Security Directory

S

SwissBorg

swissborg.com

53

The website exhibits a severely weak security posture with critical deficiencies in fundamental areas such as HTTPS encryption, GDPR compliance, and adherence to NIS2 cybersecurity directives. Absence of HTTPS encryption exposes data in transit to interception, posing significant risks to user privacy and trust. The lack of cookie policy and consent mechanisms highlights potential legal non-compliance risks under GDPR, increasing exposure to regulatory penalties. Security governance is notably inadequate, with missing incident response, vulnerability disclosure, and security policy documentation, creating vulnerabilities to cyber threats and operational disruptions. While network and email security appear strong, critical gaps in security headers and DNS configurations further weaken defenses. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and uphold the organization’s reputation. Without swift action, the business faces increased risk of data breaches, legal liabilities, and loss of customer confidence.

O

OptimaT

optimat.be

46

The website's security posture is currently at high risk, with multiple critical and high-severity issues that directly impact business operations and regulatory compliance. Notably, the absence of HTTPS encryption exposes sensitive data to interception, undermining user trust and violating legal requirements such as GDPR and NIS2. Missing key security headers (Strict-Transport-Security, X-Frame-Options, Content-Security-Policy) increases vulnerability to common web attacks. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses significant legal and reputational risks, especially for EU customers. Additionally, the organization lacks foundational information security frameworks, incident response procedures, and business continuity plans, indicating immature security governance. Although email security and network security show moderate to good standing, critical gaps in SSL/TLS and GDPR compliance drastically overshadow these positives. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and secure business operations. The overall security readiness score reflects urgent need for comprehensive security improvements and policy implementations.

The website’s overall security posture is currently weak and exposes the business to significant risks, especially regarding data protection and regulatory compliance. Critical vulnerabilities exist due to the absence of HTTPS encryption, which impacts user data confidentiality and violates GDPR and NIS2 requirements. The lack of essential privacy documentation, including a Privacy Policy, Cookie Policy, and consent mechanisms, further exacerbates compliance risks and may lead to legal penalties. Additionally, the absence of a formal information security framework, incident response, and business continuity plans indicates immature security governance. While network security and email security show relatively better scores, critical gaps in headers and DNS configurations remain. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and avoid regulatory fines. Without urgent action, the business faces heightened exposure to cyber threats, data breaches, and substantial reputational damage.

C

Capefront Energies

naurexgroup.com

48

The website exhibits a poor overall security posture with critical vulnerabilities significantly impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical failure, exposing user data to interception and undermining trust. Missing key security headers such as Content-Security-Policy and X-Frame-Options increase the risk of cross-site scripting and clickjacking attacks. GDPR compliance is insufficient due to the lack of a cookie consent banner and incomplete privacy policy, risking regulatory penalties and reputational damage. The site also lacks essential NIS2 mandate elements including security policies, incident response procedures, and a vulnerability disclosure policy, indicating immature cybersecurity governance. Email security gaps, notably the missing DMARC record, increase the risk of phishing and email spoofing attacks. DNS security is relatively strong but could be improved with DNSSEC and CAA record implementation. Overall, urgent remediation is needed to protect customer data, ensure regulatory compliance, and maintain business continuity.

A

Arrow Monaco

arrowyacht.com

40

The website's overall security posture is critically weak, with multiple high and critical risk findings that expose the business to significant threats. The absence of HTTPS encryption is the most severe issue, jeopardizing data confidentiality and integrity, and violating compliance standards such as GDPR and NIS2. Key HTTP security headers are missing or misconfigured, increasing the risk of web-based attacks like clickjacking and cross-site scripting. GDPR compliance is notably deficient, lacking fundamental privacy policies and consent mechanisms, which can lead to legal and reputational consequences. The lack of an established information security framework, incident response procedures, and business continuity planning indicates an immature security governance posture. Network exposure of high-risk services like FTP and SSH further increases the attack surface. While email security and DNS health show moderate strength, critical gaps in encryption and policy frameworks present urgent risks. Immediate remediation is essential to protect sensitive data, maintain customer trust, and ensure regulatory compliance.

E

Engineering Search Firm

esf.careers

42

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and missing key security headers leave user data vulnerable to interception and attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including privacy policies and cookie consent mechanisms, further increases legal exposure. Additionally, there is a severe deficiency in adherence to NIS2 requirements, with no security frameworks, incident response plans, or security policies documented. While network security and email security show relatively strong scores, foundational SSL/TLS protections and DNS security features like DNSSEC are inadequate or missing. Immediate remediation is essential to protect sensitive customer information, comply with regulations, and maintain trust. Without swift action, the business risks financial penalties and operational disruptions.

