Security Directory

D

Département des Alpes-Maritimes

mesdemarches06.fr

0

The website’s overall security posture reveals significant gaps, particularly in privacy compliance and foundational security policies, posing substantial business and regulatory risks. Critical and high-severity issues center around GDPR non-compliance, including the absence of privacy and cookie policies and consent mechanisms, which expose the business to potential legal penalties and reputational damage within the EU market. The lack of an established information security framework, incident response plan, and security documentation further undermines operational resilience and regulatory adherence, notably under NIS2 requirements. Technical security controls such as missing Content-Security-Policy headers, weak SSL key length, and incomplete email authentication protocols exacerbate the risk of data breaches and phishing attacks. While network security and DNS health show relatively strong scores, essential improvements in SSL/TLS configuration and security headers are needed. Immediate remediation is critical to avoid compliance violations, reduce attack surfaces, and protect customer trust. Without addressing these issues promptly, the business risks operational disruption, data compromise, and financial penalties. Overall, the assessment points to urgent needs for governance, compliance, and technical controls alignment to safeguard the enterprise and its customers.

B

BNP Paribas

integrated-report.bnpparibas

0

The website exhibits significant security weaknesses across several critical domains, posing substantial risks to business operations and regulatory compliance. Notably, the absence of key email authentication mechanisms and poor SSL/TLS configurations expose the site to phishing, spoofing, and data interception threats. GDPR compliance is severely lacking, with no privacy policy or cookie consent banner, increasing legal and reputational risks. The missing security framework, policies, and incident response plans reflect immature cybersecurity governance, undermining the organization's ability to manage and recover from security incidents. While network security posture and DNS health are relatively strong, fundamental security headers and content security policies are not properly implemented, leaving the site vulnerable to common web attacks. Overall, the current posture could lead to data breaches, regulatory fines, and erosion of customer trust if not addressed promptly. Immediate action is essential to strengthen defenses and align with industry best practices and regulatory requirements.

The website exhibits a mixed security posture with strong email, SSL/TLS, and network security measures, reflected in high module scores. However, significant gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and absence of essential security governance documents. A critical issue flagged is operating as an EU business without adequate privacy safeguards, exposing the organization to regulatory fines and reputational damage. Medium-level security header deficiencies and DNS configuration gaps further increase the risk surface. While foundational technical controls are solid, the lack of formalized incident response, business continuity, and vulnerability disclosure processes signals immature security management. This combination represents a substantial compliance and operational risk that must be addressed promptly to safeguard customer trust and avoid legal penalties. Immediate attention to privacy, policy documentation, and incident readiness will provide the greatest business value and risk reduction.

L

LCL

lcl.fr

0

The website exhibits a mixed security posture with strong performance in SSL/TLS, network security, and email security, but significant gaps in GDPR compliance and NIS2 regulatory requirements. Critical issues include operating an EU-facing business without adequate privacy measures, lacking core privacy policies, and missing incident response and security documentation. These deficiencies expose the business to legal risks, regulatory penalties, and reputational damage, particularly under stringent EU data protection laws and NIS2 mandates. Security headers are generally adequate but could be improved to guard against common web threats. DNS and email security are moderately well-configured but require enhancements to strengthen defenses against spoofing and DNS attacks. Overall, the company must prioritize compliance and governance frameworks to reduce exposure and build customer trust. Addressing these gaps will mitigate significant business risks and align the website with current cybersecurity and privacy best practices.

The website exhibits significant security and compliance gaps, particularly in privacy and incident management frameworks, posing considerable risks to business reputation and regulatory compliance. Critical deficiencies in GDPR adherence, such as the absence of a privacy policy, cookie policy, and consent mechanisms, expose the business to potential legal penalties and loss of customer trust. The lack of a security policy framework, incident response procedures, and vulnerability disclosure processes undermines the organization's ability to manage and respond to cyber threats effectively. Weak HTTP security headers and mixed content issues indicate vulnerabilities to web-based attacks, potentially compromising user data integrity. Exposure of high-risk services like FTP increases the attack surface and opens pathways for unauthorized access. While email security and DNS health are relatively stronger, they do not compensate for the fundamental gaps in governance and technical controls. Immediate remediation is required to address compliance and critical security flaws to safeguard business continuity and customer confidence. Overall, the security posture is inadequate for operating securely within the EU regulatory environment and against evolving cyber threats.

