Security Directory

The website demonstrates a generally strong security posture with no critical or high-severity issues detected, reflecting effective baseline security controls. SSL/TLS and network security configurations are robust, scoring 100/100, which helps ensure secure data transmission and resilience against network attacks. However, several medium-severity issues related to compliance and security best practices remain unresolved, including missing security headers, lack of GDPR and NIS2 compliance validation, and DNS security gaps such as absent DNSSEC. Email security is moderate, with a complex SPF record but lacking DKIM signatures, which can increase the risk of email spoofing and phishing. Low-severity issues like missing CAA records indicate room for improvement in certificate management. Addressing these medium-level findings is critical not only to enhance security but also to maintain regulatory compliance and protect brand reputation. Overall, while the site is secure enough to support business operations currently, targeted improvements will reduce risk exposure and strengthen trust with customers and partners.

This website has 7 security issue(s) identified for improvement. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website demonstrates a moderately secure posture with strong SSL/TLS implementation, reflecting good encryption practices. However, a critical vulnerability is present due to an exposed MySQL service, which significantly increases the risk of unauthorized data access or manipulation. Several medium-level issues, including missing security headers, absence of DNSSEC, and lack of DKIM email authentication, indicate gaps in defense-in-depth strategies and compliance readiness. The failure to meet GDPR and NIS2 analysis standards suggests potential regulatory non-compliance risks that could lead to legal and financial penalties. Additionally, low DNS configuration standards, such as missing CAA records, expose the domain to certificate issuance risks. Overall, while encryption is well-managed, urgent remediation is necessary to protect sensitive data, enhance email security, and ensure regulatory compliance. Addressing these issues will reduce the attack surface and strengthen trust with customers and stakeholders.

The website's security assessment reveals significant risks that could jeopardize business operations and data integrity. Critical issues with DNS health, including DNS resolution failure and domain registration problems, pose immediate threats to website availability and trust. High and medium severity findings such as an unregistered MX record, missing DKIM email authentication, and failure in security headers increase the risk of email spoofing, phishing, and data leakage. Additionally, the lack of GDPR and NIS2 compliance indicates potential regulatory exposure, which could lead to legal penalties and reputational damage. While SSL/TLS configurations are strong, foundational DNS and network security weaknesses undermine overall security posture. Immediate remediation is necessary to ensure operational continuity and maintain customer trust. Addressing these issues will also help meet compliance requirements and reduce the risk of cyberattacks.

The website's security posture reveals significant vulnerabilities with multiple critical and high-risk exposures, particularly in network services and email authentication. While SSL/TLS implementation is strong, foundational security practices such as email authentication, secure network service configuration, and compliance with regulatory standards like GDPR and NIS2 are lacking. The presence of exposed critical services such as Telnet, SMB, and databases without proper protection poses a high risk of unauthorized access and data breaches. Additionally, missing security headers and DNS security features indicate gaps that could be exploited by attackers. Addressing these issues is urgent to safeguard sensitive information, maintain customer trust, and avoid regulatory penalties. Immediate remediation will also improve the organization's overall security maturity and resilience against cyber threats. The current state leaves the business vulnerable to data loss, service disruption, and compliance violations, emphasizing the need for prompt, prioritized action.

The website exhibits a generally stable security posture with no critical or high-level issues detected, indicating a solid foundation in many core areas such as SSL/TLS and network security. However, several medium-level issues related to security headers, GDPR compliance, NIS2 readiness, and DNS health suggest gaps that could expose the business to regulatory, reputational, and operational risks. The absence of key email security mechanisms like DKIM and limited DMARC reporting increases exposure to phishing and email spoofing threats, which could impact customer trust and brand integrity. Additionally, the lack of DNSSEC implementation and missing CAA records weaken domain name system security, potentially allowing DNS-based attacks. While network security and SSL/TLS configurations are strong, addressing these medium and low issues will enhance overall resilience and regulatory compliance. Immediate attention to regulatory frameworks (GDPR, NIS2) is crucial to avoid legal penalties and ensure business continuity. Proactive improvements in email and DNS security will mitigate phishing risks and strengthen trust with partners and customers.

The website demonstrates a generally strong network and SSL/TLS security posture, scoring 100/100 in these areas, which is positive for protecting data in transit. However, significant gaps exist in email security, notably the absence of email authentication protocols such as DKIM and SPF, with the lack of any email authentication marked as a critical issue. Medium-level issues in security headers, GDPR compliance, NIS2 compliance, and DNS health (including missing DNSSEC) indicate potential vulnerabilities in regulatory adherence and domain integrity. The absence of key security headers and DNSSEC could expose the business to attacks like DNS spoofing and reduce trustworthiness. GDPR and NIS2 failures may lead to regulatory penalties and harm customer trust. Overall, while foundational network protections are solid, the business faces risks from email spoofing, regulatory non-compliance, and DNS vulnerabilities that require immediate attention.