F

FlyPrivate

flyprivate.com

50

The website’s current security posture exhibits significant vulnerabilities that expose the business to substantial risks, particularly due to the absence of HTTPS encryption which is flagged as critical across multiple compliance frameworks including GDPR, NIS2, and SSL/TLS standards. Key security controls such as Content-Security-Policy and X-Frame-Options headers are missing, increasing the risk of web-based attacks like clickjacking and cross-site scripting. Compliance with GDPR is severely lacking, with no cookie policy or consent mechanism in place, potentially exposing the business to regulatory fines and reputational damage. Additionally, the absence of documented security policies, incident response procedures, and vulnerability disclosure mechanisms under NIS2 requirements indicates immature information security governance. While email and network security are strong points, foundational gaps in encryption and security headers undermine overall defenses. The DNS configuration is moderately healthy but could be improved with DNSSEC and CAA records. Immediate remediation is needed to protect customer data, ensure regulatory compliance, and safeguard business continuity. Without prompt action, the business faces operational disruptions, legal penalties, and loss of customer trust.

B

BW Offshore

bwoffshore.com

40

The website exhibits a severely weak security posture with multiple critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes all data exchanges to interception. There is a substantial lack of essential security policies and controls, including GDPR compliance mechanisms such as privacy and cookie policies, as well as NIS2 framework adherence, which increases legal and operational risks. Numerous high-risk network services are openly exposed, significantly raising the risk of unauthorized access and data breaches. Security header configurations are insufficient, missing critical protections like Content-Security-Policy, increasing susceptibility to web-based attacks. While email security scores well, the overall infrastructure shows critical gaps in encryption, policy documentation, and incident response readiness. This situation poses immediate threats to data confidentiality, regulatory compliance, and business continuity. Immediate remediation is necessary to protect customer data, maintain trust, and comply with legal obligations. Without rapid action, the organization faces potential data breaches, regulatory fines, and reputational damage.

T

TC Stratégie Financière (TCSF)

tcsf.mc

47

The website’s overall security posture is critically weak, with multiple fundamental issues exposing the business to significant risks. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality, integrity, and trust, impacting compliance with GDPR and NIS2 regulations. Key security headers are missing or misconfigured, increasing the risk of web-based attacks such as clickjacking and cross-site scripting. Additionally, the lack of privacy and cookie policies, along with no cookie consent mechanism, exposes the business to regulatory fines and reputational damage under data protection laws. The absence of formal information security frameworks, incident response plans, and business continuity procedures further increases operational risk. While email security and network security show relatively better scores, the critical gaps in foundational web and regulatory compliance controls must be urgently addressed. Immediate remediation of HTTPS, security policies, and compliance documentation is essential to reduce legal and security risks. Overall, the business should prioritize establishing a robust security baseline aligned with regulatory mandates to protect customers and organizational assets.

The website's overall security posture is concerning due to the presence of a critical vulnerability: the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, absence of DKIM records for email, and disabled DNSSEC further increase the risk of data breaches, regulatory penalties, and email spoofing. Although network security is strong, these gaps significantly undermine trust and may lead to reputational damage and legal consequences. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and secure communication channels. Addressing these issues will strengthen the security framework and help safeguard business operations against escalating cyber threats. Without prompt action, the organization remains vulnerable to data interception, phishing, and regulatory fines. Investing in security improvements will improve stakeholder confidence and reduce potential financial and operational risks.

G

GrowUp Consulting

growup-hr.com

44

The website demonstrates significant security deficiencies, particularly a complete lack of HTTPS encryption, which poses critical risks to data confidentiality and user trust. Missing essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy increase vulnerability to common web attacks including clickjacking and cross-site scripting. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the business to regulatory non-compliance and potential legal penalties under GDPR. Furthermore, critical gaps in security governance, including missing information security frameworks, incident response procedures, and security policy documentation, indicate immature cybersecurity management. While email security and network security posture are strong, the overall security posture is weak, making the business susceptible to data breaches, reputational damage, and compliance violations. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and safeguard business continuity. Prioritizing HTTPS implementation and establishing a comprehensive security and privacy framework will significantly enhance risk mitigation. DNS security and some network controls are adequate but insufficient to compensate for the critical issues identified.

The website's overall security posture exhibits significant vulnerabilities that could expose the business to substantial risks. The absence of HTTPS encryption is a critical flaw, jeopardizing data confidentiality and user trust. Several medium-level issues, including missing security headers, inadequate GDPR compliance, lack of DNSSEC, and missing DKIM records, further increase exposure to data breaches and regulatory penalties. While the network security posture is strong, foundational web security controls need urgent attention to protect sensitive data and maintain compliance. Addressing these issues promptly will enhance customer confidence and reduce the risk of cyberattacks and legal repercussions. The current lack of key security protocols may also negatively impact SEO rankings and brand reputation. Immediate remediation of the critical SSL/TLS deficiency should be prioritized, followed by strengthening email and DNS security measures. Ensuring compliance with GDPR and NIS2 directives will safeguard against regulatory fines and improve overall security governance.

The website's security posture is concerning, primarily due to the absence of HTTPS encryption, which critically exposes all data transmissions to interception and manipulation. Several medium-severity issues, including failures in implementing key security headers, GDPR and NIS2 compliance gaps, and missing DNS security features, indicate an elevated risk of data breaches and regulatory non-compliance. Email security measures are partially implemented but lack critical components like DKIM and DMARC reporting, increasing susceptibility to spoofing and phishing attacks. Network security is moderately strong but exposing SSH services publicly can be an entry point for attackers. Overall, the site is vulnerable to both external cyber threats and legal/regulatory repercussions, necessitating immediate remedial action to protect business operations and customer trust.

