Security Directory

G

Groupe iliad

iliad.fr

0

Groupe iliad is a major telecommunications and technology group based in France, operating multiple subsidiaries that provide internet, mobile, and cloud services across Europe. The website reflects a professional and consistent brand presence targeting a broad audience including consumers, investors, and media. The technical infrastructure leverages modern frontend technologies such as React and Material-UI, but suffers from slow load times and lacks a valid SSL certificate, resulting in insecure HTTP connections. Privacy compliance is well addressed with clear privacy and cookie policies and GDPR adherence. However, the absence of HTTPS and modern TLS protocols significantly weakens the security posture. Overall, the site is functional and professional but requires urgent security improvements to protect user data and enhance trust.

G

Golem

golem.ai

0

Golem.ai is a French technology company specializing in AI-powered semantic analysis and automation solutions for business communication and document processing. Positioned as a trusted AI provider, it offers products like InboxCare and the Golem.ai Core platform, targeting industries such as insurance, retail, transport, defense, tourism, and customer relations. The company is recognized by Gartner and integrated into the French tech ecosystem, emphasizing explainability, sovereignty, and energy-efficient AI. Technically, the website is built on WordPress with Elementor, hosted on Scaleway, and uses modern web technologies with good performance and mobile optimization. Security posture is solid with HTTPS, DMARC, and SPF configured, though improvements in security headers and DNS security are recommended. Privacy compliance is strong with clear policies and consent mechanisms. Overall, Golem.ai presents a professional, trustworthy, and well-structured digital presence with strong business credibility and technical maturity.

L

LittleBig Connection

littlebigconnection.com

0

LittleBig Connection is a technology-focused collaborative platform that connects large companies with freelancers and consulting firms specializing in technology and engineering. It operates a global marketplace and management platform with a presence in 50 countries and a community of 500,000 experts. The company is part of the Mantu group and emphasizes long-term, high-impact projects. Technically, the website is built on WordPress with modern JavaScript libraries and animation frameworks, delivering a good user experience and mobile optimization. Security posture is strong with HTTPS, robust security headers, and certifications including ISO 27001 and ISO 9001. Privacy compliance is well addressed with comprehensive policies and consent mechanisms. Overall, the site demonstrates a mature digital presence with good SEO, trust indicators, and extensive analytics usage.

J

Jamespot

jamespot.com

0

Jamespot is a French technology company specializing in SaaS collaborative digital workplace solutions, including enterprise social networks, intranet, and AI-powered collaboration tools. The company positions itself as a flexible and customizable provider with over 20 years of experience, targeting professional organizations seeking to enhance internal communication and teamwork. The website demonstrates strong business credibility with comprehensive content, customer testimonials, and recognized certifications such as ISO 27001 and RGAA 4.1 accessibility compliance. Technically, the site is built on WordPress with modern SEO and marketing tools, but suffers from slow performance and lacks a valid SSL certificate, which significantly impacts its security posture. Privacy compliance is well addressed with detailed cookie policies and consent mechanisms. Security practices include SPF and DMARC DNS records, but the absence of HTTPS and modern TLS protocols is a critical weakness. Overall, the site is professional and trustworthy but requires urgent improvements in SSL/TLS configuration to enhance security and user trust.

C

Cloud IAM

cloud-iam.com

0

Cloud IAM is a technology company specializing in managed identity and access management (IAM) solutions based on the open-source Keycloak platform. Founded in 2018 and based in France, the company offers a fully managed Keycloak SaaS and consulting services with a strong emphasis on security, reliability, and compliance, including ISO 27001 certification and a 99.95% SLA uptime guarantee. Their target audience includes developers and organizations seeking scalable, secure, and customizable IAM solutions without the complexity of self-hosting Keycloak. The website demonstrates a mature digital presence with professional design, clear navigation, and comprehensive content about their services and security posture. Technically, the site uses modern web technologies including Webflow CMS, HubSpot marketing and analytics tools, Matomo analytics, and Google reCAPTCHA for bot protection. The SSL configuration is good with TLS 1.3 support, though improvements such as enabling HSTS and DNSSEC could enhance security further. Privacy compliance is well addressed with a comprehensive privacy policy and strong email authentication records (SPF, DMARC). Overall, Cloud IAM presents a trustworthy and professional service with a solid security foundation and transparent business practices.

F

Free

free.org

0

Free is a major French telecommunications provider offering fiber internet, Wi-Fi 7 enabled Freebox devices, TV packages, and 5G mobile plans. The company holds a strong market position in France with a large retail presence and a comprehensive portfolio of internet and entertainment services. The website reflects a mature digital infrastructure built on modern web technologies such as Next.js and React, providing a rich user experience with detailed product information and customer reviews. However, the absence of a valid SSL certificate and HTTPS support is a critical security gap that undermines user trust and data protection. Security headers are partially implemented, but the lack of TLS protocols and HSTS reduces the overall security posture. Privacy and legal compliance are well addressed with dedicated pages and GDPR-aligned policies. Overall, the site is professional and trustworthy but requires urgent security improvements to meet modern standards.

