Security Directory

V

Volkswagen Leasing GmbH

volkswagen-leasing.de

0

Volkswagen Leasing GmbH operates a comprehensive leasing and fleet management service platform targeting business customers, including large and fleet clients, authorities, and special groups. The company is positioned as the largest automotive leasing provider in Europe, supported by its parent Volkswagen Financial Services AG and subsidiaries such as Volkswagen Bank GmbH. The website offers detailed information on leasing, financing, insurance, and fleet electrification services, leveraging a modern digital infrastructure based on Adobe Experience Manager and Amazon CloudFront hosting. Despite a strong brand presence and good content quality, the site suffers from a critical security issue with an invalid self-signed SSL certificate and lacks visible cookie consent mechanisms. Security headers are well configured, but TLS protocols are disabled, reducing overall security posture.

S

Solarisbank AG

solarisbank.com

0

Solarisbank AG operates as a leading embedded finance platform in Europe, offering a comprehensive Banking-as-a-Service solution that enables businesses to integrate digital banking, payment, lending, and identification services via advanced RESTful APIs. The company holds a full German banking license, allowing it to operate seamlessly across EU countries. Solarisbank targets businesses seeking to embed financial services into their products, positioning itself as a neutral B2B2X partner with a strong market presence and trusted by major innovators such as Samsung and American Express. Technically, Solarisbank's website is built on modern frameworks including React and Gatsby, hosted on Netlify, and leverages Contentful as a CMS. The platform demonstrates excellent performance, mobile optimization, and accessibility, with a well-structured navigation and high-quality content. Analytics are implemented via piwik.pro, reflecting a moderate level of user tracking with good privacy compliance. From a security perspective, Solarisbank employs robust HTTP security headers including HSTS with preload, X-Frame-Options, and Content-Security-Policy, although the absence of enabled TLS protocols is a notable gap. The site lacks a cookie consent mechanism and a public vulnerability disclosure page, but provides clear contact channels for incident reporting and names key compliance officers, including a Money Laundering Reporting Officer. Overall, Solarisbank presents a high level of professionalism, trustworthiness, and technical maturity. Strategic recommendations include enabling modern TLS protocols, refining CSP policies, implementing cookie consent, and publishing a vulnerability disclosure policy to further enhance security posture and regulatory compliance.

A

AlphaTauri GmbH

alphatauri.com

0

AlphaTauri GmbH operates a premium fashion e-commerce platform focused on innovative textile technologies and purposeful design. The company targets men and women seeking aspirational styles and premium materials, positioning itself as a technologically advanced fashion brand. The website demonstrates a mature digital infrastructure with modern web technologies, comprehensive navigation, and strong branding consistency. Security measures include a valid SSL certificate with HSTS and secure cookie settings, although TLS protocols are not currently enabled. Privacy and terms policies are clearly linked and GDPR compliant, with cookie consent mechanisms in place. The site integrates marketing and analytics tools such as New Relic, Google Tag Manager, Exponea, and Gigya, reflecting a moderate level of user tracking balanced with privacy compliance. Overall, the website presents a professional, trustworthy, and well-optimized online retail experience.

I

Interlink

interlink.org

0

Interlink is a socially-driven company builder focused on developing, funding, and implementing solutions to social, environmental, and economic challenges. Positioned as a medium-sized enterprise based in Germany, it operates multiple companies across sectors such as green energy, bot protection, coworking spaces, and resource reuse. The website reflects a strong commitment to sustainability and social entrepreneurship, targeting startups, freelancers, and established companies. Technically, the site is built on WordPress with Elementor and optimized for performance and SEO, employing modern plugins and privacy-compliant analytics. Security posture is generally strong with valid SSL, HSTS, and security headers, though TLS protocols are currently disabled, which is a critical area for improvement. No explicit security or incident response policies are published, indicating room for maturity in security governance. Overall, Interlink presents a professional and trustworthy digital presence aligned with its mission and audience.