A

Agence Z&KO

zandko.fr

0

The website exhibits a concerning security posture with multiple critical and high-severity issues that expose the business to regulatory, operational, and reputational risks. Key deficiencies include the absence of fundamental security headers, lack of GDPR compliance mechanisms such as privacy and cookie policies, and missing core information security framework documentation required under NIS2 regulations. These gaps indicate inadequate protection of user data and insufficient preparedness for incident response, which could lead to regulatory fines and loss of customer trust. Additionally, the presence of high-risk exposed services like FTP and incomplete SSL/TLS configurations increase vulnerability to cyberattacks. While some areas like email security and DNS health show relative strength, the overall security maturity is low, necessitating immediate remediation. Addressing these issues will improve compliance, reduce attack surface, and safeguard business continuity. Without prompt action, the organization risks data breaches, legal penalties, and damage to its brand reputation.

I

Icecat

icecat.fr

0

The website's overall security posture reveals significant gaps, especially in privacy compliance and email security, which pose substantial risks to business reputation and regulatory adherence. Critical findings include the absence of essential GDPR-related policies and mechanisms, notably for an EU-based business, exposing the company to potential legal penalties and customer trust erosion. Email authentication is critically lacking, increasing the risk of phishing and domain spoofing attacks that could harm brand integrity. While SSL/TLS and network security are robust, foundational security controls such as Content-Security-Policy headers and security policy documentation are missing or insufficient. The NIS2 compliance score is notably low, indicating inadequate preparedness for incident response and governance requirements. DNS health is generally good but would benefit from enabling DNSSEC to protect against DNS spoofing. Addressing these issues will strengthen regulatory compliance, reduce cyber risk, and protect business continuity and customer trust.

O

OMNES Education

omneseducation.com

0

The website security assessment reveals a concerning overall security posture with no critical issues but multiple high and medium severity findings, particularly in governance, compliance, and security policy domains. Key weaknesses exist in security headers, GDPR compliance, and NIS2 regulatory adherence, exposing the business to legal risks, data privacy violations, and increased vulnerability to cyber threats. Email security and network security show relatively strong performance, reducing risk from phishing and network-based attacks. SSL/TLS configurations need urgent improvement to maintain secure communications, especially given the impending certificate expiry and weak key length. The absence of incident response and business continuity plans further heightens operational risk. Addressing these gaps will significantly reduce the risk of data breaches, regulatory fines, and reputational damage. Immediate focus on compliance and foundational security controls is essential to protect customer trust and meet regulatory requirements.

U

UDITIS SA

formalites-export.com

0

The website demonstrates a generally strong technical security foundation with no critical issues found and excellent scores in network security (100/100) and SSL/TLS (97/100). However, significant gaps exist in regulatory compliance and governance, particularly concerning GDPR and NIS2 frameworks, which present high-risk exposure for legal penalties and operational risks. The absence of privacy and cookie policies, as well as missing consent mechanisms, undermines user trust and compliance with data protection laws. Furthermore, the lack of formal information security frameworks, incident response plans, and security policy documentation exposes the organization to increased vulnerability and reputational damage in case of a breach. Email security posture is moderate but requires improvement to prevent phishing and spoofing attacks. Security headers are generally well-implemented but missing critical policies that enhance protection against clickjacking and information leakage. Addressing these issues promptly will reduce compliance risks, strengthen incident readiness, and improve overall security resilience.