S

Scaleway SAS

bookmyname.com

0

BookMyName is a domain registration and email service provider operating as a subsidiary of Scaleway SAS, itself part of the Iliad Group. The website targets individuals and businesses seeking domain management solutions, offering services such as domain registration, transfer, renewal, and Whois lookup. The company positions itself as a reliable and professional provider in the domain registration market, with clear service offerings and pricing. Technically, the website uses jQuery and Segment Analytics for tracking, hosted on Scaleway infrastructure. The site has moderate performance and good mobile optimization but lacks a valid SSL certificate, which significantly impacts security posture. Security practices include DNS SPF and DMARC records and a cookie consent mechanism, but critical gaps exist such as missing HTTPS, no security headers, and no DNSSEC. Privacy compliance is basic with a privacy policy and cookie banner present. Overall, the website is functional and professional but requires urgent security improvements to protect user data and enhance trust.

Q

Quarkslab

quarkslab.com

0

Quarkslab is a cybersecurity company specializing in offensive and defensive security solutions, combining consulting, R&D, and proprietary software to help organizations protect their digital assets. The company is recognized in the Gartner Emerging Tech report and serves a target audience of companies and governmental organizations seeking advanced cyber defense. Technically, the website is built on WordPress with Elementor and integrates multiple analytics and marketing tools. However, the site lacks a valid SSL certificate and modern TLS support, which significantly impacts its security posture. While email authentication is well configured with SPF and DMARC, the absence of HTTPS and security headers exposes the site to risks. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional and content-rich but requires urgent improvements in SSL/TLS configuration to enhance security and trust.

L

Les Sherpas

truzzer.fr

0

Les Sherpas is a French education platform specializing in personalized tutoring and online courses for students across various academic levels. The company positions itself as a flexible and quality-driven service provider, leveraging a proprietary platform that integrates messaging and videoconferencing to enhance the learning experience. The website is content-rich, featuring extensive user testimonials and structured data to boost SEO and trust. Technically, the site uses modern web standards and is hosted by o2switch, with moderate performance and good mobile optimization. Security is adequate with HTTPS and valid SPF records, but lacks advanced features such as HSTS and OCSP stapling, and no security headers are present. Privacy compliance is basic, with a privacy policy found but no cookie consent mechanism detected. Overall, the site demonstrates a strong business credibility and user trust, though security and privacy practices could be improved.

E

eKomi Holding GmbH

ekomi.fr

0

eKomi Holding GmbH operates a leading SaaS platform specializing in authentic customer and product review management, serving over 15,000 companies globally. The company leverages advanced technology integrations with major platforms like Google to enhance client conversion rates and SEO performance. Technically, the website is built on WordPress with Bootstrap and includes modern marketing and analytics tools such as Intercom and CookieScript. However, the absence of a valid SSL certificate and lack of HTTPS significantly undermine the site's security posture. While privacy compliance is strong with comprehensive policies and consent mechanisms, the security configuration requires urgent improvements to protect user data and maintain trust. Strategic recommendations include implementing proper SSL/TLS, enabling security headers, and publishing a vulnerability disclosure policy.

Arvato SE operates a comprehensive supply chain and logistics service platform with a strong focus on innovative digital solutions and e-commerce support. The company targets business clients seeking holistic supply chain management, logistics, transport, and digital commerce solutions. The website reflects a large enterprise with international reach, supported by multiple regional domains and a parent company affiliation with Bertelsmann. Technically, the site is built on TYPO3 CMS with modern frontend tooling but suffers from a lack of HTTPS, resulting in a critical security gap. Cookie consent is managed professionally via Cookiebot, and analytics are extensively used with Google services. The security posture is weak due to missing SSL and security headers, which poses risks to user data and trust. Overall, the website is professionally designed and content-rich but requires urgent security improvements to meet modern standards.

Arvato is a large enterprise specializing in innovative supply chain management, logistics, transport, and digital commerce solutions primarily targeting B2B clients. The website is professionally designed, multilingual, and powered by TYPO3 CMS with modern frontend technologies. However, the site lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which significantly impacts its security posture. Security headers are mostly present, but critical SSL/TLS configurations and session management features are missing. Privacy compliance is well addressed with a comprehensive privacy and cookie policy and consent mechanisms. Business credibility is strong with clear branding, client logos, and social media presence. Overall, the site is content-rich and user-friendly but requires urgent security improvements to protect user data and enhance trust.

B

Boxmyjob SAS

taleez.com

0

Taleez, operated by Boxmyjob SAS, is a French-based SaaS company specializing in recruitment management software (ATS). The company offers a comprehensive platform that centralizes recruitment processes, including job offer multi-diffusion, candidate sourcing, process automation, and analytics. With over 15,000 users and a strong presence in the French market, Taleez positions itself as a reliable and user-friendly solution for HR teams, managers, and candidates. The website reflects a professional and consistent brand image, supported by numerous client testimonials and case studies. Technically, the website is built on Webflow CMS and integrates multiple marketing and analytics tools such as HubSpot, Google Analytics, Amplitude, and ConvertBox. Hosting is managed via OVH with CDN support from Cloudfront. Despite a rich content offering and good mobile optimization, the site suffers from slow load times and lacks a valid SSL certificate, which critically impacts its security posture. Security-wise, the absence of a valid SSL certificate and HTTPS enforcement is a major vulnerability, exposing users to potential data interception risks. Additionally, the lack of security headers and modern TLS protocols further weakens the site's defense. Privacy compliance is well addressed with comprehensive GDPR-aligned policies and cookie consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, while Taleez demonstrates strong business credibility and content quality, its technical and security shortcomings, especially regarding SSL/TLS, pose significant risks. Addressing these issues is paramount to safeguarding user data and maintaining trust.