DEKRA Neo GmbH is a German media agency specializing in digital learning solutions including live online trainings, e-learning, and explainer videos, with a focus on safety, security, and sustainability. The company operates as a medium-sized entity with a full-service approach, leveraging in-house production capabilities and longstanding industry expertise. Their market position is strengthened by partnerships with DEKRA and a client base including major corporations such as Lufthansa Group. Technically, the website is built on modern frameworks like Nuxt.js and Vue.js, optimized for performance and mobile use, though some security configurations like TLS protocols and DNSSEC could be improved. The security posture is solid with ISO 27001 certification and valid SSL, but lacks advanced HTTP security headers and modern TLS support. Overall, the company demonstrates a mature digital presence with strong trust indicators and compliance with GDPR.

D

DEKRA Neo GmbH

dekra-memorate.de

0

DEKRA Memorate is an educational platform operated by DEKRA Neo GmbH, specializing in online exam preparation through explanatory videos and learning cards targeted at apprentices, professionals, and corporate clients. The platform offers tailored content for various vocational training and professional development sectors, positioning itself as a niche provider in the German education market. Technically, the website runs on an Apache server with Laravel framework, uses secure cookies, and integrates Google Analytics and Tag Manager for tracking. However, the SSL configuration lacks modern TLS protocols and security headers, indicating room for improvement in security posture. Privacy and terms of service documents are present and comprehensive, but cookie consent mechanisms are missing. Overall, the site demonstrates good content quality and user experience but requires enhancements in security and privacy compliance to strengthen trust and regulatory adherence.

D

DEKRA Neo GmbH

dekra-safety-web.eu

0

DEKRA Neo GmbH operates the DEKRA Safety Web platform, a leading online portal for occupational safety, health protection, and compliance training. The platform offers flexible, legally compliant training modules tailored to various industries, supporting companies in meeting regulatory requirements efficiently. The company positions itself as a trusted provider with a strong market presence in Germany, leveraging DEKRA's expertise. Technically, the website employs modern web technologies such as Laravel Livewire and Alpine.js, integrates Google Analytics and Tag Manager for analytics, and uses Microsoft Bookings for scheduling consultations. While the SSL certificate is valid, the site lacks support for modern TLS protocols and HSTS, indicating room for security improvements. Privacy and cookie consent mechanisms are implemented with good GDPR compliance. Overall, the site demonstrates high professionalism, excellent user experience, and strong branding, but could enhance its security posture by adopting updated TLS standards and publishing explicit security policies.

H

Hornetsecurity GmbH

antispameurope.com

0

Hornetsecurity GmbH is a leading cloud security provider specializing in Microsoft 365 security solutions, including email security, backup, compliance, and security awareness services. With a strong market presence supported by over 12,000 partners and 125,000 customers worldwide, the company offers a comprehensive portfolio tailored to businesses and managed service providers. Their website reflects a mature digital infrastructure with modern technologies, excellent SEO, and mobile optimization. Security-wise, Hornetsecurity demonstrates a robust posture with strong SSL configurations, advanced security headers, and no detected vulnerabilities, although enabling modern TLS protocols and DNSSEC would further enhance security. Overall, the company maintains a high level of professionalism and trustworthiness, supported by extensive awards and a transparent privacy and cookie policy.

DEKRA Expert Migration GmbH specializes in the recruitment, qualification, and integration of international skilled workers primarily in healthcare, social services, transport logistics, IT, and industrial sectors. With over ten years of experience and a strong partnership with DEKRA Akademie GmbH, the company offers a comprehensive end-to-end service including assessment, training, administrative support, and integration management. The website reflects a mature digital presence with excellent content quality and user experience, targeting German companies seeking international talent. Technically, the site is built on Nuxt.js with modern frontend technologies and is hosted on an Apache server with a valid SSL certificate, though TLS protocols are not optimally configured. Security practices include CSRF protection via cookies but lack some modern headers and DNS security features. Overall, the company demonstrates a strong market position with trust indicators such as EcoVadis Platinum certification and GDPR compliance.

