Security Directory

C

Crédit Agricole

credit-agricole.com

52

The website exhibits serious security deficiencies, particularly the complete absence of HTTPS encryption, which critically exposes data in transit and undermines user trust. Compliance with GDPR and NIS2 regulations is severely lacking, with missing cookie policies, consent mechanisms, and essential security governance documentation, posing significant legal and operational risks. While network security and email security demonstrate relatively strong postures, foundational issues around encryption and policy frameworks significantly elevate the organization's exposure to data breaches and regulatory penalties. Security headers and DNS configurations are suboptimal but less urgent relative to the critical gaps. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and uphold the organization's reputation. Without urgent action, the business remains vulnerable to interception, data leakage, and potential loss of customer confidence. Prioritizing HTTPS implementation alongside privacy and incident response policies will substantially improve the security stance. Overall, the current posture demands urgent attention to align with industry best practices and regulatory mandates.

M

MARK

meyerbergman.com

53

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust and regulatory compliance. Key security headers are partially missing, reducing protection against common web attacks. GDPR compliance is severely lacking, with no cookie policy or consent mechanism, and insufficient privacy documentation, risking legal penalties and reputational damage. The NIS2-related controls are almost entirely absent, indicating a lack of fundamental security governance, incident response, and business continuity planning. While email and network security are strong, the critical gaps in encryption and governance overshadow these strengths. DNS security is moderate but could be improved to further harden the domain against tampering. Immediate remediation is necessary to protect customer data, comply with regulations, and maintain business continuity and trust.

B

Barnes I Valeri Agency

valeri-agency.com

43

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, compliance violations, and operational disruptions. The absence of HTTPS encryption, a fundamental security control, affects multiple compliance areas such as GDPR and NIS2, undermining user trust and legal standing. Key security headers vital for protecting against web-based attacks are missing, increasing vulnerability to exploits like clickjacking and content injection. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory penalties and reputational damage. The NIS2 framework requirements are largely unmet, with no documented security policies, incident response plans, or vulnerability disclosure processes, elevating risks of prolonged security incidents. Although email security and DNS health show relatively better scores, critical gaps such as non-enforced DMARC and disabled DNSSEC remain. The exposure of high-risk services like FTP further amplifies attack vectors. Immediate remediation is essential to protect customers, preserve brand integrity, and avoid legal consequences.

I

Indigo Books & Music Inc.

indigo.ca

54

The website's overall security posture reveals significant critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes data in transit to interception and compromises user trust. Compliance-related deficiencies are severe, with extremely low GDPR and NIS2 scores indicating non-compliance risks that could result in substantial regulatory penalties and reputational damage. While network security and email security are relatively strong, foundational security controls such as security headers are only moderately implemented and require improvement. The lack of formal security policies, incident response procedures, and vulnerability disclosure mechanisms further amplifies the organization's risk exposure. Additionally, missing cookie consent mechanisms and privacy policy issues threaten legal compliance with data protection laws. DNS health is good but can be enhanced by enabling DNSSEC to prevent DNS spoofing attacks. Immediate remediation is essential to protect sensitive user data, ensure regulatory compliance, and maintain business continuity.

2

2PM Monaco

2pmmonaco.com

45

The website's security posture is critically weak, with multiple severe vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is the most critical flaw, undermining data confidentiality and integrity. Key security headers are largely missing, increasing susceptibility to common web attacks such as clickjacking, XSS, and content injection. Compliance with GDPR and NIS2 regulations is severely inadequate, notably lacking privacy policies, cookie consent mechanisms, and documented security and incident response procedures. While email and network security show strengths, the overall security framework is fragmented and insufficient for protecting sensitive data or maintaining customer trust. Immediate remediation is essential to mitigate potential legal liabilities and safeguard business continuity. Addressing these issues will not only enhance security but also improve customer confidence and regulatory compliance. Without urgent action, the organization remains exposed to high-impact cyber threats and operational disruptions.