S

Shop Courtyard

shopcourtyard.com

0

Shop Courtyard is an e-commerce retail platform specializing in branded home products from Courtyard Hotels, a Marriott International brand. The website offers a curated selection of luxury bedding, pillows, linens, bathrobes, towels, and related merchandise designed to replicate the hotel experience at home. The business targets consumers seeking premium hotel-quality home goods and operates primarily in the European market with a presence in France. The site is well-branded and aligned with Marriott's hospitality sector, leveraging partnerships with sister hotel store sites.

S

Sheraton Store

sheratonstore.com

0

Sheraton Store is an e-commerce platform retailing luxury hotel bedding, bath linens, and related home products under the Sheraton brand, a subsidiary of Marriott International. The website targets consumers seeking premium bedding and home comfort products, positioning itself as a premium branded retailer with a focus on quality and brand trust. The business model is primarily direct-to-consumer online retail with a strong brand association to Sheraton and Marriott. Technically, the site is built on Magento with integrations for Adobe Launch, Google Tag Manager, and OneTrust for privacy compliance. However, the site suffers from a critical lack of a valid SSL certificate, which severely impacts its security posture and user trust. Performance is slow due to large page size and many resources, though mobile optimization and SEO are good. Privacy compliance is well implemented with a comprehensive privacy policy and cookie consent mechanism. Contact information and business details are clearly presented, enhancing business credibility.

M

Marriott International, Inc.

collectrenaissance.com

0

CollectRenaissance.com is an official e-commerce platform offering luxury bedding, pillows, linens, robes, and home decor inspired by Renaissance Hotels, a Marriott International brand. The website targets consumers seeking premium hotel-quality home products and operates as part of a large hospitality and retail ecosystem. The site demonstrates a mature digital presence with multiple marketing and analytics integrations, including Adobe Launch, Google Tag Manager, and OneTrust for privacy compliance. The technical infrastructure is hosted on AWS with modern TLS protocols and a valid SSL certificate, though performance is impacted by a large page size and resource count. Security posture is strong with strict DMARC policies and no major SSL vulnerabilities, but a subdomain takeover risk exists on the staging subdomain. Privacy compliance is robust with clear cookie consent mechanisms and comprehensive privacy policies. Contact information is clearly provided, enhancing business credibility. Overall, the site is professional and trustworthy but could improve performance and address the subdomain vulnerability.

W

Westin Store

westinstore.com

0

Westin Store is an e-commerce retailer specializing in luxury bedding, linens, and bath products inspired by the Westin Hotels brand, a subsidiary of Marriott International. The website targets consumers seeking premium hotel-quality sleep and bath products, offering a broad catalog of branded merchandise. The business model is direct-to-consumer online retail with integrated customer support and marketing channels. Technically, the site is built on Magento with extensive use of Adobe Launch, Google Tag Manager, and OneTrust for privacy compliance. However, the site suffers from a critical security issue: the absence of a valid SSL certificate and disabled TLS protocols, which severely impacts the security posture and user trust. The site implements strong privacy and cookie consent mechanisms, including GDPR-compliant policies and DMARC email protection. Overall, the website is professionally designed with good content quality and marketing integration but requires urgent remediation of its SSL/TLS configuration and subdomain takeover vulnerability to improve security and trustworthiness.

W

W Hotels Store

whotelsthestore.com

0

W Hotels Store is a luxury e-commerce platform offering branded bedding, bath, and fragrance products associated with the W Hotels brand, a Marriott International property. The website targets consumers seeking premium hotel-quality home products, leveraging the strong brand recognition of W Hotels and Marriott. The business model is retail-focused, selling directly to consumers online with a medium-sized operational footprint based in France. The site integrates advanced marketing and analytics tools such as Adobe Launch and Google Tag Manager, and employs OneTrust for GDPR-compliant cookie consent management. However, the absence of a valid SSL certificate on the main domain is a critical security flaw that undermines user trust and data protection.

S

Shop EDITION

shopedition.com

0

Shop EDITION is a luxury e-commerce platform offering home and lifestyle products inspired by EDITION Hotels, a brand under Marriott International. The website targets affluent consumers seeking premium bedding, bath, fragrance, and home décor items. The business leverages strong brand association with Marriott and provides a comprehensive online shopping experience with rich multimedia content and clear navigation. Technically, the site is built on Magento with extensive use of marketing and analytics tools including Adobe Launch, Google Tag Manager, and multiple tracking pixels. However, the site suffers from a critical security weakness due to the absence of a valid SSL certificate and lack of modern TLS protocols, which significantly impacts its security posture. Privacy compliance is well addressed with a detailed privacy policy, cookie consent managed by OneTrust, and GDPR-aligned practices. Contact information is clearly presented, enhancing business credibility. Overall, the site is professional and trustworthy but requires urgent security improvements to protect user data and maintain trust.