D

DEKRA Neo GmbH

dekra-neo.com

0

DEKRA Neo GmbH is a German media agency specializing in digital learning solutions including live online trainings, e-learning, and explanatory films, with a focus on safety, security, and sustainability sectors. The company operates as a medium-sized entity with a full-service model, leveraging inhouse production and IT capabilities to deliver tailored learning media. Their market position is strengthened by notable clients and a rebranding under the DEKRA group umbrella since 2024. Technically, the website is built on modern frameworks such as Nuxt.js and Tailwind CSS, optimized for performance and mobile use, though it lacks some advanced security configurations like modern TLS protocols and DNSSEC. The security posture is solid with ISO 27001 certification and GDPR compliance, but improvements in SSL/TLS configuration and DNS security are recommended. Overall, the company demonstrates a high level of professionalism, trustworthiness, and digital maturity, with clear business and technical strategies aligned to their market niche.

D

DEKRA Akademie GmbH

dekra-akademie.de

0

DEKRA Akademie GmbH is a well-established German education and training provider specializing in professional development, certification, and continuing education across multiple sectors including transportation, healthcare, and technology. The company operates a comprehensive digital platform leveraging Salesforce Visualforce and Azure Search technologies, supported by a robust consent management system via Usercentrics. Their market position is strong with a nationwide presence and a broad portfolio of courses and services tailored to both private individuals and corporate clients. The website demonstrates high content quality, consistent branding, and clear navigation, supporting a positive user experience. Security posture is good with valid SSL certificates, HSTS, and content security policies, though the absence of modern TLS protocols and DNSSEC indicates room for improvement. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a mature approach to data protection. Overall, the digital infrastructure supports the business model effectively, though enhancements in security protocols and incident response transparency would further strengthen trust and resilience.

H

Hornetsecurity GmbH

hornetsecurity.com

0

Hornetsecurity GmbH is a leading provider of cloud-based cybersecurity solutions focused on Microsoft 365 environments. With a strong market presence serving over 125,000 customers worldwide and a partner network exceeding 12,000 members, the company offers comprehensive services including email security, backup, compliance, and security awareness training. Their business model leverages partnerships with MSPs and channel partners to extend their reach globally. Technically, the website is built on WordPress with modern SEO and performance optimizations, hosted behind Cloudflare, and employs robust security headers and SSL configurations. However, the absence of TLS 1.2+ protocols is a notable gap. Security posture is strong with no known vulnerabilities detected, complemented by ISO 27001 certification and extensive cybersecurity awards. The company demonstrates good privacy compliance with GDPR-aligned policies and cookie consent mechanisms. Overall, Hornetsecurity presents a mature digital presence with a high level of professionalism and trustworthiness.

D

DEKRA

dekra.com

0

DEKRA is a globally established enterprise founded in 1925, specializing in safety, security, and sustainability services across multiple sectors including automotive, industrial inspection, cybersecurity, and sustainability advisory. The company operates in over 50 countries, providing comprehensive services such as testing, certification, consulting, and training. Technically, DEKRA employs modern web technologies including Nuxt.js and Vue.js, hosted on Microsoft Azure, with strong performance and mobile optimization. Security measures are robust, featuring strict transport security, secure cookies, and a comprehensive content security policy, though enabling modern TLS versions would enhance security further. The website demonstrates good compliance with GDPR and includes detailed privacy and cookie policies. Overall, DEKRA maintains a high level of professionalism and trustworthiness, supported by extensive certifications and a strong global presence.

H

Heyflow GmbH

heyflow.com

0

Heyflow GmbH is a technology company specializing in no-code lead generation solutions, offering interactive lead funnels, multi-step forms, and customizable landing pages. Positioned as a user-friendly platform with native analytics and extensive integrations, Heyflow targets performance marketers, designers, agencies, and enterprises seeking to optimize lead conversion. The company is based in Germany and founded in 2020, with a medium-sized operational scale. Technically, Heyflow employs modern web technologies including Eleventy for static site generation, Cloudflare and Netlify for hosting and CDN, and integrates analytics tools like Matomo and Google Analytics. The website demonstrates excellent performance, mobile optimization, and SEO practices. Security-wise, Heyflow maintains a strong posture with ISO 27001 certification, GDPR compliance, robust security headers, and HSTS enabled, though TLS protocols could be updated for enhanced security. The company actively manages user consent and privacy through Usercentrics CMP and provides clear legal documentation. Overall, Heyflow presents a professional, trustworthy, and technically mature digital presence with a focus on security and compliance.