The website's overall security posture shows strengths in SSL/TLS configuration and network security, both scoring 100/100, indicating robust encryption and a well-maintained network environment. However, critical vulnerabilities exist in email security, with no email authentication configured and missing DMARC and DKIM records, exposing the business to phishing, spoofing, and reputational damage. DNS health is moderately weak, highlighted by an unregistered MX record and absence of DNSSEC, increasing risks of DNS spoofing and email delivery issues. The lack of security headers and compliance failures in GDPR and NIS2 frameworks further expose the website to potential regulatory penalties and exploitation via web-based attacks. While some medium and low severity issues exist, addressing the high and critical concerns is paramount to safeguarding the brand and customer trust. Immediate remediation of email authentication and DNS misconfigurations will mitigate the highest risks. Overall, the business must prioritize compliance and email security enhancements to reduce exposure and maintain regulatory adherence.

This website has 7 security issue(s) identified for improvement. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website demonstrates a generally solid security foundation with perfect scores in SSL/TLS and network security, indicating strong encryption and network controls. However, critical vulnerabilities exist in email security, notably the complete lack of email authentication mechanisms, exposing the business to risks such as email spoofing and phishing attacks. Medium-level issues with missing security headers, GDPR compliance gaps, and NIS2 directive adherence highlight regulatory and operational risks. DNS health is moderately good but lacks DNSSEC and CAA records, which could leave DNS queries vulnerable to tampering. Overall, while network and transport layers are well protected, deficiencies in email authentication, compliance, and header security could lead to reputational damage, legal penalties, and increased attack surface. Immediate remediation of email authentication and compliance issues should be prioritized to mitigate these risks. Strengthening DNS security and implementing security headers will further enhance the website’s resilience to cyber threats and regulatory scrutiny.

The website's overall security posture shows serious vulnerabilities primarily in its DNS infrastructure and compliance frameworks. While email security and SSL/TLS configurations are robust, critical DNS issues such as resolution failures and domain registration problems pose immediate operational and reputational risks. The failure to implement essential security headers and compliance with GDPR and NIS2 regulations exposes the business to potential data breaches and regulatory penalties. Medium-level concerns in network security and missing DNS security extensions further increase the attack surface. Addressing these issues promptly is vital to ensure business continuity, protect customer data, and maintain regulatory compliance. Without remediation, the organization risks service outages, data compromise, and loss of customer trust. Prioritizing DNS health and compliance will substantially improve the overall security posture. A holistic security strategy integrating technical fixes and compliance measures is recommended.

K

KOTA

kota.co.uk

73

The website demonstrates a generally strong network and TLS security posture, with no critical vulnerabilities identified. However, significant gaps exist in GDPR compliance and NIS2 regulatory adherence, which pose legal and operational risks. High-severity issues such as the absence of a cookie policy, consent banner, security framework, incident response procedures, and security policy documentation undermine trust and regulatory standing. Medium-level risks like missing vulnerability disclosure and business continuity plans further amplify potential exposure to cyber threats and operational disruptions. Security headers and email security configurations are moderately implemented but require enhancements for better protection. Immediate focus on compliance and governance frameworks is essential to mitigate regulatory penalties and reputational damage. Addressing these weaknesses will strengthen overall security resilience and ensure alignment with legal requirements.

J

Jason Brooks

jason-brooks.com

56

This website has 12 high-priority security issue(s) that should be addressed promptly. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

B

BMCI

bmci.ma

69

The website demonstrates a generally strong technical security foundation with robust network security, SSL/TLS configurations, and email security. However, significant gaps exist in regulatory compliance, particularly GDPR and NIS2, which present considerable legal and operational risks. Missing privacy and cookie policies, lack of consent mechanisms, and absent security governance documentation indicate insufficient organizational controls. Security headers are partially implemented but require enhancements to mitigate common web-based attacks. The absence of incident response and business continuity planning exacerbates potential downtime and breach impact. Addressing these deficiencies is critical to maintain customer trust, avoid regulatory penalties, and strengthen overall risk management. Prioritizing compliance and governance reforms will align security posture with legal requirements and industry best practices. Immediate remediation will reduce exposure to data privacy violations and operational disruptions.