E

Elkho Group

elkho-group.com

44

The website's overall security posture is critically weak, with multiple high and critical severity issues identified across core security domains. The absence of HTTPS encryption is the most severe vulnerability, exposing all communications to interception and undermining GDPR compliance. Missing key security headers such as Strict-Transport-Security and Content-Security-Policy further increase the risk of web-based attacks like man-in-the-middle, clickjacking, and cross-site scripting. The lack of GDPR-mandated elements like a cookie policy and consent banner exposes the business to regulatory penalties and reputational damage. Additionally, there is a significant deficiency in compliance with the NIS2 directive, with no documented security policies, incident response, or information security framework in place. While email security and DNS health show some strengths, critical gaps remain, including DMARC enforcement and DNSSEC configuration. Immediate remediation is essential to protect sensitive customer data, ensure regulatory compliance, and maintain customer trust. Without prompt action, the business faces increased risk of data breaches, legal sanctions, and operational disruption.

V

Vertex Pharmaceuticals

vrtx.com

42

The website's overall security posture is currently weak and exposes the business to significant risks, especially regarding data protection and regulatory compliance. Critical issues such as the absence of HTTPS encryption severely compromise data confidentiality and trustworthiness. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses legal and reputational risks. Additionally, essential cybersecurity frameworks and incident response plans required by NIS2 are missing, indicating unpreparedness for cyber incidents. Email security protocols are partially implemented but require strengthening to prevent phishing and spoofing attacks. DNS-related vulnerabilities, including potential subdomain takeover and missing DNSSEC, increase attack surface exposure. While network security is strong, foundational security controls like security headers are incomplete, further increasing vulnerability to common web-based attacks. Immediate remediation is crucial to safeguard customer data, ensure regulatory compliance, and protect brand reputation.

F

Frank Europe GmbH

frankeurope.com

53

The website's overall security posture presents significant concerns, particularly regarding foundational protections and regulatory compliance. Critical issues such as the lack of HTTPS encryption severely expose user data to interception and compromise trust. GDPR compliance is markedly deficient, posing legal and reputational risks due to missing cookie policies, consent mechanisms, and inadequate privacy documentation. The absence of a formal information security framework and incident response plans under NIS2 regulations further escalates operational and compliance vulnerabilities. While network security and email security scores are relatively strong, the missing security headers and weak configurations increase susceptibility to web-based attacks. DNS health is adequate but could be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is essential to protect sensitive data, maintain customer confidence, and avoid regulatory penalties. Addressing these gaps will also enhance the company’s resilience against cyber threats and align security practices with industry standards.

D

DEF

def-online.com

43

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation, undermining both GDPR and NIS2 compliance. Multiple critical and high-severity issues related to missing security headers and lack of key security governance frameworks further expose the business to risks such as clickjacking, cross-site scripting, and data breaches. The absence of privacy and cookie policies, alongside missing consent mechanisms, significantly increases legal and regulatory exposure under GDPR. Additionally, the lack of documented security policies, incident response procedures, and business continuity planning suggests poor operational preparedness for cyber incidents. While email security and DNS health scores indicate some controls are in place, critical gaps remain that could lead to reputational damage, financial penalties, and loss of customer trust. Immediate remediation is essential to safeguard sensitive data, ensure regulatory compliance, and maintain business continuity. Overall, the website requires a comprehensive security overhaul to align with industry best practices and legal requirements.

A

AFIM S.A.M.

afim.mc

37

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental flaw, severely undermining confidentiality and trust. Missing key security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options further increase vulnerability to common web attacks like clickjacking, cross-site scripting, and data interception. Additionally, the lack of GDPR compliance elements such as privacy policies and cookie consent mechanisms could lead to legal penalties and customer trust erosion. The absence of an information security framework, incident response plans, and vulnerability disclosure policies highlights poor organizational security maturity. Email security is also lacking due to missing DMARC and DKIM records, increasing phishing and spoofing risks. While network security and DNS health show relative strength, critical gaps overshadow these positives. Immediate remediation is essential to protect business assets and customer data effectively.

S

Siamp

siamp.com

40

The website's security posture is currently poor, with multiple critical and high-risk vulnerabilities that expose the business to significant cyber threats and regulatory non-compliance. The absence of HTTPS encryption is the most critical issue, risking data interception and eroding customer trust. Missing key security headers and lack of a Content-Security-Policy increase susceptibility to cross-site scripting and clickjacking attacks. Non-compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent, and incident response plans, could lead to legal penalties and reputational damage. Email security protocols are partially implemented but require improvement to prevent spoofing and phishing. DNS security practices are moderate but could be enhanced by enabling DNSSEC and configuring CAA records. While the network security posture is strong, foundational web and regulatory security gaps need urgent addressing to protect business operations and customer data effectively.