S

Serverside.ai

serverside.ai

0

Serverside.ai is a technology company specializing in server-side ad insertion (SSAI) for streaming content. Positioned as a dynamic ad insertion platform, it integrates seamlessly with streaming ecosystems, ad servers, and SSPs to enable personalized and scalable advertising solutions. The company is trusted by industry leaders and operates under the parent company Equativ. Their platform supports broadcasters, telcos, TV manufacturers, and content providers to monetize their content effectively. Technically, the website is built on the Wix platform using modern web technologies including React 18, with integrations for video, blog, and gallery components. Security-wise, the site employs good practices such as HTTPS with HSTS, secure cookies, and holds an ISO/IEC 27001 certification, though it lacks modern TLS protocol support. Overall, the company demonstrates a mature digital presence with a strong focus on privacy and compliance.

N

Nintex UK Ltd

nintex.de

0

The website's overall security posture shows significant gaps, particularly in regulatory compliance and foundational security controls. Critical and high-severity findings around GDPR compliance and missing security policies expose the business to legal risks and potential data breaches. The absence of essential security headers and incident response procedures further increases vulnerability to web-based attacks and operational disruptions. While network security and DNS health are strong, crucial improvements in privacy policies, security governance, and transport security are required. The SSL/TLS configuration is moderately secure but needs timely certificate renewal and stronger HSTS settings. Email security is relatively well implemented, reducing risks of phishing via domain spoofing. Immediate attention to GDPR compliance and incident response frameworks will reduce legal exposure and enhance customer trust. Overall, the organization must prioritize governance and technical controls to safeguard business continuity and reputation.

A

active value GmbH

jti-campus.org

0

The website demonstrates a moderate security posture with no critical issues detected; however, several high and medium-level vulnerabilities pose significant risks. Key deficiencies in security headers, GDPR compliance, and adherence to NIS2 regulations expose the organization to data breaches, regulatory penalties, and operational disruptions. Notably, the absence of a Content-Security-Policy header and weak SSL key configurations increase susceptibility to web-based attacks and data interception. GDPR-related gaps, including missing cookie policies and consent mechanisms, risk non-compliance fines and damage to customer trust. Furthermore, the lack of documented security policies, incident response, and business continuity planning highlights unpreparedness for cyber incidents. While network security and email security scores are comparatively strong, SSL/TLS configurations and DNS settings require improvement to enhance overall resilience. Addressing these issues promptly will reduce legal exposure, protect customer data, and strengthen the organization's cybersecurity posture.

U

United Internet for Unicef Stiftung

united-internet-for-unicef-stiftung.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but several high and medium-risk issues remain unaddressed. The strongest areas are network security and SSL/TLS configurations, with near-optimal scores. However, significant gaps exist in compliance with GDPR and NIS2 regulatory requirements, including missing cookie policies, consent mechanisms, and absence of formal security and incident response documentation. Security headers are inconsistently implemented, leaving the site vulnerable to clickjacking and some cross-site scripting risks. Email security and DNS configurations are generally good but could be strengthened further. Failure to address these issues exposes the business to regulatory penalties, reputational damage, and increased risk of cyber incidents. Prioritizing compliance and security policy development will mitigate legal and operational risks while improving overall resilience.

S

STIFTUNG UNITED INTERNET FOR UNICEF

united-internet-for-unicef-stiftung.de

0

The website's overall security posture reveals significant compliance and security gaps, particularly in privacy and regulatory adherence, with a critical GDPR issue indicating non-compliance for an EU business. While foundational network and SSL/TLS security controls are strong, key security headers are missing, exposing the website to clickjacking and cross-site scripting risks. There is a notable absence of documented information security policies, incident response plans, and vulnerability disclosure processes, which hinders effective security governance and response. Email security is relatively well managed, but lack of DKIM records could impact email deliverability and phishing protection. DNS security measures are decent but could be improved by enabling DNSSEC and configuring CAA records. Overall, the most pressing risks are regulatory non-compliance and missing security governance frameworks, which could lead to legal penalties, reputational damage, and operational disruptions. Immediate attention to privacy policies, cookie management, and security documentation is essential to align with GDPR and NIS2 requirements.