The website demonstrates a generally strong foundation in network security, SSL/TLS implementation, and email security, reflected by high module scores in these areas. However, critical weaknesses exist in GDPR compliance and NIS2 regulatory adherence, posing significant legal and operational risks, especially for EU business operations. Missing privacy and cookie policies, lack of cookie consent mechanisms, and inadequate privacy measures expose the business to potential fines and reputational damage. The absence of an information security framework, incident response plans, and documented security policies undermines the organization's ability to manage and respond to security incidents effectively. Additionally, some security headers and DNS configurations are incomplete, which could increase exposure to data leakage and DNS-based attacks. Immediate remediation in privacy compliance and governance documentation is essential to mitigate regulatory risks and enhance trust with customers and partners. Overall, while technical defenses are strong, governance and compliance gaps represent the most pressing concerns for business continuity and legal compliance.

S

Swissquote

swissquote.ch

74

The website demonstrates a generally strong technical security foundation, with excellent SSL/TLS, network security, and DNS health scores. However, significant gaps exist in compliance with GDPR and NIS2 regulations, indicated by missing privacy and cookie policies, absence of consent mechanisms, and lack of documented security and incident response procedures. These deficiencies expose the business to regulatory risks, potential fines, and reputational damage, especially in regions governed by GDPR and NIS2 mandates. While some medium severity issues like missing X-XSS-Protection header and lack of DKIM records impact security, the primary concern is the absence of governance frameworks and policies. Addressing these will not only reduce compliance risk but also improve overall security posture and stakeholder trust. Immediate prioritization of privacy compliance and formal security documentation is critical to align with legal obligations and industry best practices. The organization's proactive network and SSL/TLS configurations provide a solid base to build upon. Overall, the security posture is solid technically but requires urgent policy and compliance enhancements to mitigate business risks effectively.

The website demonstrates a generally strong network security posture and good email security measures, but critical gaps exist in compliance and governance areas, particularly relating to GDPR and NIS2 requirements. The absence of a cookie policy and consent banner exposes the business to regulatory non-compliance risks and potential fines under GDPR. Key documentation and procedures such as incident response, security policies, and business continuity planning are missing, which heightens operational and security risks. SSL certificate expiry is imminent, threatening site availability and user trust. DNS configuration weaknesses, including an unregistered MX record and lack of DNSSEC, increase exposure to email spoofing and DNS attacks. While security headers are mostly in place, missing permissions-policy headers could allow unnecessary resource access. Overall, the security posture requires urgent attention to governance, compliance, and certificate management to mitigate legal, reputational, and operational risks.

D

Die neue Dimension der Geldanlage-Investieren in eine digitale Zukunft

superfund.de

51

The website's security posture is currently weak, with significant deficiencies across multiple critical areas including privacy compliance, email authentication, and security policy frameworks. Critical gaps in GDPR adherence expose the business to regulatory penalties and reputational damage, especially given its EU operations without adequate privacy measures. The absence of key HTTP security headers leaves the site vulnerable to common web-based attacks such as clickjacking, content injection, and cross-site scripting. Email infrastructure lacks essential authentication mechanisms, increasing risks of phishing and email spoofing. Additionally, missing incident response and security documentation undermines the organization’s ability to detect, respond to, and recover from security incidents effectively. While SSL/TLS and DNS configurations are relatively stronger, urgent attention is needed to enable HSTS and extend certificate validity. Overall, this assessment reveals a pressing need to implement foundational security controls and compliance policies to safeguard the business and its customers. Failure to address these issues promptly could result in severe operational, financial, and legal consequences.

D

Die neue Dimension der Geldanlage-Investieren in eine digitale Zukunft

superfund.at

57

The website's security posture is currently weak, with critical and high severity issues impacting key areas such as privacy compliance, security headers, and information security management. Notably, the absence of essential security headers like Strict-Transport-Security and Content-Security-Policy leaves the site vulnerable to man-in-the-middle attacks, clickjacking, and cross-site scripting. GDPR compliance is critically lacking, with no privacy or cookie policies and no consent mechanisms, exposing the business to regulatory fines and reputational damage. Furthermore, the lack of a formal information security framework, incident response procedures, and security policy documentation undermines the organization's ability to manage and respond to cyber threats effectively. While email security, SSL/TLS, DNS health, and network security score moderately well, imminent SSL certificate expiration and missing DNSSEC are concerns. Overall, urgent remediation is required to reduce legal, operational, and cybersecurity risks. Implementing prioritized controls will strengthen defenses, ensure regulatory compliance, and protect customer trust.

