPS is crucial to protect sensitive data and maintain customer trust. Addressing these gaps will significantly improve the website's resilience against cyber threats and regulatory compliance posture.

F

fortepharmashop-int

fortepharma.com

48

The website's overall security posture reveals significant critical vulnerabilities that pose immediate risks to business operations and compliance. The absence of HTTPS encryption is a critical failure affecting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 requirements. Key governance frameworks, such as information security policies, incident response, and business continuity plans, are missing, undermining the organization's ability to manage and recover from security incidents. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking regulatory penalties and reputational damage. Network security and DNS health are relatively strong, but email security can be improved to reduce phishing and spoofing risks. Security headers are partially implemented but require strengthening to enhance protection against web-based attacks. Immediate remediation efforts should focus on establishing fundamental security controls and compliance documentation to safeguard the business and its customers.