U

Ubigreen

ubigreen.com

0

Ubigreen is a French company specializing in software and sensor solutions for optimizing energy performance and workspace management in buildings. Positioned as an essential player in the energy sector, it serves large enterprises, public organizations, and educational institutions with a comprehensive suite of services including energy management systems, telemetering, regulatory compliance consulting, and simplified building technical management (GTB Light). The company is part of the Planon group, enhancing its market credibility and reach. Technically, the website is built on WordPress with the Divi theme and several advanced plugins, offering good content quality and user experience. However, a critical security weakness is the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Privacy and legal compliance are addressed with clear privacy and terms pages, though a cookie consent mechanism is missing. Overall, the site demonstrates strong business credibility and content quality but requires urgent security improvements to protect user data and enhance trust.

T

The Luxury Collection Store

luxurycollectionstore.com

0

The Luxury Collection Store is a premium e-commerce platform offering luxury bedding, linens, bath and spa products, and travel accessories associated with Marriott International's luxury hotel brands. The website targets affluent consumers seeking high-end hospitality products and operates primarily in the European market with multilingual support. Technically, the site is built on Magento with integrations for Adobe Launch, Google Tag Manager, and OneTrust for privacy compliance. While the site demonstrates excellent content quality, branding consistency, and user experience, it suffers from critical security shortcomings, notably the absence of a valid SSL certificate and lack of HTTPS enforcement, which poses significant risks to user data and trust. Privacy compliance is strong with comprehensive cookie consent mechanisms and GDPR adherence. Overall, the site is professional and trustworthy but requires urgent security improvements to protect customer data and maintain brand reputation.

C

Criteo

criteo.com

0

Criteo is a leading global Commerce Media Platform provider headquartered in France, founded in 2005. The company offers a comprehensive suite of advertising and retail media solutions powered by extensive commerce data and AI technologies. Their platform connects brands, retailers, media owners, and agencies to deliver personalized and performance-driven advertising across multiple channels. Technically, the website is built on WordPress with modern frameworks and integrates various analytics and marketing tools such as Google Tag Manager, New Relic, Dreamdata, and OneTrust for privacy compliance. Security measures include a valid SSL certificate, HSTS enabled, and no detected vulnerabilities, although improvements in DNSSEC and CAA records are recommended. The company maintains a strong privacy and cookie policy presence with GDPR compliance and provides multiple contact points via forms. Overall, Criteo demonstrates a mature digital infrastructure, strong security posture, and a high level of professionalism and trustworthiness in its online presence.

É

École Française Motocyclisme

ecole-francaise-motocyclisme.com

0

École Française Motocyclisme is a French organization dedicated to motorcycle training across various disciplines including motocross, enduro, trial, and motoball. It operates a national network of over 150 certified schools and is affiliated with the Fédération Française de Motocyclisme, positioning itself as a key player in motorcycle sports education in France. The website serves as an educational and promotional platform, offering expert advice, school locators, and event information. Technically, the site is built on WordPress with common web technologies such as jQuery, Google Maps API, and Google Analytics. While the site has a valid SSL certificate and implements cookie consent mechanisms, it lacks modern TLS protocols and advanced DNS security features. Performance is slow, likely due to resource load and page size. Security posture is moderate with room for improvement in protocol support and formal security policies. Overall, the site is professional, trustworthy, and well-branded, targeting motorcycle enthusiasts and learners in France.

The website getapp.fr is currently inaccessible due to a Cloudflare security block, which prevents access to any business-related content or metadata. As a result, no information about the company, its services, or policies can be extracted. The site is protected by Cloudflare, which provides a valid SSL certificate but lacks modern TLS protocol support and advanced security headers such as HSTS or Content-Security-Policy. DNSSEC is not enabled, and CAA records appear malformed, indicating potential gaps in DNS security configuration. No privacy, cookie, or terms of service policies are present, and no contact or social media information is available. Overall, the website's digital presence is minimal and currently non-functional for end users.

The website capterra.fr is currently inaccessible due to a Cloudflare security block, preventing access to any business-related content or metadata. The site is protected by Cloudflare's security service, which has triggered a block likely due to suspicious activity or automated requests. The SSL certificate is valid but lacks modern TLS protocol support, and DNSSEC is not enabled, indicating room for improvement in cryptographic and DNS security. No privacy, cookie, or terms of service policies are publicly available, and no contact or business information can be extracted from the page. Overall, the website's digital presence is minimal and lacks transparency and user-facing content, which negatively impacts trust and user experience.

N

Nicols Yachts

nicolsyacht.com

0

Nicols Yachts is a French manufacturer specializing in the construction and sale of riverboats and habitable barges, serving both private individuals and professional clients. Established in 1986, the company has a strong market position in the transportation sector with a comprehensive business model that includes boat construction, sales, rental base management, and cruise commercialization. The website reflects a mature digital presence with multilingual support and e-commerce capabilities. Technically, the site is built on WordPress with Divi and WooCommerce, hosted on OVH, and optimized for performance and SEO. Security posture is solid with valid SSL certificates and HSTS enabled, but lacks modern TLS protocol support and explicit security policies. Privacy and cookie policies are well implemented and GDPR compliant. Overall, the company demonstrates a professional and trustworthy online presence with room for security enhancements.