B

Bonpoint

bonpoint-vintage.com

0

The website demonstrates a generally good network security posture and strong email and DNS configurations, but significant gaps exist in privacy compliance and foundational security frameworks. Critical GDPR compliance issues, such as missing privacy and cookie policies and lack of consent mechanisms, present considerable legal and reputational risks. The absence of a documented information security framework, incident response, and business continuity planning under NIS2 further exposes the organization to operational disruptions and regulatory penalties. Weaknesses in SSL/TLS configurations, including weak key lengths and certificates nearing expiration, increase vulnerability to interception and compromise. Security headers are partially configured but lack completeness, potentially allowing certain attack vectors. Overall, the current security posture leaves the business exposed to compliance violations, potential data breaches, and operational risks that could harm customer trust and incur financial penalties. Immediate remediation focusing on compliance and foundational security policies will substantially mitigate these risks and improve resilience.

3

3S-Innovation

3s-innovation.com

0

The website demonstrates several significant security weaknesses that expose the business to reputational, compliance, and operational risks. Critical security headers are missing, undermining protection against common web attacks such as clickjacking, content sniffing, and cross-site scripting. GDPR compliance is notably deficient, with absent privacy and cookie policies and no consent mechanisms, risking legal penalties and loss of customer trust. The absence of a formal information security framework, policies, and incident response procedures further exposes the organization to unmanaged threats and regulatory scrutiny under NIS2 directives. Weaknesses in SSL configuration, such as weak keys and impending certificate expiration, jeopardize data confidentiality and integrity during transmission. While network security posture and email security are relatively strong, urgent remediation is needed in web security headers, compliance documentation, and security governance. Addressing these vulnerabilities promptly will reduce potential breaches, ensure regulatory compliance, and strengthen stakeholder confidence.

The website demonstrates a generally strong network and email security posture but has significant gaps in critical security and compliance areas. Notably, the absence of a Content-Security-Policy header and weak HTTP security headers increase exposure to common web attacks. Compliance deficiencies related to GDPR, such as missing privacy and cookie policies and consent mechanisms, present legal and reputational risks. The lack of documented information security frameworks, incident response plans, and security policies under NIS2 requirements further heightens operational vulnerabilities. While SSL/TLS and DNS configurations are mostly adequate, some improvements are needed to maintain trust and secure communications. Overall, the current security posture exposes the business to regulatory penalties, data breaches, and service interruptions. Addressing these issues promptly will strengthen compliance, reduce risk, and protect customer trust.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 3 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

I

Indosuez Wealth Management

ca-indosuez.fr

0

The website's overall security posture is critically weak and exposes the business to significant risks, particularly regarding data protection and regulatory compliance. The absence of HTTPS encryption is a critical vulnerability affecting GDPR, NIS2, and SSL/TLS compliance, jeopardizing user data confidentiality and trust. Key security headers are missing or poorly configured, increasing exposure to web-based attacks such as clickjacking and cross-site scripting. The lack of a cookie policy and consent mechanisms indicates non-compliance with GDPR, which could lead to legal penalties and reputational damage. Furthermore, the absence of essential NIS2 security policies, such as incident response and security documentation, suggests insufficient organizational security governance. DNS and email security configurations reveal gaps that could enable phishing or spoofing attacks. While network security posture is good, the overall lack of fundamental protections necessitates urgent remediation to safeguard the business and meet regulatory requirements.

F

Finaxy Group

finaxygroup.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and data integrity, impacting GDPR and NIS2 compliance. Key security headers are either missing or misconfigured, increasing the risk of cross-site scripting (XSS), clickjacking, and content injection attacks. The lack of privacy and cookie policies along with missing consent mechanisms exposes the company to legal penalties under data protection regulations. Furthermore, insufficient information security governance, including missing incident response and business continuity plans, indicates poor preparedness against cyber threats. While network security and email security show strengths, they are overshadowed by critical gaps in web security and compliance. Immediate remediation is required to protect sensitive customer data, maintain trust, and meet regulatory requirements. Without urgent action, the business is vulnerable to legal actions, data loss, and operational disruptions.