C

Christofle

christofle.com

53

The website's overall security posture is currently weak, with critical deficiencies severely impacting confidentiality and compliance. The absence of HTTPS encryption is a critical vulnerability affecting user data security, regulatory compliance (GDPR, NIS2), and trustworthiness, exposing the business to legal and reputational risks. Governance around security policies, incident response, and vulnerability management is largely missing, indicating immature cybersecurity processes. GDPR compliance is particularly poor, lacking cookie consent mechanisms and compliant privacy disclosures, which risks regulatory penalties. While email security and network security show reasonably strong implementations, foundational web security headers are incomplete, increasing exposure to content injection and data leakage attacks. DNS security is moderate but could be improved with DNSSEC and CAA records. Immediate remediation of critical issues is required to protect customer data, ensure regulatory compliance, and maintain business continuity.

C

Crédit Agricole Provence Côte d'Azur

ca-pca.fr

48

The website's overall security posture is concerning, with multiple critical and high-severity issues primarily related to GDPR compliance, missing HTTPS encryption, and lack of essential security policies. The absence of HTTPS encryption exposes all data transmissions to interception, posing severe risks to user privacy and trust. GDPR compliance gaps, including missing privacy and cookie policies and no consent mechanisms, expose the business to regulatory penalties and reputational damage, especially as it operates within the EU. Furthermore, the absence of a formal information security framework, incident response procedures, and vulnerability disclosure policies under NIS2 regulations reflects a significant maturity gap in security governance. While network security and DNS health receive relatively high scores, the lack of DNSSEC and DKIM configurations introduces risks for domain spoofing and email phishing. Security headers are generally well implemented but require enhancements to mitigate XSS and data leakage risks. Immediate remediation is critical to protect customer data, ensure regulatory compliance, and maintain business continuity.

H

Hoozin

hoozin.com

40

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability that undermines data confidentiality and trust, while missing essential security headers leave the site open to common web attacks such as clickjacking and cross-site scripting. GDPR compliance is severely lacking, with no cookie policy or consent mechanisms, creating legal exposure and reputational damage risks. Network security is compromised by the exposure of high-risk services like FTP and MySQL without adequate protections, increasing the attack surface. The lack of incident response, security policies, and business continuity planning under the NIS2 framework indicates immature security governance. Although email security and DNS health score relatively well, these strengths do not offset the critical deficiencies elsewhere. Immediate remediation is required to protect customer data, maintain regulatory compliance, and safeguard business continuity. Without urgent action, the organization risks financial penalties, loss of customer trust, and potential service outages.

W

Wyser

wyser-search.com

47

The website's current security posture is critically weak, with multiple severe vulnerabilities exposing it to significant risk. The absence of HTTPS encryption is a fundamental flaw, affecting data confidentiality and trust, and violates GDPR and NIS2 requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to common web attacks like XSS and protocol downgrade attacks. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory fines and reputational damage. The absence of documented information security frameworks, security policies, and incident response procedures indicates immature organizational security governance. While email security and network security are relatively strong, this does not compensate for the critical gaps in web application and data protection. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and preserve business reputation. Without swift action, the organization risks data breaches, regulatory penalties, and loss of customer trust.

N

Nico Rosberg

nicorosberg.com

38

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key deficiencies include the absence of HTTPS encryption, leading to insecure data transmission, and missing fundamental security headers that protect against common web attacks. Additionally, the lack of GDPR compliance elements—such as privacy policies and cookie consent—poses legal risks and potential fines. Network exposure of critical services like MySQL and FTP further increases the attack surface, making unauthorized access more likely. The organization's security governance is underdeveloped, with no formal information security framework, incident response procedures, or vulnerability disclosure policies in place. Although email security and DNS health show moderate maturity, the overall low scores in core security domains highlight urgent remediation needs. Immediate action is required to safeguard business assets, maintain customer trust, and comply with regulatory requirements.

O

OptimaT

optimat.be

46

The website's security posture is currently at high risk, with multiple critical and high-severity issues that directly impact business operations and regulatory compliance. Notably, the absence of HTTPS encryption exposes sensitive data to interception, undermining user trust and violating legal requirements such as GDPR and NIS2. Missing key security headers (Strict-Transport-Security, X-Frame-Options, Content-Security-Policy) increases vulnerability to common web attacks. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses significant legal and reputational risks, especially for EU customers. Additionally, the organization lacks foundational information security frameworks, incident response procedures, and business continuity plans, indicating immature security governance. Although email security and network security show moderate to good standing, critical gaps in SSL/TLS and GDPR compliance drastically overshadow these positives. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and secure business operations. The overall security readiness score reflects urgent need for comprehensive security improvements and policy implementations.