A

active value GmbH

jti-app.com

0

The website demonstrates a moderate security posture with no critical issues but several high and medium risks that could expose the business to significant threats. Key weaknesses include missing essential security headers, inadequate GDPR compliance, and absent or incomplete security governance frameworks aligned with NIS2 requirements. The absence of a Cookie Policy and Consent Banner places the organization at legal and reputational risk under data protection regulations. SSL/TLS configurations show weaknesses such as expiring certificates and weak key lengths, potentially undermining encrypted communications. While email security and network security scores are relatively strong, foundational policies and incident response capabilities are lacking. Addressing these gaps is critical to safeguarding customer data, maintaining regulatory compliance, and ensuring business continuity. Prioritizing governance documentation and security controls will improve both risk management and stakeholder confidence.

1

1&1 Mail & Media Applications SE

mail-and-media.com

0

The website demonstrates a concerning security posture with no critical issues but multiple high and medium risks primarily related to missing security headers, GDPR compliance gaps, and insufficient NIS2 framework implementation. The absence of key HTTP security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to common web attacks like clickjacking and cross-site scripting. GDPR compliance shortcomings, including the lack of cookie policies and consent mechanisms, risk regulatory penalties and damage to customer trust. Additionally, the lack of documented security policies, incident response plans, and security contacts undermines the organization’s ability to manage security incidents effectively. While email, SSL/TLS, DNS, and network security subsystems score relatively well, important enhancements such as enabling HSTS and DNSSEC remain unaddressed. Overall, the site is vulnerable to both technical exploits and regulatory risks, requiring immediate attention to avoid business disruption and reputational harm. Proactive remediation will strengthen the security posture, ensure compliance, and foster customer confidence.

W

WEB.DE

web.de

0

The website's overall security posture reveals significant compliance and governance gaps, particularly concerning GDPR and NIS2 regulatory requirements, which present substantial legal and reputational risks. While technical controls such as SSL/TLS encryption, email security, DNS health, and network security are generally strong, critical deficiencies in privacy policies, cookie management, and incident response frameworks undermine stakeholder trust and regulatory compliance. The absence of a cookie consent banner and adequate privacy measures for EU users exposes the business to potential fines under GDPR. Additionally, the lack of documented security policies, incident response procedures, and business continuity planning under NIS2 regulations increases operational vulnerability to cyber incidents. Security headers are improperly configured, which can lead to exploitation of common web vulnerabilities. Immediate remediation is essential to mitigate legal penalties, safeguard customer data, and maintain business continuity. Addressing these issues will strengthen compliance posture and enhance overall cybersecurity resilience.

T

Telefónica Deutschland

telefonica.de

0

The website's overall security posture demonstrates strong technical controls in network security, SSL/TLS configuration, and DNS health, with scores above 85 in these areas. However, significant compliance and governance issues are present, particularly concerning GDPR and NIS2 requirements, resulting in low scores of 18 and 25 respectively. The critical GDPR finding highlights the absence of adequate privacy measures for an EU business, posing substantial legal and financial risks. High-priority gaps include missing cookie consent mechanisms, lack of documented security and incident response policies, and absence of a formal information security framework. Email security is moderate but requires improvements to prevent spoofing and phishing attacks. While low-severity issues exist, they are overshadowed by critical compliance deficiencies that could lead to regulatory penalties and reputational damage. Immediate remediation focusing on privacy compliance and governance frameworks is essential to mitigate legal exposure and strengthen customer trust.

O

o2

o2.de

0

This website has 9 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

T

Telefónica Germany GmbH & Co. OHG

o2business.de

0

The website's security posture is currently poor, with critical vulnerabilities and compliance gaps that expose the business to significant legal, operational, and reputational risks. Key deficiencies in GDPR compliance, including missing cookie policies and consent mechanisms, put the organization at risk of regulatory penalties within the EU. Network security is severely compromised by the exposure of multiple critical and high-risk services such as SMB, Telnet, MSSQL, and MongoDB, which are common vectors for cyberattacks and data breaches. The absence of fundamental security policies, incident response procedures, and vulnerability disclosure frameworks further exacerbates this risk. Security headers and email authentication protocols are inadequately implemented, increasing the risk of web-based attacks and email spoofing. Although DNS health scores relatively well, SSL/TLS weaknesses and expiring certificates undermine secure communications. Immediate remediation is essential to protect sensitive data, maintain customer trust, and ensure business continuity. Without swift action, the organization faces heightened chances of cyber incidents and regulatory enforcement actions.