E

Egnyte

egnyte.com

76

The website exhibits a generally strong security posture in network security, SSL/TLS configuration, and email security, scoring near or at 100 in these areas. However, significant gaps exist in compliance with GDPR and NIS2 requirements, leading to low scores of 43 and 25 respectively. Critical business risks stem from missing cookie policies and consent mechanisms, absence of an information security framework, and lack of incident response procedures, which expose the organization to regulatory penalties and operational disruptions. Security headers are mostly implemented but lack some key controls that could reduce exposure to information leakage. DNS health is adequate but can be improved by enabling DNSSEC to prevent domain spoofing. Overall, the website is secure from common network and transport layer attacks but vulnerable to regulatory compliance violations and incident management deficiencies, which could impact business reputation and continuity.

B

Bonpoint

bonpoint-vintage.com

65

The website demonstrates a generally good network security posture and strong email and DNS configurations, but significant gaps exist in privacy compliance and foundational security frameworks. Critical GDPR compliance issues, such as missing privacy and cookie policies and lack of consent mechanisms, present considerable legal and reputational risks. The absence of a documented information security framework, incident response, and business continuity planning under NIS2 further exposes the organization to operational disruptions and regulatory penalties. Weaknesses in SSL/TLS configurations, including weak key lengths and certificates nearing expiration, increase vulnerability to interception and compromise. Security headers are partially configured but lack completeness, potentially allowing certain attack vectors. Overall, the current security posture leaves the business exposed to compliance violations, potential data breaches, and operational risks that could harm customer trust and incur financial penalties. Immediate remediation focusing on compliance and foundational security policies will substantially mitigate these risks and improve resilience.

B

Black Bull Group

blackbull-group.com

60

The website's security posture reveals significant gaps that expose the business to potential cyber risks and regulatory non-compliance. While there are no critical vulnerabilities, several high and medium-level issues, particularly in security headers, GDPR compliance, and network security, present serious concerns. Missing essential HTTP security headers increases exposure to web-based attacks such as clickjacking, content injection, and cross-site scripting. The absence of privacy and cookie policies, alongside missing cookie consent mechanisms, risks violating data protection regulations like GDPR, potentially resulting in legal penalties and reputational damage. Additionally, the lack of incident response procedures and vulnerability disclosure policies hampers the organization's ability to effectively manage and recover from security incidents. The exposure of high-risk services like FTP further elevates the threat landscape. Overall, immediate remediation is essential to enhance security posture, protect customer data, and ensure regulatory compliance to safeguard business continuity and trust.

The website exhibits a moderate overall security posture with no critical vulnerabilities detected but several high and medium-risk issues that require immediate attention. GDPR compliance is notably weak, scoring 43/100, primarily due to the absence of a cookie policy and consent banner, exposing the business to regulatory risks and potential fines. The NIS2 compliance score is critically low at 25/100, reflecting significant gaps in information security governance, incident response, and security documentation, which could impair the organization’s ability to manage cyber threats and regulatory obligations. Security headers and email security are average but have room for improvement to mitigate common web and email-based attacks. SSL/TLS and DNS configurations are generally strong, but mixed content and missing DNSSEC reduce overall protection. Network security posture is excellent, indicating robust infrastructure defenses. Immediate remediation will reduce legal liability, enhance trust with customers, and strengthen the organization's resilience against cyber threats.

G

Gruppo Santa Devota

santadevota.it

59

The website exhibits significant security gaps, particularly in privacy compliance, email authentication, and core security policies, posing substantial risks to business reputation and regulatory adherence. Critical issues in GDPR compliance and email authentication indicate exposure to legal penalties and phishing attacks. Missing key security headers and lack of incident response and business continuity plans reflect immature security governance. While network and DNS health are relatively strong, foundational security controls such as HSTS and DNSSEC require enhancement. The low scores in GDPR and NIS2 modules highlight urgent needs for privacy policies and security frameworks. Immediate remediation is necessary to reduce vulnerability exposure and align with regulatory requirements. Overall, the security posture is weak and demands prioritized, strategic improvements to protect customer data and maintain trust.

S

Sky TG24

skytg24.it

66

The website demonstrates a strong foundational security posture in network security and SSL/TLS configurations, scoring 100 and 97 respectively. However, critical gaps exist in privacy compliance and email security, with GDPR adherence scoring only 15/100 and email security at 75/100. Notably, absence of a Privacy Policy, Cookie Consent Banner, and proper email authentication expose the business to regulatory fines and reputational damage. The lack of information security frameworks and incident response procedures under the NIS2 directive also presents significant operational risks. Medium to high severity issues with security headers and DNS configurations further increase exposure to common web-based attacks. Immediate remediation on privacy and incident management controls is essential to maintain trust and comply with EU regulations. Overall, while technical network defenses are solid, governance, compliance, and email security require urgent attention to reduce business risk.