S

Stéphane-Alexandre Dani

art-dani.com

0

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputation damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all data confidentiality and integrity guarantees. Key security headers like Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options are missing, increasing the risk of web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements including Privacy Policy, Cookie Policy, and consent mechanisms places the company at risk for legal penalties and customer trust erosion. Additionally, the absence of foundational NIS2 security governance documents such as incident response and security policies further weakens organizational readiness against cyber threats. While network security and DNS health show relatively strong posture, critical gaps in SSL/TLS and email security remain. Immediate action is required to remediate these high and critical issues to protect customer data, comply with regulations, and maintain business continuity.

I

InfraOpS

infraops.fr

0

The website's security posture is critically weak, exposing the business to significant risk both technically and legally. The absence of HTTPS encryption and critical security headers like Strict-Transport-Security and Content-Security-Policy leaves user data vulnerable to interception and attacks such as man-in-the-middle and clickjacking. Moreover, the lack of GDPR compliance measures including privacy and cookie policies, as well as consent mechanisms, exposes the business to regulatory penalties, especially given the EU presence. The missing NIS2 security framework and incident response plans indicate inadequate preparedness for cyber incidents, increasing downtime and reputational damage risks. Email security weaknesses, such as missing DMARC and DKIM records, heighten the risk of email spoofing and phishing attacks targeting customers and partners. DNS health is moderate but could be improved with DNSSEC to prevent DNS attacks. Although network security posture is strong, this does not compensate for the critical gaps in web security and compliance. Immediate remediation is essential to protect customer trust, ensure regulatory compliance, and safeguard business continuity.

N

Namebay

namebay.com

0

The website's security posture is currently inadequate, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Additionally, missing GDPR compliance elements such as privacy and cookie policies, along with a lack of consent mechanisms, expose the business to legal penalties and customer trust erosion. Security governance is weak, with no documented incident response, security policies, or vulnerability disclosure processes, increasing the risk of unmanaged security incidents. Security headers are partially implemented but lack essential protections against common web attacks. Network-level controls are strong, but this does not offset the critical application-layer and compliance deficiencies. Immediate remediation is required to safeguard customer data and meet regulatory requirements. Without prompt action, the business faces heightened operational and legal risks.

C

Crédit Agricole

credit-agricole.com

0

The website exhibits serious security deficiencies, particularly the complete absence of HTTPS encryption, which critically exposes data in transit and undermines user trust. Compliance with GDPR and NIS2 regulations is severely lacking, with missing cookie policies, consent mechanisms, and essential security governance documentation, posing significant legal and operational risks. While network security and email security demonstrate relatively strong postures, foundational issues around encryption and policy frameworks significantly elevate the organization's exposure to data breaches and regulatory penalties. Security headers and DNS configurations are suboptimal but less urgent relative to the critical gaps. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and uphold the organization's reputation. Without urgent action, the business remains vulnerable to interception, data leakage, and potential loss of customer confidence. Prioritizing HTTPS implementation alongside privacy and incident response policies will substantially improve the security stance. Overall, the current posture demands urgent attention to align with industry best practices and regulatory mandates.

V

Valeo

valeo.com

0

The website's overall security posture is currently poor, with critical deficiencies severely impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical risk, exposing all data in transit to interception and undermining user trust. The site lacks essential GDPR compliance elements, including a privacy policy and cookie consent mechanisms, increasing legal exposure. Furthermore, there is no evidence of adherence to the NIS2 directive, with missing information security frameworks, incident response plans, and security policies. While email and network security scores are strong, foundational web security controls like Content-Security-Policy headers are missing or weak. DNS health is moderately good but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is required to protect customer data, comply with regulations, and mitigate reputational and financial risks. Without urgent action, the business risks significant security incidents and regulatory penalties.

S

Sophia Business Angels

sophiabusinessangels.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability impacting user data confidentiality and trust. Key security headers are missing, increasing exposure to common web attacks such as clickjacking, cross-site scripting (XSS), and content injection. The site also lacks essential GDPR compliance elements like privacy policies and cookie consent, risking substantial legal penalties. Organizational security governance under NIS2 directives is severely lacking with no incident response, security policies, or information security framework in place. While email security and DNS health show moderate strengths, they are insufficient to mitigate the broader critical deficiencies. Immediate remediation is required to protect customer data, meet regulatory requirements, and maintain business continuity. Without urgent improvements, the business faces heightened risk of cyber incidents and regulatory sanctions.