E

Engitechs

engitechs.com

0

Engitechs is a French SME specializing in the distribution of LED lighting products, with over 20 years of market presence. The company offers a wide range of LED strips, profiles, controllers, and accessories, targeting customers across metropolitan France and overseas territories. Their business model focuses on providing quality products combined with technical expertise and customer support, positioning themselves as a trusted partner in the LED lighting sector. Technically, the website is built on WordPress with WooCommerce, enhanced by popular plugins such as Yoast SEO for search optimization and WP Rocket for performance. The site demonstrates good mobile optimization and SEO practices, with structured data and social media integration. However, the SSL configuration lacks modern TLS protocol support, which is a security concern. From a security perspective, the site uses a valid SSL certificate and has SPF records configured for email protection. No critical vulnerabilities were detected, but the absence of modern TLS versions and security headers reduces the overall security posture. There is no explicit security policy or incident response information publicly available, which could be improved to enhance trust and compliance. Overall, Engitechs presents a professional and trustworthy online presence with solid business and technical foundations. Strategic improvements in security protocols and transparency around security policies would further strengthen their risk management and customer confidence.

F

Fédération Française de Motocyclisme

ffmoto.org

0

The Fédération Française de Motocyclisme (FFM) is the official governing body for motorcycling sports and activities in France. The organization provides a comprehensive digital platform offering licensing, competition results, live event streaming, and educational resources to a broad audience including riders, clubs, officials, and volunteers. The website demonstrates a strong market position as a large, well-established non-profit federation with multiple dedicated subdomains serving different community segments. Technically, the FFM website is built on Drupal 8 CMS and leverages a variety of modern web technologies and analytics tools such as Google Analytics, Matomo, Facebook Pixel, and Hotjar. The site is hosted on infrastructure managed by Gandi and employs good security practices including valid SSL certificates and security headers. However, it lacks support for modern TLS protocols and DNS security enhancements like DNSSEC and CAA records. From a security perspective, the site is well-configured with HSTS enabled and no known SSL vulnerabilities. Privacy and cookie policies are present and GDPR compliant, with a clear consent mechanism. Contact information is transparent and easily accessible. There is no explicit incident response or security policy published, which could be an area for improvement. Overall, the FFM website is a professional, trustworthy, and well-maintained platform that effectively serves its community. Strategic improvements in security protocols and transparency around incident response would further enhance its security posture and stakeholder trust.

M

MonClocher.com

monclocher.com

0

MonClocher.com is a specialized French service provider focused on creating customized websites and digital communication solutions for local governments and municipalities. With over 20 years of experience and a parent company A3 Web, it holds a niche market position offering tailored services including website creation, visual identity, virtual tours, and ongoing maintenance. The website demonstrates good digital maturity with modern CMS usage, SEO optimization, and accessibility features. Security posture is adequate with a valid SSL certificate and no known vulnerabilities, but lacks modern TLS protocol support and advanced security headers. Privacy compliance is strong with GDPR-aligned cookie consent mechanisms and privacy policies. Overall, the company presents a trustworthy and professional online presence targeting French local governments.

A

A3 WEB

a3web.fr

0

A3 WEB is a French digital agency based in Cholet specializing in the creation of websites, SEO, SEA campaigns, mobile applications, and webmarketing services. With over 20 years of experience, the agency serves primarily small to medium-sized enterprises and local businesses in the Maine-et-Loire and Vendée regions. Their service offerings include bespoke website development, e-commerce solutions, mobile app development using Ionic, and comprehensive digital marketing strategies. The agency emphasizes local presence and personalized client relationships, supported by a professional website with strong SEO and marketing integrations. Technically, the website is built on WordPress with a suite of plugins including Yoast SEO, Ninja Forms, WP Rocket, and Complianz for GDPR compliance. The site uses a valid SSL certificate but lacks modern TLS protocol support and some advanced security headers. Hosting and email services appear to be provided by OVH. Performance is optimized with caching and lazy loading, and the site is mobile-friendly with good SEO practices including structured data. From a security perspective, the site has a valid SSL certificate and no known major vulnerabilities but lacks DNSSEC and HSTS enforcement. Cookie consent is managed properly with a consent mechanism in place. No explicit security policy or incident response information is found. The agency demonstrates good privacy compliance with a comprehensive privacy policy and cookie policy. Overall, A3 WEB presents a solid digital presence with a focus on local market needs, good technical infrastructure, and a moderate security posture. Strategic improvements in security protocols and enhanced transparency on terms of service and incident response would strengthen their trustworthiness and compliance posture.

E

E.Leclerc

e.leclerc

0

E.Leclerc operates a large-scale retail e-commerce platform primarily serving consumers in France. The website is built using modern web technologies such as Angular and integrates multiple marketing and tracking tools including Google Tag Manager and Quadran QWATracker. The company maintains a strong security posture with valid SSL certificates issued by a reputable CA, strict transport security headers, and protection against common web vulnerabilities. However, the absence of modern TLS protocols and DNS security extensions like DNSSEC and CAA records indicates areas for improvement. The website lacks visible privacy, cookie, and terms of service policies, which may impact compliance with GDPR and other regulations. No direct contact information or forms are present in the analyzed HTML content, limiting user engagement and support transparency.