J

Johnson Controls

johnsoncontrols.com

68

The website demonstrates a moderate security posture with no critical vulnerabilities found; however, several high and medium-risk issues significantly impact compliance and risk management. Key deficiencies exist in GDPR compliance, including the absence of privacy and cookie policies and lack of user consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of a documented information security framework, incident response procedures, and security policies under NIS2 guidance further increases organizational risk and may hinder regulatory adherence. Security headers are inconsistently implemented, reducing protection against common web threats like XSS and content sniffing. SSL/TLS configurations are generally strong but require timely certificate renewal and elimination of mixed content to maintain secure communications. DNS settings are mostly healthy but can be improved by enabling DNSSEC to prevent domain spoofing. Positively, email and network security postures are robust, mitigating some external attack vectors. Overall, urgent attention to compliance and governance-related controls is critical to safeguard the business and maintain trust with users and regulators.

А

Аутсорсинговый контакт-центр eCall

ecall.ua

39

The website ecall.ua exhibits a critically weak security posture, primarily due to the absence of HTTPS encryption and several essential security headers, exposing the site to data interception, clickjacking, and content injection risks. Additionally, the lack of GDPR compliance and insufficient security policies significantly heighten legal, reputational, and operational risks for the business.

The website http://fact8r.com exhibits a severely weak security posture, characterized by the absence of HTTPS encryption and critical security headers, exposing it to data interception and various web-based attacks. Compliance with GDPR and NIS2 regulations is substantially lacking, posing significant legal and operational risks. Immediate remediation is essential to protect user data, maintain trust, and ensure regulatory adherence.

E

Emancipe

ecoledesparents.be

42

The website ecoledesparents.be currently exhibits a severely deficient security posture, primarily due to the absence of HTTPS encryption and critical security headers, exposing the business to data breaches, regulatory non-compliance, and reputational damage. Additionally, the lack of privacy policies and incident response frameworks significantly increases legal and operational risks, especially under EU regulations.

M

Marine Resources

marineresources.co.uk

78

The website marineresources.co.uk demonstrates a generally strong technical security posture in network, SSL/TLS, and email security; however, it lacks crucial governance and compliance elements, especially related to GDPR and the NIS2 directive. The absence of fundamental security policies, incident response capabilities, and appropriate headers exposes the business to regulatory risks and potential exploitation. Addressing these gaps is critical to reduce legal liability and protect brand reputation.

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Key vulnerabilities such as the absence of HTTPS encryption and essential security headers leave user data unprotected during transmission and increase susceptibility to common web attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements—such as a privacy policy and cookie consent mechanisms—further exposes the organization to potential legal penalties and customer trust erosion. Additionally, no formal information security framework, incident response, or business continuity plans are in place, which hinders the organization's ability to detect, respond to, and recover from security incidents effectively. While email security and network security show relative strength, critical gaps in SSL/TLS configuration and NIS2 compliance pose immediate threats. Without urgent remediation, these vulnerabilities could lead to costly breaches and regulatory fines. Immediate corrective actions are necessary to secure the website, protect customer data, and ensure compliance with relevant regulations.

E

Enterprise Rent-A-Car

enterprise.ca

72

The website https://enterprise.ca exhibits significant security gaps, particularly in governance and email security, leading to an unknown overall risk score. While network and SSL/TLS configurations are strong, critical deficiencies in incident response, security policies, and email authentication represent substantial business risks, including potential data breaches, regulatory non-compliance, and reputational damage.

E

Enterprise Rent-A-Car

enterprise.co.uk

72

The website demonstrates a generally moderate security posture with strong SSL/TLS and network security but suffers from significant gaps in governance, compliance (especially GDPR and NIS2), and critical security headers. These deficiencies expose the business to regulatory risks, potential data breaches, and reputational damage. Immediate remediation of governance frameworks and security controls is essential to mitigate operational and compliance risks.

E

Enterprise Rent-A-Car

enterpriserentacar.ca

70

The website https://enterpriserentacar.ca exhibits significant security gaps, particularly in email security, regulatory compliance (GDPR and NIS2), and HTTP security headers. While network security and SSL/TLS configurations are relatively strong, critical issues such as a permissive SPF record and missing key policies expose the business to risks including email spoofing, data privacy violations, and incident response inefficiencies.