E

Eve Media

evemedia.fr

40

The website's security posture is critically weak, exposing the business to significant cybersecurity risks and regulatory non-compliance. Key deficiencies include the complete absence of HTTPS encryption, which jeopardizes data confidentiality and integrity in transit, and missing fundamental security headers that protect against common web attacks. The lack of GDPR compliance, such as no privacy or cookie policies and no consent mechanisms, places the business at risk of severe legal penalties, especially as it operates within the EU. Additionally, there is no established information security framework, incident response plan, or security policy documentation, which undermines the organization's ability to manage and respond to security incidents effectively. Email authentication is also poorly configured, increasing the likelihood of phishing attacks and email spoofing. While the network security posture and DNS health show some strengths, these are overshadowed by critical systemic vulnerabilities. Immediate remediation is essential to protect customer data, maintain trust, and comply with regulatory requirements.

The website's security posture is currently weak and exposes the business to significant risks, particularly due to the absence of HTTPS encryption, which is flagged as a critical vulnerability across multiple modules. Compliance with GDPR and NIS2 regulations is severely lacking, with missing privacy policies, cookie consent mechanisms, and critical security governance documentation, increasing legal and operational risks. While network security measures are strong, foundational issues like missing security headers and insufficient email authentication mechanisms exist. The lack of an incident response plan and business continuity strategy could lead to prolonged downtime or data breaches. DNS security is moderate but can be improved by enabling DNSSEC and configuring CAA records. Overall, urgent remediation is required to protect sensitive customer data, maintain regulatory compliance, and uphold business reputation. Immediate attention to encryption, privacy policies, and security governance will have the highest impact. This situation presents both compliance and reputational risks that could result in fines, customer loss, and operational disruptions if not addressed promptly.

S

Silva International Investments

silvainternational.com

38

The website's overall security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption is a fundamental flaw, undermining data confidentiality and trust, and contravening GDPR requirements. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, XSS, and content injection. Furthermore, the lack of privacy and cookie policies, alongside missing consent mechanisms, exposes the company to regulatory fines and legal challenges under data protection laws. Critical internal security controls and documentation, including incident response and information security frameworks, are absent, leaving the organization vulnerable to cyber incidents and operational disruptions. The exposure of sensitive services like FTP and PostgreSQL to the internet presents high-risk attack vectors that can lead to data breaches. Although email security and DNS health show moderate maturity, critical gaps like unenforced DMARC and missing DNSSEC reduce overall resilience. Immediate remediation is essential to protect customer data, maintain compliance, and safeguard business continuity.

The website exhibits significant security vulnerabilities that could expose the business to operational disruptions, data breaches, and regulatory non-compliance. Critical DNS issues, including resolution failures and domain registration problems, pose immediate risks of service outages and potential domain hijacking. The absence of key email security measures, such as DKIM records, increases the likelihood of phishing attacks impacting brand reputation. Additionally, the failure to implement essential security headers and GDPR compliance measures indicates gaps in data protection and privacy practices, which may lead to legal penalties. While SSL/TLS configurations are robust, other foundational security controls need urgent attention. Network security weaknesses further compound the risk of unauthorized access. Overall, the current posture demands swift remediation to safeguard business continuity, maintain customer trust, and ensure regulatory adherence.

E

e-Celtic Ltd.

eceltic.ie

54

The website's overall security posture is weak, with critical and high-severity issues indicative of significant vulnerabilities and compliance gaps. Missing key security headers such as Strict-Transport-Security and Content-Security-Policy expose the site to various web-based attacks, including man-in-the-middle and clickjacking. The absence of GDPR-required privacy documentation and consent mechanisms poses considerable legal and reputational risks, especially for EU operations. Lack of an information security framework, incident response plan, and security policies reflects poor organizational security maturity, further increasing exposure to threats. Network security is compromised by the presence of high-risk services like FTP and exposed SSH, which can be exploited if left unprotected. SSL/TLS configurations are suboptimal, with expiring certificates and mixed content issues undermining user trust and data confidentiality. While email security scores well, other critical areas demand immediate attention to safeguard business continuity and regulatory compliance. Addressing these gaps will reduce risk, protect customer data, and enhance stakeholder confidence.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected, but several high and medium risk issues pose significant compliance and operational risks. Key deficiencies exist in GDPR compliance, including absence of privacy and cookie policies and lack of consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of a documented information security framework, incident response procedures, and security policies under NIS2 guidance further elevates operational risk and may impact business continuity. Security headers are partially implemented but require strengthening to prevent common web-based attacks. Email security is adequate but could be improved to prevent phishing and spoofing. TLS and DNS configurations are generally solid but need timely certificate renewal and enhanced protections like DNSSEC. Network security posture is strong. Addressing these issues promptly will reduce regulatory exposure, enhance customer trust, and improve resilience against cyber threats.