V

Vodafone Institut

vodafone-institut.de

0

The website demonstrates a generally strong posture in network security, email security, SSL/TLS, and DNS health, indicating robust foundational controls. However, it exhibits critical gaps in GDPR compliance, notably operating as an EU business without adequate privacy measures, which exposes the organization to significant legal and financial risks. The absence of key NIS2 cybersecurity framework elements, including incident response, security policies, and vulnerability disclosure, further heightens exposure to operational and regulatory threats. Security headers and mixed content issues suggest potential vulnerabilities to client-side attacks, albeit at a lower risk level. Overall, the site’s security is uneven, with high risks concentrated in regulatory compliance and governance areas that directly impact business continuity and reputation. Immediate attention is required to remediate compliance deficits and establish formalized security governance. Failure to address these could result in regulatory penalties, data breaches, and damage to customer trust. Strengthening these areas will align the business with industry best practices and reduce potential liabilities.

V

Vodafone Stiftung Deutschland gGmbH

vodafone-stiftung.de

0

The website exhibits a generally strong technical security posture in areas such as email security, SSL/TLS configuration, and network security. However, there are significant compliance and governance gaps, particularly related to GDPR and the NIS2 directive, exposing the business to legal and regulatory risks in the EU. Critical issues include missing privacy measures for EU users and the absence of a structured information security framework, incident response, and business continuity planning. Medium-level technical issues like missing security headers, mixed content, and lack of DNSSEC further weaken the security posture. The lack of cookie policy and consent mechanisms also jeopardizes user trust and compliance. Overall, while foundational security controls are present, urgent attention is needed on data privacy, regulatory compliance, and formalizing security policies to mitigate risk and avoid potential fines or reputational damage. Addressing these gaps will enhance legal compliance, customer confidence, and resilience against cyber threats.

G

Gadgets 360 German

gadgets360.de

0

The website exhibits significant security and compliance gaps, particularly in privacy, email authentication, and regulatory adherence. Critical issues include lack of GDPR compliance for EU operations and absence of essential email authentication mechanisms, exposing the business to legal risks and email-based attacks. Security headers are inadequately configured, increasing vulnerability to common web attacks such as clickjacking and content sniffing. Organizational security policies and incident response plans are missing, which undermines the ability to manage and recover from security incidents effectively. While network security and SSL/TLS configurations are relatively strong, foundational improvements in security frameworks and privacy policies are urgently needed. Overall, the current posture presents substantial risk for data breaches, regulatory penalties, and reputational damage. Immediate remediation is necessary to protect customer data, ensure compliance, and maintain trust. Addressing these issues will help align the business with industry best practices and regulatory requirements.

T

Treasury Intelligence Solutions GmbH

tispayments.com

0

The website demonstrates a solid network security posture and strong email security but reveals significant weaknesses in regulatory compliance and foundational security governance. High-impact issues center around GDPR non-compliance, including absence of cookie policies and consent mechanisms, risking legal penalties and reputational damage. The NIS2-related findings indicate a lack of critical policies and incident response procedures, exposing the organization to operational risks and potential regulatory sanctions. SSL/TLS configurations also present vulnerabilities with weak key lengths and impending certificate expiration that could undermine data confidentiality and user trust. Medium-level header and DNS security gaps further expose the site to exploitation opportunities. Overall, the site needs urgent attention to compliance frameworks and security policy documentation to align with legal and industry standards. Addressing these areas will reduce legal risk, enhance customer trust, and strengthen cyber resilience.