S

Site not installed - OVHcloud

eurassur.mc

67

The website demonstrates significant security and compliance gaps that expose the business to potential data breaches, regulatory penalties, and reputational damage. While no critical vulnerabilities were found, the presence of multiple high-severity issues, especially missing key security headers and lack of GDPR and NIS2 compliance documentation, indicates a weak security posture. The absence of a Privacy Policy, Cookie Policy, and consent mechanisms could lead to legal challenges under data protection laws. Additionally, missing incident response and security policies increase operational risk during security events. SSL/TLS and DNS configurations are moderately strong but require attention to maintain trust and secure communications. Email and network security are well managed, reflecting some positive controls in place. Immediate remediation is essential to reduce business risk and ensure regulatory compliance.

The website demonstrates a generally strong network and email security posture but has significant gaps in critical security and compliance areas. Notably, the absence of a Content-Security-Policy header and weak HTTP security headers increase exposure to common web attacks. Compliance deficiencies related to GDPR, such as missing privacy and cookie policies and consent mechanisms, present legal and reputational risks. The lack of documented information security frameworks, incident response plans, and security policies under NIS2 requirements further heightens operational vulnerabilities. While SSL/TLS and DNS configurations are mostly adequate, some improvements are needed to maintain trust and secure communications. Overall, the current security posture exposes the business to regulatory penalties, data breaches, and service interruptions. Addressing these issues promptly will strengthen compliance, reduce risk, and protect customer trust.

K

Koroyd

koroyd.com

50

The website's overall security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches and regulatory non-compliance. The absence of HTTPS encryption is a critical flaw, undermining user data confidentiality and trust, while also violating GDPR and NIS2 requirements. Key security headers are missing, increasing the risk of cross-site scripting and data leakage. GDPR compliance is severely lacking, with no cookie policy or consent mechanism, risking legal penalties and reputational damage. The lack of documented security policies, incident response, and business continuity plans highlights operational weaknesses. Email and DNS security are relatively strong, but gaps remain that could be exploited. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity. Without urgent corrective actions, the business faces increased risk of cyber incidents and legal consequences.

U

UPS Supply Chain Solutions

ups-scs.com

50

The website's overall security posture is currently poor and exposes the business to significant risks, particularly in data protection and regulatory compliance. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and trust, simultaneously violating GDPR and NIS2 requirements. Key policies and procedures related to information security, incident response, and privacy are missing, which undermines the organization's ability to manage security events and comply with legal obligations. While network security and DNS health scores are relatively strong, foundational security controls such as security headers and cookie management are insufficient. The lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks. Email security is reasonably well implemented but can be further improved. Immediate remediation is needed to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Without these improvements, the business risks data breaches, regulatory penalties, and damage to its brand reputation.

I

Indosuez Wealth Management

ca-indosuez.fr

43

The website's overall security posture is critically weak and exposes the business to significant risks, particularly regarding data protection and regulatory compliance. The absence of HTTPS encryption is a critical vulnerability affecting GDPR, NIS2, and SSL/TLS compliance, jeopardizing user data confidentiality and trust. Key security headers are missing or poorly configured, increasing exposure to web-based attacks such as clickjacking and cross-site scripting. The lack of a cookie policy and consent mechanisms indicates non-compliance with GDPR, which could lead to legal penalties and reputational damage. Furthermore, the absence of essential NIS2 security policies, such as incident response and security documentation, suggests insufficient organizational security governance. DNS and email security configurations reveal gaps that could enable phishing or spoofing attacks. While network security posture is good, the overall lack of fundamental protections necessitates urgent remediation to safeguard the business and meet regulatory requirements.

J

Just a moment...

3dconnexion.com

50

The website's overall security posture is currently weak, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory fines, and reputational damage. Most notably, the absence of HTTPS encryption is a severe flaw, undermining all data transmissions and violating GDPR and NIS2 compliance requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing the risk of man-in-the-middle attacks and cross-site scripting. GDPR compliance is poor due to missing privacy and cookie policies and the lack of a consent banner, risking legal penalties. The organization also lacks fundamental information security frameworks, policies, and incident response procedures, indicating immature security governance. However, email security and network security show relatively strong postures, which is a positive foundation to build upon. Immediate remediation is critical to prevent exploitation and align with regulatory mandates. Investing in HTTPS encryption and comprehensive security policies will deliver the highest immediate business value by reducing risk and improving customer trust.