The website's overall security posture is currently at significant risk, primarily due to critical issues related to DNS health and email security. The failure in DNS resolution and absence of name servers critically impair website availability and expose the domain to potential hijacking or downtime, directly impacting business operations and customer trust. Email authentication is not configured, increasing the risk of phishing attacks, email spoofing, and reputational damage. Medium issues such as missing security headers, GDPR and NIS2 compliance failures, and lack of DNSSEC implementation further increase vulnerability to data breaches and regulatory penalties. While SSL/TLS configuration is strong and network security shows reasonable resilience, the fundamental infrastructure weaknesses must be addressed immediately. The absence of domain registration stability compounds these risks, threatening the website's accessibility and legal standing. Immediate remediation is essential to protect business continuity, customer data, and regulatory compliance. Without prompt action, the company faces operational disruption, legal exposure, and reputational harm.

M

Miells - Christie's

miells.com

63

The website's overall security posture reveals significant weaknesses in compliance, network security, and incident preparedness, posing considerable legal and operational risks. While foundational protections such as email security and some security headers score moderately well, critical exposure of backend services like MySQL and FTP dramatically increase the risk of unauthorized access and data breaches. The absence of GDPR-mandated policies and consent mechanisms exposes the business to regulatory penalties and reputational damage. Additionally, the lack of a formal information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. SSL/TLS configurations are suboptimal and could undermine user trust and data confidentiality. DNS security measures are partially implemented but could be strengthened. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and safeguard business continuity.

N

New Jet

newjet.com

57

The website's overall security posture is concerning, with no critical issues but numerous high and medium severity vulnerabilities that expose the business to compliance risks, data breaches, and operational disruptions. Key security headers are missing, reducing protection against common web attacks and data leakage. GDPR compliance is severely lacking, with the absence of privacy and cookie policies and consent mechanisms, exposing the company to potential regulatory fines and reputational damage. The absence of an established information security framework, incident response procedures, and security policies indicates immature security governance, which could delay response to cyber incidents. Network security is weakened by the exposure of high-risk services such as FTP and SSH, increasing the attack surface. While email security, SSL/TLS, and DNS health scores are relatively better, there remain medium risks like expiring certificates and missing DNSSEC that should be addressed. Immediate remediation and governance improvements are critical to protect customer data, ensure regulatory compliance, and maintain business continuity.

C

Caroline Olds Real Estate

carolineolds.com

68

The website demonstrates a concerning security posture with no critical issues but multiple high and medium risk vulnerabilities, primarily related to missing security headers, insufficient GDPR compliance, and lack of key NIS2 security frameworks. The absence of crucial HTTP security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks, clickjacking, and cross-site scripting risks. GDPR non-compliance, including the lack of a cookie consent banner and incomplete privacy policies, poses legal and reputational risks, especially in jurisdictions enforcing data protection laws. Additionally, the site lacks documented security policies, incident response plans, and business continuity procedures required under the NIS2 directive, increasing operational risk and regulatory exposure. SSL/TLS configurations are suboptimal, with weak key lengths and impending certificate expiry risking data confidentiality and trust. DNS security is moderate but could be strengthened by enabling DNSSEC and configuring CAA records. While email and network security appear robust, the overall low scores in security headers and NIS2 compliance indicate urgent remediation is necessary to protect business assets and maintain customer trust.

T

TWW Yachts

twwyachts.com

57

The website exhibits multiple significant security gaps that pose risks to data protection, regulatory compliance, and business continuity. While no critical issues were found, 11 high-severity and 14 medium-severity findings indicate vulnerabilities in key areas such as security headers, GDPR compliance, network security, and incident response readiness. Essential security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to man-in-the-middle and cross-site scripting attacks. GDPR compliance is inadequate, with no privacy policy or cookie consent banner, which could lead to legal penalties and reputational damage. Network security risks are heightened by the exposure of high-risk services like FTP and insufficient protection in email and SSL/TLS configurations. The absence of a formal information security framework, security policies, and incident response procedures presents significant operational risks. Overall, the organization's security posture requires urgent attention to protect customer data, ensure regulatory compliance, and reduce exposure to cyber threats.

L

LEVMET

levmet.com

62

The website displays a concerning security posture with no critical issues but multiple high and medium-risk vulnerabilities primarily related to compliance, policy documentation, and security headers. GDPR compliance is notably weak, lacking fundamental privacy and cookie policies, consent mechanisms, and adequate contact information, exposing the business to regulatory penalties and reputational damage. The absence of an information security framework, incident response procedures, and security policy documentation indicates immature governance, increasing operational risk and potential downtime. Weak SSL configurations and missing email authentication mechanisms could lead to data interception and phishing risks. DNS and network security appear relatively strong, with good DNS health and network posture. Immediate remediation is necessary to address privacy and policy gaps to ensure regulatory compliance and protect customer trust. Strengthening security headers and cryptographic configurations will enhance protection against common web attacks. Overall, the website requires focused improvements in governance, compliance, and technical controls to reduce business risk and meet industry standards.