P

PRORIMA

prorima.com

0

PRORIMA is a French distributor specializing in motocross equipment, primarily representing the 100% brand and other related brands. The company targets professional resellers and motocross enthusiasts, offering a B2B platform for equipment procurement. The website is professionally designed, with clear navigation and relevant content focused on the motocross retail sector in France. Technically, the site uses Apache server technology with JavaScript libraries such as jQuery and ResponsiveSlides.js, and employs a cookie consent management tool (tarteaucitron). The SSL certificate is valid but lacks modern TLS protocol support, indicating room for security improvements. Security headers are implemented adequately, but enhancements like longer HSTS duration and DNSSEC are recommended. No explicit security or incident response policies are published, and no company contact emails are visible, though a clear company phone number and Instagram social media link are provided.

N

NEKEN

nk-neken.com

0

NEKEN is a French manufacturer specializing in high-quality handlebars, triple clamps, and air clamps for off-road motorcycles, serving both professional and amateur riders. The company has a solid market position supported by endorsements from top motocross riders and a focus on product durability and rider comfort. Their business model centers on manufacturing and aftermarket sales with a medium-sized operation founded in 1990. Technically, the website is built on Drupal 7 with a variety of JavaScript libraries and integrates Google Analytics and reCAPTCHA for user interaction and security. Hosting is provided by OVH, a reputable provider. Security posture is generally good with strong HTTP security headers and a valid SSL certificate, though the lack of modern TLS protocols and some CSP weaknesses suggest room for improvement. The site includes cookie consent mechanisms but lacks explicit privacy and terms of service policies, which are critical for compliance and user trust. Overall, the website is professional and well-branded but could enhance its security and compliance maturity.

3

3AS racing

3as-racing.com

0

3AS Racing is a specialized e-commerce retailer founded in 2007, focusing on motorcycle, motocross, enduro, scooter, and quad parts, accessories, and equipment. With a large product catalog exceeding 250,000 items and a sizable warehouse near Bordeaux, France, the company serves a dedicated community of over 130,000 customers. Their business model centers on providing top brands at competitive prices with fast delivery and strong customer support. Technically, the website leverages Prestashop CMS, integrates multiple marketing and analytics tools including Google Analytics, Facebook Pixel, and Sendinblue, and is hosted behind Cloudflare for performance and security. While the SSL certificate is valid, the absence of modern TLS protocols and HSTS reduces the security posture. The site implements GDPR-compliant privacy and cookie policies with consent mechanisms. Overall, the platform demonstrates good digital maturity and professionalism, though security enhancements are recommended.

Honda France operates as a major enterprise in the transportation and manufacturing sectors, offering a diverse range of products including automobiles, motorcycles, marine engines, industrial equipment, garden tools, and snow throwers. The website serves as a portal to various product divisions and regional Honda sites, targeting French consumers and related markets. The business model focuses on manufacturing and retail with a strong brand presence and consistent branding across multiple languages and regions. Technically, the website is built on a modern infrastructure likely powered by Adobe Experience Manager CMS, hosted on Amazon CloudFront CDN, and uses ES6 JavaScript modules. Performance is inferred to be fast with good mobile optimization and basic accessibility and SEO. The site integrates Google Tag Manager for analytics and OneTrust for cookie consent, indicating a moderate level of digital maturity. From a security perspective, the site employs a valid DigiCert SSL certificate with strong security headers including HSTS and X-Frame-Options. However, no TLS protocols are currently enabled, which is a critical issue. The site lacks explicit privacy, terms of service, security policies, or incident response information. DNSSEC is not enabled, and no vulnerability disclosure or security.txt files are present. Overall, the security posture is good but could be significantly improved by enabling TLS, enforcing CSP, and publishing clear security and privacy documentation. The overall risk is moderate due to missing compliance documentation and TLS configuration gaps. Strategic recommendations include enabling TLS 1.2+, enforcing CSP, publishing privacy and security policies, and enhancing incident response readiness to improve trust and compliance.

R

Rookie's Cup

rookiescup.com

0

Rookie's Cup is a specialized event organizer focused on motocross festivals and competitions for young riders aged 6 to 25 years, positioning itself as the leading European motocross festival for youth. The website is built on a modern WordPress infrastructure using Elementor and optimized with WP Rocket, indicating a mature digital presence with good SEO and performance practices. Social media integration and partner branding enhance its market visibility. Security posture is adequate with a valid SSL certificate and no known vulnerabilities, but lacks advanced security headers and DNS protections. Privacy compliance is basic with a GDPR-compliant privacy policy but no visible cookie consent mechanism. Overall, the site demonstrates a professional and trustworthy online presence with room for security and compliance improvements.