The website's security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical flaw impacting secure communications, user trust, and search engine ranking. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is severely lacking, with no privacy or cookie policies and no consent mechanisms, exposing the business to potential legal penalties. The lack of documented information security frameworks, incident response plans, and vulnerability disclosure policies indicates immature security governance. DNS configuration issues further weaken the infrastructure's resilience to attacks. However, email security and network security are relatively strong areas. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain operational continuity.

L

La Poste

laposte.fr

0

The website's overall security posture is critically deficient, exposing the business to substantial legal, operational, and reputational risks. Key vulnerabilities include the complete lack of HTTPS encryption, missing essential HTTP security headers, and non-compliance with GDPR regulations, which is especially concerning for EU-based operations. The absence of documented information security policies, incident response procedures, and business continuity planning further exacerbates the risk landscape. While email security and network security show relatively stronger performance, critical gaps remain in website security and regulatory compliance. This exposes the business to data breaches, regulatory penalties, and loss of customer trust. Immediate remediation is vital to protect sensitive data, ensure compliance, and maintain operational resilience. Addressing these issues will also enhance the company’s credibility and customer confidence in digital interactions. Without urgent action, the company risks severe financial and legal consequences alongside potential business disruption.

M

Maison Goyard

goyard.com

0

The website's overall security posture reveals significant critical vulnerabilities, notably the complete lack of HTTPS encryption, which poses immediate risks to data confidentiality and user trust. Compliance with GDPR is severely lacking, with no cookie policy or consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of fundamental information security frameworks and incident response procedures further increases operational risk and potential downtime from security incidents. While network security and DNS health show relatively strong scores, critical gaps in TLS/SSL and email security configurations undermine these strengths. Security headers are partially implemented but missing key policies that help mitigate common web-based attacks. Immediate remediation is necessary to safeguard customer data, comply with regulations, and protect business continuity. Addressing these issues will also enhance customer confidence and reduce legal and financial exposure.

C

Christofle

christofle.com

0

The website's overall security posture is currently weak, with critical deficiencies severely impacting confidentiality and compliance. The absence of HTTPS encryption is a critical vulnerability affecting user data security, regulatory compliance (GDPR, NIS2), and trustworthiness, exposing the business to legal and reputational risks. Governance around security policies, incident response, and vulnerability management is largely missing, indicating immature cybersecurity processes. GDPR compliance is particularly poor, lacking cookie consent mechanisms and compliant privacy disclosures, which risks regulatory penalties. While email security and network security show reasonably strong implementations, foundational web security headers are incomplete, increasing exposure to content injection and data leakage attacks. DNS security is moderate but could be improved with DNSSEC and CAA records. Immediate remediation of critical issues is required to protect customer data, ensure regulatory compliance, and maintain business continuity.

F

FIPARC

fiparc.fr

0

The website exhibits significant security weaknesses, particularly in encryption, privacy compliance, and security governance, which pose substantial risks to business operations and customer trust. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and regulatory compliance, especially for EU customers under GDPR. Privacy policies and cookie consent mechanisms are missing, exposing the business to legal penalties and reputational damage. Security headers are inadequately configured, increasing susceptibility to common web attacks such as cross-site scripting. The lack of a formal information security and incident response framework demonstrates immature security governance, potentially delaying breach detection and response. While network security and email protections score relatively well, critical gaps in NIS2 compliance and data protection remain. Immediate remediation is needed to secure communications, ensure regulatory adherence, and establish foundational security policies. Addressing these issues will protect business continuity, customer data, and brand reputation.