S

Stéphane-Alexandre Dani

art-dani.com

42

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputation damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all data confidentiality and integrity guarantees. Key security headers like Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options are missing, increasing the risk of web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements including Privacy Policy, Cookie Policy, and consent mechanisms places the company at risk for legal penalties and customer trust erosion. Additionally, the absence of foundational NIS2 security governance documents such as incident response and security policies further weakens organizational readiness against cyber threats. While network security and DNS health show relatively strong posture, critical gaps in SSL/TLS and email security remain. Immediate action is required to remediate these high and critical issues to protect customer data, comply with regulations, and maintain business continuity.

C

Crédit Agricole

credit-agricole.com

52

The website exhibits serious security deficiencies, particularly the complete absence of HTTPS encryption, which critically exposes data in transit and undermines user trust. Compliance with GDPR and NIS2 regulations is severely lacking, with missing cookie policies, consent mechanisms, and essential security governance documentation, posing significant legal and operational risks. While network security and email security demonstrate relatively strong postures, foundational issues around encryption and policy frameworks significantly elevate the organization's exposure to data breaches and regulatory penalties. Security headers and DNS configurations are suboptimal but less urgent relative to the critical gaps. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and uphold the organization's reputation. Without urgent action, the business remains vulnerable to interception, data leakage, and potential loss of customer confidence. Prioritizing HTTPS implementation alongside privacy and incident response policies will substantially improve the security stance. Overall, the current posture demands urgent attention to align with industry best practices and regulatory mandates.

I

IQVIA

imshealth.com

50

The website's security posture currently exhibits significant vulnerabilities that pose notable risks to business operations and customer trust. Most critically, the absence of HTTPS encryption exposes all data transmissions to interception and manipulation, violating GDPR and NIS2 compliance requirements and potentially leading to regulatory penalties. The lack of fundamental privacy policies and cookie consent mechanisms further threatens legal compliance and customer confidence. Additionally, missing core security governance elements such as incident response, security policies, and vulnerability disclosure indicate a weak security management framework. While network and email security show strengths, critical gaps in web security headers and DNS configurations leave attack surfaces open. Immediate remediation is essential to prevent data breaches, reputational damage, and compliance failures. Overall, the website needs a prioritized security overhaul to align with industry standards and regulatory mandates.

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, undermining data confidentiality and integrity across all communications. Multiple missing security headers further increase vulnerability to common web attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of GDPR compliance components such as privacy policies, cookie policies, and consent mechanisms exposes the business to legal penalties and erodes customer trust. Additionally, there is no evidence of adherence to the NIS2 cybersecurity directive, with critical gaps in incident response, security policies, and business continuity planning. Email security is insufficient, lacking proper authentication configurations which increase the risk of phishing and spoofing attacks. Although network security and DNS health are relatively strong, these alone do not mitigate the critical weaknesses present. Immediate remediation is required to protect sensitive customer data, maintain regulatory compliance, and safeguard the company’s brand reputation.

A

APM Monaco

apm.mc

50

The website's overall security posture is currently weak, with critical vulnerabilities severely impacting confidentiality and compliance. The absence of HTTPS encryption is a critical failure affecting GDPR, NIS2, and SSL/TLS compliance, exposing all data in transit to interception and undermining customer trust. Governance issues are apparent, with no documented security or incident response policies and missing GDPR-required cookie policies and consent mechanisms. While network security and DNS health show strengths, critical gaps in email security enforcement and security headers remain. The poor NIS2 and GDPR compliance scores highlight significant regulatory risk, potentially leading to legal penalties and reputational damage. Addressing these issues is urgent to protect customer data, ensure business continuity, and maintain regulatory compliance. The current state exposes the business to data breaches, legal fines, and loss of customer confidence. Immediate remediation efforts on encryption, policies, and user privacy controls are imperative to improve security posture and business resilience.

The website's overall security posture is currently poor, with multiple critical and high-severity vulnerabilities that expose the business to significant risks. The absence of HTTPS encryption is the most critical issue, compromising data confidentiality and user trust, and violating GDPR and NIS2 regulations. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing susceptibility to common web attacks such as man-in-the-middle and cross-site scripting. GDPR compliance is severely lacking, with no cookie policy or consent mechanisms, risking regulatory fines and reputational damage. The organization also lacks essential information security frameworks, incident response plans, and security documentation, undermining its ability to manage and respond to security incidents effectively. Email security and network security show relatively better posture but still require improvements. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold customer trust. Without addressing these critical gaps, the business faces elevated risks of data breaches, legal penalties, and operational disruptions.