PID Polyester Innovation Développement is a French manufacturer specializing in monobloc polyester swimming pools with nearly 40 years of experience. The company emphasizes quality, customization, and customer service, targeting residential customers in France. Their market position is strengthened by patented technology and compliance with French safety standards. Technically, the website is built on WordPress with the Divi theme, integrating modern marketing and analytics tools such as Google Analytics, Facebook Pixel, and Brevo email marketing. The site is performant and mobile-optimized but lacks some advanced security configurations such as modern TLS protocols and security headers. The security posture is moderate with valid SSL but no DNSSEC or HSTS enabled. Privacy compliance is good with GDPR-aligned cookie consent mechanisms. Overall, the company presents a professional and trustworthy online presence with clear contact information and active social media engagement.

P

Piscines Provence Polyester

piscines-ppp.com

0

Piscines Provence Polyester is a French manufacturer and installer of polyester shell swimming pools, established in 1972 and part of the TEAM HORNER group since 2020. The company offers a wide range of pool models and installation services, targeting residential customers in France. Their market position is strong with over 50 years of experience and trust signals such as AXA insurance guarantees and membership in the Federation of Pool and Spa Professionals. Technically, the website is built on WordPress with Elementor and several premium plugins, hosted on Hostinger with LiteSpeed server technology. The site supports multilingual content (French and German) and complies with GDPR through a cookie consent mechanism. Security posture is moderate with a valid SSL certificate but lacks modern TLS protocols and advanced security headers. No explicit security policy or incident response information is published. Overall, the business demonstrates good digital maturity and professionalism but could improve security configurations and transparency.

B

Broadpeak

broadpeak.tv

0

Broadpeak is a technology company specializing in video streaming solutions, empowering video service providers with advanced content delivery networks, cloud DVR, content personalization, and edge computing technologies. The company targets broadcasters, OTT platforms, and telecom operators globally, positioning itself as a key player in the video streaming technology market. Their website demonstrates a mature digital presence with comprehensive content and strong branding. Technically, the site is built on WordPress with Elementor, leveraging Cloudflare for CDN and security. The security posture is solid with a valid SSL certificate and no known vulnerabilities, though it lacks modern TLS protocol support and advanced DNS security features. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. Overall, Broadpeak's online presence reflects a professional and trustworthy organization with a focus on innovation in streaming technology.

N

Nintex

nintex.fr

0

The website exhibits a concerning security posture with multiple critical and high-severity issues, particularly in regulatory compliance and security policy implementation. The presence of a critical GDPR violation highlights significant risks of legal penalties and reputational damage for EU operations. Key security headers are missing or misconfigured, increasing vulnerability to web-based attacks such as clickjacking, cross-site scripting, and data leakage. Additionally, the absence of a formal information security framework, incident response, and business continuity planning under NIS2 regulations further exposes the business to operational risks. While email, SSL/TLS, DNS, and network security components show relatively stronger scores, gaps remain that require attention. Immediate remediation is necessary to ensure regulatory compliance, protect customer data, and maintain business continuity. Overall, the website is at elevated risk for cyber incidents and non-compliance penalties, warranting prioritized security improvements.

G

Gadgets 360 French

gadgets360.fr

0

The website's overall security posture reveals significant gaps, particularly in privacy compliance and information security governance. Critical GDPR violations, including the absence of a privacy policy, cookie policy, and consent mechanisms, expose the business to regulatory fines and reputational damage within the EU market. Additionally, there is a lack of fundamental security policies and incident response procedures as per NIS2 requirements, indicating a weak organizational security framework. Email authentication is critically deficient, increasing the risk of phishing and domain spoofing attacks. While network security and SSL/TLS configurations are relatively strong, key HTTP security headers are missing or misconfigured, weakening protection against common web vulnerabilities. DNS security practices like DNSSEC and CAA records are also lacking, which could facilitate domain hijacking or certificate fraud. Overall, these deficiencies present significant compliance, operational, and security risks that should be addressed promptly to safeguard the business and customer trust.

The website demonstrates a generally stable security posture with no critical or high-severity issues detected. However, several medium-level vulnerabilities pose potential risks that could affect data integrity, regulatory compliance, and user trust. Notably, the absence of key security headers and HSTS increases exposure to man-in-the-middle and content injection attacks. Failure in GDPR and NIS2 compliance assessments signals potential legal and regulatory risks that could lead to fines or reputational damage. Email security gaps, such as missing DKIM records, may reduce email deliverability and increase phishing risks. Mixed content issues undermine the full benefits of HTTPS encryption, potentially exposing users to data interception. The DNS health is moderately strong but lacks DNSSEC and CAA records, which are important for preventing DNS spoofing and unauthorized certificate issuance. Overall, while network security appears robust, addressing these medium and low issues is critical for enhancing security resilience and compliance posture.

The website's overall security posture is moderate with no critical issues detected but several high and medium-risk findings requiring prompt attention. Key vulnerabilities include an unregistered MX record and exposure of a high-risk FTP service, which pose significant risks to email reliability and network security respectively. Additional concerns involve missing security headers, lack of DNSSEC, and absence of DKIM records, which can undermine data integrity, privacy compliance, and email authentication. GDPR and NIS2 compliance failures highlight potential regulatory risks that could lead to legal penalties or reputational damage. Positive aspects include strong SSL/TLS implementation and relatively good email security scores. However, the incomplete DNS and network configurations suggest gaps that could be exploited by attackers. Addressing these issues will significantly enhance security resilience, regulatory compliance, and trust with customers and partners.