E

Enterprise Holdings, Inc.

enterprisecarclub.co.uk

77

The website enterprisecarclub.co.uk demonstrates a generally sound network, email, and SSL/TLS security posture but suffers from critical gaps in web security headers, GDPR compliance, and information security governance aligned with NIS2 standards. These deficiencies expose the business to increased legal risks, potential data breaches, and regulatory non-compliance. Immediate remediation is necessary to strengthen data protection, incident response capabilities, and overall trustworthiness.

E

Enterprise Holdings, Inc.

enterprisecarshare.ca

75

The website https://enterprisecarshare.ca demonstrates a generally strong network and email security posture but exhibits significant gaps in web security headers, GDPR compliance, and critical NIS2 regulatory requirements. These deficiencies expose the business to data privacy risks, regulatory non-compliance penalties, and potential incident management failures. Immediate attention is needed to strengthen security policies, user data protection measures, and incident response capabilities to safeguard brand reputation and ensure legal compliance.

C

Commute with Enterprise

commutewithenterprise.com

75

The website commutewithenterprise.com demonstrates strong network, SSL/TLS, and email security controls, but suffers from significant gaps in governance and compliance, particularly related to GDPR and NIS2 requirements. Missing critical security policies, headers, and consent mechanisms expose the business to regulatory risks and potential operational disruptions despite a generally secure infrastructure.

The website efleets.com demonstrates a generally strong network, SSL/TLS, email security, and DNS posture but exhibits significant gaps in compliance and governance frameworks, particularly around GDPR and NIS2 regulations. Critical security controls such as Content-Security-Policy headers, incident response procedures, and cookie consent mechanisms are missing, posing considerable business and regulatory risk. Addressing these shortcomings is essential to reduce exposure to data breaches, regulatory penalties, and reputational damage.

E

Enterprise CarShare

enterprisecarshare.com

74

The website demonstrates a generally stable network and email security posture but suffers from significant gaps in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements. Missing key security headers and policies increase exposure to data privacy risks and regulatory non-compliance, potentially impacting customer trust and legal standing.

E

Enterprise Rent-A-Car

enterprise.com

76

The website enterprise.com demonstrates a strong network, email, and SSL/TLS security posture but reveals significant gaps in governance and compliance areas, particularly related to GDPR and NIS2 regulations. Missing critical policies, headers, and consent mechanisms expose the business to regulatory penalties and increased risk from security incidents. Addressing these weaknesses will enhance regulatory compliance, protect customer data, and reduce operational risks.

A

Agoda Company Pte. Ltd.

agoda.com

76

Agoda.com demonstrates a generally strong network and email security posture but exhibits significant weaknesses in compliance with GDPR and NIS2 regulations, as well as critical deficiencies in security header implementation. These gaps expose the business to regulatory risks, potential data breaches, and reputational damage. Immediate attention to governance, policy documentation, and key security controls is essential to strengthen the overall security posture and ensure regulatory compliance.

P

Pillar Capital, AS

pillarliving.lv

59

The website https://pillarliving.lv currently exhibits significant security and compliance deficiencies, particularly in GDPR adherence and overall information security management, exposing the business to legal, reputational, and operational risks. Immediate remediation is essential to establish trust, meet regulatory requirements, and protect sensitive data. The security posture is weak, with critical gaps in privacy measures, security policies, and technical controls.

A

ATTOLLO BROKERS

attollo.lv

55

The website attollo.lv currently exhibits significant security and compliance gaps, particularly in privacy policies, security headers, and incident response readiness, resulting in a high overall risk posture. While foundational network, DNS, and SSL/TLS security controls are relatively strong, critical deficiencies related to GDPR compliance and essential security frameworks present substantial business and regulatory risks.

The website usffcu.com demonstrates strong foundational security in network, email, SSL/TLS, and security headers but exhibits significant compliance and governance gaps, particularly concerning GDPR and NIS2 regulatory frameworks. These deficiencies expose the business to legal, reputational, and operational risks, undermining customer trust and regulatory standing.

The website sofija.lv demonstrates significant security and compliance weaknesses, particularly relating to missing essential security headers, inadequate GDPR compliance, and insufficient incident response and information security policies. These gaps expose the business to data breaches, regulatory penalties, and reputational damage, underscoring an urgent need for comprehensive security remediation and privacy governance improvements.