D

Die neue Dimension der Geldanlage-Investieren in eine digitale Zukunft

superfund.de

0

The website's security posture is currently weak, with significant deficiencies across multiple critical areas including privacy compliance, email authentication, and security policy frameworks. Critical gaps in GDPR adherence expose the business to regulatory penalties and reputational damage, especially given its EU operations without adequate privacy measures. The absence of key HTTP security headers leaves the site vulnerable to common web-based attacks such as clickjacking, content injection, and cross-site scripting. Email infrastructure lacks essential authentication mechanisms, increasing risks of phishing and email spoofing. Additionally, missing incident response and security documentation undermines the organization’s ability to detect, respond to, and recover from security incidents effectively. While SSL/TLS and DNS configurations are relatively stronger, urgent attention is needed to enable HSTS and extend certificate validity. Overall, this assessment reveals a pressing need to implement foundational security controls and compliance policies to safeguard the business and its customers. Failure to address these issues promptly could result in severe operational, financial, and legal consequences.

The website's overall security posture reveals significant gaps, particularly in compliance with EU privacy regulations and foundational security controls. Critical and high-severity issues indicate the absence of essential headers, privacy measures, and security governance frameworks, exposing the business to legal, reputational, and operational risks. GDPR compliance is notably deficient, with no cookie policy, consent mechanisms, or adequate privacy practices in place, creating a critical risk for EU operations. The lack of incident response and security policy documentation further exacerbates vulnerability to cyber threats and breaches. While network security and DNS health demonstrate relatively strong postures, gaps in email security and SSL/TLS configurations could facilitate phishing and data interception attacks. Immediate remediation is required to align with regulatory requirements and industry best practices to protect customer data and maintain trust. Failure to act promptly may result in regulatory penalties, customer attrition, and increased exposure to cyberattacks.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

M

Michael Jensen

communicate-network-consult.net

0

The website's overall security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant cybersecurity risks and regulatory non-compliance. The absence of HTTPS encryption is a critical vulnerability that jeopardizes data confidentiality and undermines customer trust, directly impacting business reputation and compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking and cross-site scripting. There is a complete lack of fundamental privacy and security policies, including GDPR-mandated cookie and privacy policies, which could lead to legal penalties and loss of customer confidence. Exposure of critical services like MySQL and FTP without proper protections presents a high risk of data breaches. DNS and network configurations are suboptimal, with DNSSEC not enabled and insecure services exposed. Although email security is strong, the absence of incident response and business continuity plans leaves the organization vulnerable to prolonged downtime during security incidents. Immediate remediation is critical to protect both business operations and customer data integrity.

M

Mercedes-AMG PETRONAS F1 Team

mercedesamgf1.com

0

The website's overall security posture is critically weak, with significant gaps in encryption, regulatory compliance, and security governance. The absence of HTTPS encryption represents a major vulnerability, exposing user data to interception and undermining trust. GDPR compliance is severely lacking, with missing privacy policies, cookie consent mechanisms, and inadequate third-party data handling disclosures, risking legal penalties and reputational damage. The organization also lacks fundamental security frameworks required under NIS2 regulations, such as incident response plans and security policies, which exposes it to operational risks and regulatory sanctions. While some network and email security measures are robust, critical areas like SSL/TLS encryption and security headers need urgent attention. DNS security is moderate but can be improved to further reduce attack surface. Immediate remediation is essential to protect business operations, customer trust, and ensure compliance with legal requirements.

The website's overall security posture is critically weak, exposing the business to significant operational, reputational, and regulatory risks. Key deficiencies include the complete lack of HTTPS encryption, absence of fundamental security headers, and no adherence to GDPR and NIS2 regulatory requirements despite operating in the EU. Critical network services such as SMB, MySQL, and FTP are exposed, increasing the attack surface and vulnerability to data breaches and unauthorized access. The absence of privacy policies and cookie consent mechanisms further jeopardizes compliance and customer trust. Security governance appears undeveloped, with no documented policies or incident response plans. While email security and DNS health show moderate strength, they are overshadowed by critical lapses in core website and network security controls. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and uphold customer confidence.