The website demonstrates a generally strong security posture with no critical or high-risk vulnerabilities detected. SSL/TLS and network security modules are fully optimized, reflecting well on encrypted communications and infrastructure protection. However, medium-level issues in security headers, GDPR compliance, NIS2 compliance, email security (missing DKIM), and DNS health (lack of DNSSEC) present moderate risks that could impact data privacy, regulatory adherence, and phishing resilience. Low-level issues such as missing CAA records are minor but should be addressed to enhance certificate issuance control. Addressing these medium risks will improve overall trustworthiness, regulatory compliance, and reduce attack surface. Immediate remediation efforts focused on regulatory and email authentication will yield significant business benefits. Overall, the organization is positioned securely but must prioritize compliance and DNS/email improvements to mitigate potential threats and regulatory penalties.

H

Hermaion Capital

hermaioncapital.com

44

The website exhibits a concerning overall security posture with multiple critical and high-severity issues across key domains such as SSL/TLS, email authentication, network security, and compliance frameworks. Critical vulnerabilities like an invalid SSL certificate, exposed critical services (MySQL and FTP), and missing email authentication significantly increase the risk of data breaches, service disruption, and reputational damage. Furthermore, the absence of GDPR compliance elements such as privacy and cookie policies, along with lacking incident response and security documentation per NIS2 requirements, exposes the business to regulatory penalties and operational risks. Security headers are inadequately configured, reducing protection against common web-based attacks. While DNS health is relatively strong, other foundational controls like HSTS and DNSSEC are missing or misconfigured. Immediate remediation is necessary to strengthen trust with users, ensure regulatory compliance, and protect sensitive business information from cyber threats. Without swift action, the business faces elevated risk of exploitation, compliance fines, and loss of customer confidence.

O

Oxygen Aviation Ltd

oxygenaviation.com

61

The website exhibits significant security and compliance gaps, particularly in foundational security headers, GDPR adherence, and NIS2 regulatory requirements. Although there are no critical vulnerabilities, multiple high and medium severity issues expose the business to increased risk of data breaches, regulatory penalties, and reputational damage. Key weaknesses include missing essential HTTP security headers, absence of cookie policies and consent mechanisms, and lack of documented information security and incident response procedures. Additionally, outdated or expiring SSL certificates and exposed high-risk services like FTP further elevate the risk profile. While email security and DNS health show generally better scores, the overall security posture is weak, especially around compliance and network security frameworks. Immediate attention is needed to close these gaps to protect customer data, ensure regulatory compliance, and maintain business continuity. Proactive remediation will reduce attack surface and demonstrate commitment to cybersecurity best practices to stakeholders and regulators.

The website demonstrates significant security gaps across multiple critical areas, including web security headers, GDPR compliance, and NIS2 regulatory adherence, resulting in an overall weak security posture. While network security is robust, key SSL/TLS configurations are outdated and vulnerable, increasing the risk of data interception and compromise. Absence of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to common web-based attacks like clickjacking and cross-site scripting. The lack of privacy policies, cookie consent mechanisms, and third-party privacy oversight creates substantial legal and reputational risks under GDPR requirements. Additionally, missing incident response, security policy documentation, and vulnerability disclosure procedures undermine the organization's ability to manage and respond to security incidents effectively. DNS security issues, notably the potential subdomain takeover and missing DNSSEC, further elevate risk exposure. Immediate improvements are necessary to protect customer data, maintain regulatory compliance, and safeguard business continuity.

R

RichRelevance

richrelevance.com

66

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity vulnerabilities, particularly in compliance and security policy domains. Key gaps exist in GDPR compliance, notably missing cookie policy and consent mechanisms, exposing the business to regulatory and reputational risks. The absence of a formal information security framework, incident response procedures, and security policy documentation indicates immature organizational security governance, raising operational risk. Security headers and TLS configurations are partially implemented but require strengthening to prevent common web-based attacks. Email security mechanisms like DMARC and DKIM are incomplete, increasing phishing risks. DNS and network security are relatively strong, providing a solid foundation. Addressing these issues will improve regulatory compliance, reduce breach likelihood, and enhance customer trust.

S

Stajvelo

stajvelo.com

68

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory penalties, and operational disruptions. While no critical vulnerabilities were detected, several high-severity issues, particularly missing key security headers and absence of essential security policies, indicate weak defense mechanisms. Compliance with GDPR and NIS2 regulations is notably insufficient, risking legal and reputational damage. Network security concerns, such as exposed high-risk services like FTP, further increase the attack surface. SSL/TLS and email security configurations are relatively strong but require minor improvements. Immediate attention to security governance, incident response, and user privacy controls is essential to protect customer data and ensure business continuity. Investing in these areas will reduce risk exposure and strengthen stakeholder trust. Overall, the business should treat these findings as urgent priorities to maintain regulatory compliance and operational resilience.

A

AMN Healthcare

amnhealthcare.com

93

The website demonstrates a generally strong security posture with no critical or high-level issues detected. Key strengths include a perfect SSL/TLS implementation and a robust network security posture, minimizing risks from transport layer attacks and network vulnerabilities. However, medium severity issues related to missing or misconfigured security headers, GDPR and NIS2 compliance gaps, and email security weaknesses such as non-enforcing DMARC policies pose notable risks. DNS health is also a concern due to the absence of DNSSEC and missing CAA records, which could expose the domain to DNS spoofing and unauthorized certificate issuance. Addressing these medium and low-level issues will improve regulatory compliance, protect user data, and strengthen defenses against phishing and DNS attacks. Overall, the site is secure but would benefit from targeted improvements in headers, email policies, and DNS configurations to mitigate potential exploitation vectors. Prioritizing these enhancements will align the website with best practices and regulatory requirements, reducing business risks and enhancing customer trust.