The website demonstrates a solid baseline security posture with no critical or high severity issues detected. SSL/TLS and network security configurations are robust, scoring a perfect 100, indicating strong encryption and resilient infrastructure. However, there are several medium-level concerns related to compliance and domain security that could expose the business to regulatory penalties and increased attack surface. Notably, failure in GDPR and NIS2 analyses suggests potential gaps in data protection and regulatory adherence. Additionally, the absence of DNSSEC and a non-enforcing DMARC policy increase the risk of domain spoofing and phishing attacks. While low-level issues like missing CAA records have less immediate impact, they still represent opportunities to strengthen trustworthiness. Addressing these medium-priority vulnerabilities will enhance the organization’s risk management and reduce exposure to potential data breaches or compliance fines.

This website has 7 security issue(s) identified for improvement. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website demonstrates a generally solid security posture with no critical or high-risk vulnerabilities detected. Key areas such as email security and SSL/TLS configurations are well-implemented, scoring a perfect 100. However, several medium-level issues related to compliance (GDPR, NIS2), DNS configuration, and security headers present potential risks that could impact regulatory adherence and expose the business to targeted attacks. The absence of DNSSEC and CAA records could increase susceptibility to DNS spoofing or certificate mis-issuance, while exposed SSH services may allow unauthorized access if not properly secured. Addressing these medium-level issues will strengthen the overall security framework, reduce regulatory risks, and enhance trust with customers and partners. Proactive remediation will also prepare the business for evolving compliance requirements and threat landscapes. Overall, the environment is stable but requires focused improvements to mitigate medium-risk vulnerabilities and maintain a robust security posture.

The website's overall security posture presents significant concerns, particularly with critical network exposure that could lead to severe data breaches. While SSL/TLS protocols are well-implemented, key areas such as security headers, GDPR compliance, and email security require immediate attention. The exposure of critical database services like MySQL and PostgreSQL to the internet dramatically increases the risk of unauthorized access and data compromise. Additionally, missing DNS security features like DNSSEC and CAA records weaken domain integrity and increase susceptibility to spoofing attacks. The absence of DKIM records undermines email authenticity, potentially impacting deliverability and increasing phishing risks. Medium-level issues, including failure in security headers and compliance frameworks, suggest gaps in defense-in-depth strategies. Immediate remediation of critical and medium risks is crucial to safeguard business reputation, ensure regulatory compliance, and protect sensitive customer data. Proactive security enhancements will also support operational resilience and maintain customer trust in the digital platform.

The website's overall security posture reveals significant gaps, particularly in compliance with NIS2 requirements and SSL/TLS configurations, which present substantial business risks. No critical vulnerabilities were found, but multiple high and medium severity issues indicate inadequate security governance and exposure to potential attacks. The absence of a documented security framework, incident response procedures, and security policy documentation severely limits the organization's ability to manage and respond to threats effectively. SSL certificates nearing expiration and weak cryptographic keys increase the risk of data interception and loss of customer trust. Exposure of high-risk services like NetBIOS and RDP on the network further elevates the threat landscape by providing potential entry points for attackers. GDPR compliance failures and missing security headers may result in regulatory penalties and reduce overall website security. While email security and DNS health show moderate strength, improvements are needed to close existing gaps. Immediate attention to these areas will help mitigate risks, comply with regulations, and protect business continuity.

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but multiple high and medium-risk issues, particularly in security headers, GDPR compliance, and NIS2 regulatory adherence. Key gaps include missing essential HTTP security headers such as Strict-Transport-Security and Content-Security-Policy, exposing the site to man-in-the-middle and cross-site scripting attacks. GDPR compliance is poor, lacking privacy and cookie policies and consent mechanisms, risking regulatory penalties and reputational damage. Similarly, the absence of documented information security frameworks, incident response procedures, and security contact points undermines operational resilience and regulatory compliance under NIS2. Email security controls like DMARC and DKIM are partially implemented but need enforcement to prevent phishing risks. SSL/TLS and DNS configurations are relatively strong but can be further improved by enabling HSTS and DNSSEC. Network security posture is solid, indicating good infrastructure controls. Addressing these issues promptly will reduce legal risks, enhance customer trust, and strengthen overall cyber resilience.

I

Inforoutes 06

inforoutes06.fr

0

The website's overall security posture reveals significant gaps, particularly in privacy compliance and core security controls. Critical issues include the absence of essential email authentication, exposing the organization to phishing risks, and non-compliance with GDPR regulations despite operating in the EU, which could result in legal penalties and reputational damage. The lack of security policies, incident response procedures, and vulnerability disclosure mechanisms indicates immature information security governance. Missing key HTTP security headers such as Content-Security-Policy and X-Frame-Options increase exposure to common web attacks like clickjacking and cross-site scripting. Additionally, the presence of a high-risk exposed FTP service and issues within SSL/TLS configurations further elevate the risk profile. While DNS and network security show moderate maturity, critical controls require immediate attention. Addressing these findings will enhance regulatory compliance, reduce cyber risk, and protect customer trust.