D

Doro AB

doro.com

42

The website's overall security posture is currently weak, with critical deficiencies in fundamental protections such as HTTPS encryption and key security headers. The absence of HTTPS impacts user trust, data confidentiality, and regulatory compliance, exposing the business to significant legal and reputational risks. GDPR compliance is notably poor, lacking essential elements like cookie policies and consent mechanisms, which could result in heavy fines and customer distrust. The NIS2-related security framework and incident response processes are missing, increasing vulnerability to cyber threats and potential operational disruptions. While email security and network infrastructure show moderate to strong performance, critical gaps in web and application-layer security jeopardize the entire environment. Immediate remediation is essential to protect sensitive customer data, maintain compliance, and safeguard business continuity. Failure to address these issues promptly could lead to data breaches, regulatory penalties, and loss of customer confidence. Overall, the current state demands urgent and prioritized security improvements to align with industry standards and legal requirements.

L

London Property Investments

londonpropertyinvestments.com

45

The website's overall security posture is critically weak, with multiple high and critical severity issues primarily related to missing HTTPS encryption and key security headers. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a severe risk to user privacy and business integrity. Compliance with GDPR and NIS2 regulations is insufficient, posing potential legal and regulatory consequences, including fines and reputational damage. Security governance gaps such as missing incident response procedures, security policies, and vulnerability disclosure processes further increase organizational risk. While network security and email security show relatively stronger postures, foundational web security controls and privacy safeguards are lacking. Immediate remediation is required to protect customer data, maintain trust, and ensure regulatory compliance. The company must prioritize establishing a secure HTTPS environment and implementing critical HTTP security headers. Addressing these issues will significantly reduce the risk of cyberattacks and data breaches that could disrupt business operations and harm the brand reputation.

L

La Poste

laposte.fr

42

The website's overall security posture is critically deficient, exposing the business to substantial legal, operational, and reputational risks. Key vulnerabilities include the complete lack of HTTPS encryption, missing essential HTTP security headers, and non-compliance with GDPR regulations, which is especially concerning for EU-based operations. The absence of documented information security policies, incident response procedures, and business continuity planning further exacerbates the risk landscape. While email security and network security show relatively stronger performance, critical gaps remain in website security and regulatory compliance. This exposes the business to data breaches, regulatory penalties, and loss of customer trust. Immediate remediation is vital to protect sensitive data, ensure compliance, and maintain operational resilience. Addressing these issues will also enhance the company’s credibility and customer confidence in digital interactions. Without urgent action, the company risks severe financial and legal consequences alongside potential business disruption.

R

RUDDER

rudder.mc

45

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is a fundamental flaw affecting confidentiality, data integrity, and customer trust. Critical gaps in security headers and missing privacy and cookie policies risk exploitation and legal penalties, especially under GDPR and NIS2 regulations. Lack of documented security policies, incident response plans, and vulnerability disclosure processes further hampers the organization's ability to effectively detect and respond to cyber threats. Exposure of high-risk services like FTP and SSH increases the attack surface, potentially enabling unauthorized access. Although email security and DNS health are relatively strong, these cannot offset foundational vulnerabilities. Immediate remediation is essential to protect sensitive data, ensure compliance, and maintain customer confidence. Without prompt action, the business faces risks of financial loss, reputational damage, and regulatory sanctions.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

M

MINDUS

mindus.co

50

The website exhibits a concerning overall security posture with several critical vulnerabilities, primarily the complete lack of HTTPS encryption, which exposes user data to interception and undermines trust. Compliance with GDPR and NIS2 regulations is severely lacking, especially regarding cookie management, data protection policies, and incident response readiness, which poses significant legal and reputational risks. Security header configurations are weak or missing, increasing susceptibility to common web attacks such as cross-site scripting and clickjacking. Although network security and email security measures are relatively strong, foundational elements like HTTPS and security policy documentation are absent. The absence of an information security framework and business continuity planning further endangers operational resilience. Immediate remediation is critical to protect sensitive data, ensure regulatory compliance, and maintain customer confidence. Without urgent improvements, the organization risks data breaches, regulatory penalties, and loss of business continuity.