M

Monaco Business Solutions (MBS)

mbs.mc

67

The website demonstrates a moderate overall security posture with no critical vulnerabilities but multiple high and medium risk issues that pose significant business and compliance risks. Key deficiencies include missing essential security headers, inadequate GDPR compliance due to absence of privacy policies and cookie consent mechanisms, and substantial gaps in NIS2 regulatory requirements such as lack of incident response plans and security documentation. Network security is impaired by exposure of high-risk services like FTP, increasing the attack surface. While email security, SSL/TLS, and DNS health scores are relatively strong, issues such as an expiring SSL certificate and mixed content could undermine user trust. The absence of a comprehensive information security framework and vulnerability disclosure process further expose the business to potential data breaches and regulatory penalties. Immediate remediation is necessary to strengthen legal compliance, protect customer data, and reduce operational risks associated with cyber threats.

A

ASCOMA

ascoma.com

72

The website's overall security posture reveals significant compliance and network security deficiencies that pose considerable business risks. While foundational elements like email security and SSL/TLS configurations score well, critical vulnerabilities exist such as exposure of a critical MySQL service and lack of incident response and security policy documentation. GDPR compliance is notably weak with missing cookie policies and consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of a structured information security framework and vulnerability disclosure policy further weakens the organization's resilience against cyber threats. Network security is compromised due to high-risk and critical services being exposed unnecessarily. Additionally, DNS and security headers require enhancements to improve defense-in-depth. Immediate remediation is essential to reduce attack surfaces, comply with regulations, and protect sensitive data, thereby safeguarding business continuity and customer trust.

A

AEG

aegworldwide.com

73

The website demonstrates a mixed security posture with no critical vulnerabilities but multiple high and medium risk issues, particularly in compliance and governance areas. Key deficiencies exist in GDPR compliance, including absence of cookie policies and consent mechanisms, raising potential legal and reputational risks. Security governance is also weak, lacking essential NIS2 framework elements such as security policies, incident response, and business continuity planning, which could impair incident management and regulatory adherence. Technical security controls like security headers and SSL/TLS configurations need improvement to reduce attack surfaces. DNS and network security are relatively strong, and email security is fully compliant. Overall, the site is vulnerable to regulatory penalties, data exposure, and operational risks if these gaps remain unaddressed. Immediate remediation is vital to strengthen defenses, ensure compliance, and protect business continuity.

T

Tennant Metals

tennantmetals.com.au

75

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but several high and medium-risk issues that could expose the business to significant risks. Key security headers are missing, such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy, increasing susceptibility to common web attacks like clickjacking and man-in-the-middle attacks. Compliance gaps related to GDPR and NIS2 frameworks highlight insufficient data protection policies, lack of incident response procedures, and absence of documented security policies, which could lead to regulatory penalties and operational disruptions. While SSL/TLS and DNS configurations are generally strong, the absence of HSTS and DNSSEC reduces communication security and trustworthiness. The company benefits from strong email and network security, but overall low scores in governance and security policy areas present material business risks. Immediate remediation is necessary to prevent data breaches, maintain customer trust, and ensure regulatory compliance. Addressing these weaknesses will enhance resilience, reduce liability, and safeguard the organization’s reputation.

A

Aether Ltd

aether-uk.com

66

The website exhibits a moderate to weak overall security posture, with no critical vulnerabilities but several high and medium-risk issues that could expose the organization to data breaches, regulatory non-compliance, and operational disruptions. Major gaps exist in security header configurations, GDPR compliance, and adherence to NIS2 cybersecurity framework requirements. The absence of essential headers like Strict-Transport-Security and Content-Security-Policy increases the risk of man-in-the-middle and cross-site scripting attacks. GDPR-related deficiencies, including missing cookie policies and consent mechanisms, expose the business to potential legal penalties and reputational damage. The lack of documented security policies, incident response plans, and business continuity strategies severely undermines the organization’s preparedness against cyber incidents. SSL/TLS, email security, and DNS health show relatively strong scores, providing a solid foundation for encrypted communications and domain integrity. Immediate remediation of high-impact vulnerabilities combined with establishing governance frameworks will significantly enhance security resilience and regulatory compliance. Ongoing monitoring and periodic reassessments are recommended to maintain and improve security posture over time.