F

Frank Europe GmbH

frankeurope.com

0

The website's overall security posture presents significant concerns, particularly regarding foundational protections and regulatory compliance. Critical issues such as the lack of HTTPS encryption severely expose user data to interception and compromise trust. GDPR compliance is markedly deficient, posing legal and reputational risks due to missing cookie policies, consent mechanisms, and inadequate privacy documentation. The absence of a formal information security framework and incident response plans under NIS2 regulations further escalates operational and compliance vulnerabilities. While network security and email security scores are relatively strong, the missing security headers and weak configurations increase susceptibility to web-based attacks. DNS health is adequate but could be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is essential to protect sensitive data, maintain customer confidence, and avoid regulatory penalties. Addressing these gaps will also enhance the company’s resilience against cyber threats and align security practices with industry standards.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

P

Pantaenius

pantaenius.com

0

The website https://pantaenius.com exhibits several significant security and compliance gaps, particularly in areas related to web security headers, GDPR compliance, and incident response preparedness. While network security and email security show relative strength, critical vulnerabilities such as missing security headers, lack of GDPR-aligned cookie management, and absence of incident response documentation expose the business to regulatory risks and potential cyber threats.

C

Carfax Europe GmbH

carfax.com

0

The website demonstrates strong network and email security with robust SSL/TLS implementation but suffers from significant gaps in compliance and governance, particularly related to GDPR and NIS2 frameworks. These weaknesses expose the business to regulatory risks and potential operational disruptions despite a generally good technical security posture.

P

Payone GmbH

payone.com

0

Payone.com's overall security posture shows strengths in network security, SSL/TLS, and email security, but significant gaps exist in GDPR compliance and NIS2-related governance and incident response frameworks. Missing critical security headers and cookie consent mechanisms expose the business to regulatory, reputational, and operational risks that need urgent remediation.

The website https://societegenerale.de demonstrates strong technical controls in SSL/TLS and network security but suffers from critical compliance and governance deficiencies, particularly regarding GDPR and NIS2 requirements. The absence of privacy policies, consent mechanisms, and formal security frameworks presents significant legal and operational risks that could lead to regulatory penalties and reputational damage. Immediate remediation in privacy compliance and security governance is essential to align with EU regulations and protect business continuity.

ALD Automotive's website security posture exhibits significant gaps, especially in GDPR compliance, email security, and NIS2 regulatory adherence, placing the business at risk of legal penalties and reputational damage. While network and SSL/TLS configurations are relatively strong, critical deficiencies in privacy measures and email authentication create vulnerabilities that must be urgently addressed.

The website eyeo.to currently exhibits significant security and compliance gaps, particularly in critical email authentication, GDPR compliance, and incident response readiness, posing risks to data protection and business continuity. While network security and SSL/TLS configurations are relatively strong, missing key headers and policies expose the site to common web attacks and regulatory non-compliance. Immediate remediation is necessary to mitigate potential breaches, reputational damage, and legal liabilities.

The website https://teamshirts.de currently exhibits significant security and compliance weaknesses, particularly in privacy adherence and security governance, resulting in a high risk exposure for both business operations and customer trust. Immediate action is required to address critical GDPR compliance failures and foundational security controls to avoid legal penalties and reputational damage.

The website https://equipolymers.com exhibits significant security and compliance gaps, particularly in GDPR adherence and information security governance, resulting in a high-risk posture despite no critical vulnerabilities detected. Key business risks include potential regulatory fines, reputational damage, and exposure to cyber incidents due to missing security policies and controls. Immediate remediation is necessary to strengthen trust, legal compliance, and resilience against cyber threats.

The website exhibits significant security and compliance gaps, particularly in privacy policies and information security governance, which could expose the business to regulatory penalties and reputational damage. While network and email security are strong, critical headers and SSL configurations need urgent improvement to protect users and data effectively.

The website https://comsol.de exhibits significant security and compliance gaps, particularly in GDPR adherence and information security governance, placing it at high risk of regulatory penalties and reputational damage. While network and DNS security appear strong, critical deficiencies in privacy policies, incident response, and security headers undermine overall protection and trustworthiness.

The website uniforest.de exhibits significant security and compliance deficiencies, particularly in web security headers, GDPR compliance, and information security governance, resulting in a high risk posture that could expose the business to data breaches, regulatory penalties, and reputational damage. Immediate attention is required to implement foundational security controls and privacy measures to safeguard customer data and meet EU regulatory requirements.