C

Crédit Foncier

creditfoncier.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory fines, and reputational damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all secure communications and violating multiple compliance requirements. Key security headers are missing or improperly configured, increasing susceptibility to common web attacks such as clickjacking and content injection. GDPR compliance is severely lacking, with missing privacy, cookie policies, and consent mechanisms, which may lead to regulatory penalties. The organization also shows minimal adherence to the NIS2 directive, lacking fundamental security policies, incident response plans, and information security frameworks. Email security is moderately strong but still requires improvements to prevent spoofing and phishing. DNS and network security are relatively better but need enhancements like DNSSEC implementation. Immediate remediation is essential to protect business operations, ensure customer trust, and comply with legal obligations.

G

Groupe Banque Richelieu

banquerichelieu.com

0

The website's security posture is currently poor, with multiple critical and high-severity issues significantly increasing business risk. The absence of HTTPS encryption is a critical vulnerability, exposing all data transmissions to interception and undermining customer trust and compliance with regulations. Key security headers are missing, which weakens protection against common web attacks such as clickjacking and cross-site scripting. The lack of GDPR compliance elements like privacy and cookie policies, and consent mechanisms, exposes the business to legal penalties and reputational damage. Additionally, the absence of fundamental NIS2 controls such as incident response procedures, security policies, and a security framework indicates immature security governance. Email authentication mechanisms are partially implemented but need enforcement to reduce phishing risks. DNS security is moderately healthy but could be improved by enabling DNSSEC. Overall, immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard customer trust.

N

NEOFA

neofa.com

0

The website's security posture is currently poor, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical issues include the complete lack of HTTPS encryption, which undermines all data confidentiality and integrity. The absence of essential security headers and policies leaves the site vulnerable to common web attacks such as clickjacking, cross-site scripting, and content injection. Furthermore, the lack of GDPR compliance elements such as privacy and cookie policies, and missing consent mechanisms, poses legal risks and potential fines. Deficiencies in NIS2 compliance and incident response planning highlight gaps in organizational readiness to address and recover from security incidents. While network security is strong, foundational elements like DNS health and email authentication require improvement to prevent domain spoofing and phishing. Immediate remediation is essential to protect customers, maintain trust, and comply with legal obligations.

I

IFA Paris

ifaparis.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory fines, and reputational damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all data-in-transit security and violating GDPR and NIS2 requirements. Key security controls such as Content-Security-Policy and cookie management are missing, increasing the risk of cross-site scripting and privacy violations. Compliance with GDPR and NIS2 frameworks is severely lacking, with no cookie policy, consent mechanisms, or documented security and incident response policies in place. While email security and DNS health show relative strength, critical gaps in foundational network and transport layer security remain. Immediate remediation is needed to protect customer data, meet regulatory obligations, and maintain business continuity. Without urgent action, the organization faces heightened risks of cyberattacks, legal penalties, and loss of customer trust. The current security controls score poorly overall, with especially low marks in GDPR and NIS2 compliance modules, reflecting a need for a comprehensive security and compliance program.

G

GrowUp Consulting

growup-hr.com

0

The website demonstrates significant security deficiencies, particularly a complete lack of HTTPS encryption, which poses critical risks to data confidentiality and user trust. Missing essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy increase vulnerability to common web attacks including clickjacking and cross-site scripting. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the business to regulatory non-compliance and potential legal penalties under GDPR. Furthermore, critical gaps in security governance, including missing information security frameworks, incident response procedures, and security policy documentation, indicate immature cybersecurity management. While email security and network security posture are strong, the overall security posture is weak, making the business susceptible to data breaches, reputational damage, and compliance violations. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and safeguard business continuity. Prioritizing HTTPS implementation and establishing a comprehensive security and privacy framework will significantly enhance risk mitigation. DNS security and some network controls are adequate but insufficient to compensate for the critical issues identified.