M

MTN CI

mtn.ci

53

The website exhibits significant security weaknesses, particularly in foundational areas such as security headers, GDPR compliance, and NIS2 regulatory adherence. While no critical vulnerabilities were found, numerous high-severity issues indicate a substantial risk to both data protection and regulatory compliance, exposing the business to potential legal and reputational damage. The lack of essential security headers and policies increases susceptibility to web-based attacks, while missing privacy and cookie policies risk non-compliance with data protection laws. Email security measures are partially implemented but require improvements to prevent spoofing. SSL/TLS configurations are suboptimal, with weak keys and imminent certificate expiry, threatening secure communications. DNS and network security are relatively strong but cannot compensate for the other systemic weaknesses. Immediate remediation is necessary to safeguard customer data, maintain trust, and align with regulatory requirements.

The website demonstrates a generally strong security posture in network security and SSL/TLS implementations, reflecting good foundational practices. However, significant gaps exist in email authentication, with a critical issue of no email authentication configured and missing DKIM records, exposing the business to email spoofing and phishing risks. Security headers are not adequately implemented, increasing vulnerability to common web attacks. Compliance-related checks for GDPR and NIS2 have failed, which could lead to regulatory penalties and impact business reputation. DNS security is moderate, with DNSSEC not enabled, increasing risks of DNS spoofing or cache poisoning attacks. Low-risk issues such as missing CAA records should be addressed to further harden DNS configurations. Overall, while core infrastructure is solid, key security and compliance controls require immediate attention to mitigate risks and protect business assets and trust.

The website demonstrates a generally strong security posture with no critical or high-severity issues detected. Core security areas such as email security, SSL/TLS configurations, and overall network security are well implemented, scoring a perfect 100. However, medium-level issues related to missing or misconfigured security headers, GDPR compliance, NIS2 adherence, and disabled DNSSEC indicate gaps that could expose the business to compliance risks and potential targeted attacks. The absence of DNSSEC and CAA records slightly lowers DNS health, which while not immediately critical, could affect domain integrity and trust. Addressing these medium and low-level issues will enhance regulatory compliance, protect customer data, and strengthen defense against DNS-related threats. Proactively resolving these gaps will also reduce potential reputational and financial risks. Overall, the site is secure but requires focused improvements in headers, regulatory compliance, and DNS configurations to reach a robust security standard.

The website’s security posture shows significant weaknesses, particularly in key HTTP security headers and compliance with GDPR and NIS2 regulations. Critical and high-severity issues such as lack of email authentication, missing incident response and security policy documentation, and absent privacy and cookie policies expose the business to regulatory penalties, brand damage, and increased cyber risk. While network security and TLS configurations are relatively strong, foundational controls like Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options headers are missing, increasing susceptibility to common web attacks. The absence of GDPR-required elements like a privacy policy and cookie consent banner further elevates compliance risks. Email security is critically deficient without authentication mechanisms, risking phishing and domain spoofing. Overall, the company must urgently address governance, policy documentation, and web security controls to reduce exposure and meet regulatory standards. Without swift remediation, the business faces operational disruptions, legal liabilities, and reputational harm.

M

Monachem Specialities LLP

monachem.com

58

The website demonstrates significant security and compliance gaps that expose the business to data breaches, regulatory penalties, and reputational damage. While network security and SSL/TLS configurations are relatively strong, foundational security headers are largely missing, increasing risks of client-side attacks such as clickjacking and cross-site scripting. GDPR compliance is notably deficient, lacking essential privacy policies and consent mechanisms, which could lead to legal and financial consequences. The absence of an information security framework, incident response plans, and security documentation reflects poor organizational preparedness for cyber incidents. Email security measures are partially implemented but require improvements to prevent phishing and spoofing threats. DNS security is moderate but can be enhanced to protect domain integrity. Overall, the website’s current posture demands urgent remediation of critical governance and technical controls to safeguard business operations and customer trust.

K

KK Superyachts

kk-superyachts.com

68

The website exhibits a generally strong network security posture and solid email security and SSL/TLS configurations, reflecting well on foundational security practices. However, critical gaps exist in compliance with GDPR and NIS2 regulatory frameworks, which pose significant legal and reputational risks. Notably, the absence of privacy and cookie policies, along with missing cookie consent mechanisms, undermines user trust and exposes the business to regulatory penalties. The lack of an established information security framework, security policy documentation, and incident response procedures indicates insufficient organizational readiness for managing cyber incidents. Missing key HTTP security headers like Content-Security-Policy further increases the risk of client-side attacks. While some medium and low-level issues exist, the high-severity compliance and governance deficiencies should be prioritized to safeguard business continuity and legal compliance. Addressing these gaps will not only enhance security but also improve customer confidence and regulatory standing.

The website’s overall security posture is stable with no critical or high-risk issues detected. Key areas such as SSL/TLS and network security are strong, scoring 100/100, indicating robust encryption and network defenses. However, there are medium-level concerns primarily around missing security headers, incomplete GDPR and NIS2 compliance checks, and email security gaps such as the absence of DKIM records. DNS health is adequate but could be strengthened by enabling DNSSEC and configuring CAA records. These medium-level issues present moderate risk, potentially exposing the business to regulatory non-compliance, email spoofing, and DNS-related attacks. Addressing these will improve security resilience and reduce potential reputational and operational impacts. Overall, the organization is well-positioned but should prioritize compliance and email authentication improvements to mitigate medium-risk vulnerabilities.