I

Indigo Books & Music Inc.

indigo.ca

54

The website's overall security posture reveals significant critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes data in transit to interception and compromises user trust. Compliance-related deficiencies are severe, with extremely low GDPR and NIS2 scores indicating non-compliance risks that could result in substantial regulatory penalties and reputational damage. While network security and email security are relatively strong, foundational security controls such as security headers are only moderately implemented and require improvement. The lack of formal security policies, incident response procedures, and vulnerability disclosure mechanisms further amplifies the organization's risk exposure. Additionally, missing cookie consent mechanisms and privacy policy issues threaten legal compliance with data protection laws. DNS health is good but can be enhanced by enabling DNSSEC to prevent DNS spoofing attacks. Immediate remediation is essential to protect sensitive user data, ensure regulatory compliance, and maintain business continuity.

G

Gucci

gucci.com

53

The website's overall security posture is currently poor, primarily due to critical gaps in fundamental security controls such as the absence of HTTPS encryption and essential security headers. This exposes the business to significant risks including data interception, non-compliance with GDPR and NIS2 regulations, and reputational damage. The lack of a cookie consent banner and GDPR-compliant privacy policies further amplify legal exposure. Additionally, key governance elements like incident response, security policies, and vulnerability disclosure are missing, indicating immature security management. While network security and email configurations are relatively strong, they cannot compensate for the critical deficiencies in encryption and compliance. Immediate remediation is necessary to protect sensitive user data, ensure regulatory compliance, and maintain customer trust. Addressing these issues will also reduce potential financial liabilities stemming from data breaches or regulatory penalties.

O

Oracle Applications & Technology Users Group

oaug.org

40

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk including data breaches, regulatory penalties, and service disruptions. The absence of HTTPS encryption across the site is a fundamental flaw, compromising data confidentiality and integrity while violating GDPR and NIS2 requirements. Critical services like MySQL and FTP are exposed, increasing the attack surface and risk of unauthorized access. Key security headers are missing, leaving users vulnerable to clickjacking and cross-site scripting attacks. The lack of GDPR compliance measures such as privacy policies and cookie consent mechanisms exposes the company to legal and reputational risks. Additionally, the absence of an information security framework, incident response plans, and security policies indicates poor organizational cybersecurity maturity. Email security is moderately strong but insufficient to offset the broader systemic issues. Immediate remediation is essential to protect business operations, customer trust, and regulatory compliance.

F

FIPARC

fiparc.fr

46

The website exhibits significant security weaknesses, particularly in encryption, privacy compliance, and security governance, which pose substantial risks to business operations and customer trust. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and regulatory compliance, especially for EU customers under GDPR. Privacy policies and cookie consent mechanisms are missing, exposing the business to legal penalties and reputational damage. Security headers are inadequately configured, increasing susceptibility to common web attacks such as cross-site scripting. The lack of a formal information security and incident response framework demonstrates immature security governance, potentially delaying breach detection and response. While network security and email protections score relatively well, critical gaps in NIS2 compliance and data protection remain. Immediate remediation is needed to secure communications, ensure regulatory adherence, and establish foundational security policies. Addressing these issues will protect business continuity, customer data, and brand reputation.

D

Dexlab.io

dexlab.io

43

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risks, including data breaches, regulatory penalties, and reputational damage. The complete lack of HTTPS encryption is a critical failure impacting user data confidentiality and trust. Missing essential security headers such as Content-Security-Policy and X-Frame-Options further increase exposure to web-based attacks. Non-compliance with GDPR requirements, including absent privacy and cookie policies and consent mechanisms, poses legal and financial risks. The absence of any formal information security framework, incident response, and business continuity planning undermines operational resilience and incident management. While network security and email security show relatively better results, key gaps like missing DKIM records and DNSSEC reduce overall trustworthiness. Immediate remediation is required to protect customer data, meet regulatory obligations, and safeguard business continuity.

B

Bank of America

ml.com

49

The website's overall security posture is currently at high risk, with multiple critical and high-severity issues identified. The absence of HTTPS encryption is a critical vulnerability that exposes all data transmissions to interception, significantly undermining confidentiality and trust. GDPR compliance is severely lacking, with missing cookie policies and consent mechanisms, which may lead to legal and regulatory penalties. The lack of essential security headers increases the risk of common web attacks such as clickjacking and cross-site scripting. Additionally, the absence of fundamental NIS2 security governance elements, including incident response and security policies, indicates a weak organizational security framework. While DNS and network security are relatively strong, the critical gaps in application-layer security and compliance pose significant business risks. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and preserve brand reputation. Without urgent action, the business faces potential data breaches, regulatory fines, and erosion of customer trust.