S

Sonepar

sonepar.com

0

The website's overall security posture is currently inadequate, with critical vulnerabilities posing significant risks to business operations and regulatory compliance. The absence of HTTPS encryption, highlighted as a critical issue across multiple modules, severely compromises data confidentiality and user trust. GDPR compliance is notably poor, with no cookie policy or consent mechanism in place, exposing the organization to legal and financial penalties. Security governance is weak, lacking essential frameworks, policies, and incident response procedures, which undermines the ability to manage and respond to cyber threats effectively. While email security and network security show relatively strong performance, foundational web security controls such as security headers are only moderately implemented. The combination of missing critical headers and weak DNS security measures further increases exposure to attacks like data leakage and DNS spoofing. Immediate remediation is essential to protect sensitive customer data, maintain regulatory compliance, and safeguard the company’s reputation.

E

Elkho Group

elkho-group.com

0

The website's overall security posture is critically weak, with multiple high and critical severity issues identified across core security domains. The absence of HTTPS encryption is the most severe vulnerability, exposing all communications to interception and undermining GDPR compliance. Missing key security headers such as Strict-Transport-Security and Content-Security-Policy further increase the risk of web-based attacks like man-in-the-middle, clickjacking, and cross-site scripting. The lack of GDPR-mandated elements like a cookie policy and consent banner exposes the business to regulatory penalties and reputational damage. Additionally, there is a significant deficiency in compliance with the NIS2 directive, with no documented security policies, incident response, or information security framework in place. While email security and DNS health show some strengths, critical gaps remain, including DMARC enforcement and DNSSEC configuration. Immediate remediation is essential to protect sensitive customer data, ensure regulatory compliance, and maintain customer trust. Without prompt action, the business faces increased risk of data breaches, legal sanctions, and operational disruption.

G

Groupe Boss

groupe-boss.com

0

The website exhibits a severely weak security posture, with critical deficiencies in fundamental protections such as HTTPS encryption and essential security headers. The absence of HTTPS compromises data confidentiality and integrity, exposing both the business and its users to interception and manipulation risks. Missing core security headers like Content-Security-Policy and X-Frame-Options further increase susceptibility to common web attacks including clickjacking and cross-site scripting. Compliance with GDPR and NIS2 regulations is notably poor, with no privacy or cookie policies, no consent mechanisms, and a lack of documented security policies and incident response plans. While email security and network security show strengths, these cannot compensate for the critical web-facing vulnerabilities. The low scores across GDPR and NIS2 modules put the organization at risk for regulatory penalties and reputational damage. Immediate remediation is essential to protect sensitive data, maintain customer trust, and meet legal obligations. Without prompt action, the business faces increased likelihood of breaches, fines, and loss of customer confidence.

B

Banque Européenne du Crédit Mutuel

becm.fr

0

The website's current security posture presents significant risks that could severely impact business operations and regulatory compliance. Critical issues such as the absence of HTTPS encryption and inadequate privacy measures for an EU business expose the company to data breaches, legal penalties, and loss of customer trust. The failure to implement essential GDPR requirements, including privacy and cookie policies and consent mechanisms, increases the risk of non-compliance fines. Additionally, the lack of an information security framework, security policies, and incident response procedures under the NIS2 directive further exacerbates vulnerability to cyber threats and operational disruptions. While network security and DNS health show relatively strong scores, foundational security controls like content security policies and email authentication need improvement. Overall, the organization must urgently address these critical gaps to safeguard customer data, maintain regulatory compliance, and protect brand reputation. Without prompt remediation, the business is exposed to severe financial, legal, and reputational risks.

D

DEF

def-online.com

0

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation, undermining both GDPR and NIS2 compliance. Multiple critical and high-severity issues related to missing security headers and lack of key security governance frameworks further expose the business to risks such as clickjacking, cross-site scripting, and data breaches. The absence of privacy and cookie policies, alongside missing consent mechanisms, significantly increases legal and regulatory exposure under GDPR. Additionally, the lack of documented security policies, incident response procedures, and business continuity planning suggests poor operational preparedness for cyber incidents. While email security and DNS health scores indicate some controls are in place, critical gaps remain that could lead to reputational damage, financial penalties, and loss of customer trust. Immediate remediation is essential to safeguard sensitive data, ensure regulatory compliance, and maintain business continuity. Overall, the website requires a comprehensive security overhaul to align with industry best practices and legal requirements.