Security Directory

O

Old Parkland

oldparkland.com

0

The website demonstrates a generally strong technical security foundation, with excellent scores in email security, SSL/TLS, DNS health, and network security. However, significant gaps exist in governance and compliance areas, particularly relating to GDPR and NIS2 regulatory requirements. The absence of key privacy policies, cookie consent mechanisms, and documented information security frameworks exposes the business to legal risks, regulatory penalties, and reputational damage. Missing security headers and incomplete incident response and business continuity plans increase vulnerability to cyberattacks and operational disruptions. Immediate remediation in compliance documentation and security governance is critical to align with legal obligations and protect customer trust. Proactive management of expiring SSL certificates and DNSSEC implementation will strengthen overall resilience. Addressing these issues will reduce regulatory exposure and enhance the organization's security maturity, supporting sustainable business growth.

C

Crow Holdings

crowholdings.com

0

The website demonstrates a moderate security posture with no critical issues detected but multiple high and medium-risk vulnerabilities that require urgent attention. Key areas of concern include missing security headers, significant gaps in GDPR compliance, and inadequate implementation of the NIS2 directive requirements. The absence of essential security policies, incident response procedures, and security contact information poses substantial operational and regulatory risks. SSL/TLS weaknesses and impending certificate expiry further elevate the risk of data interception. While email security and network security are strong points, foundational improvements in data protection and governance are urgently needed. Addressing these issues will reduce legal exposure, improve customer trust, and strengthen overall cyber resilience. Immediate remediation efforts should focus on compliance frameworks and critical security controls to align with industry best practices and regulatory mandates.

The website demonstrates a generally stable security posture with no critical vulnerabilities detected, and strong scores in network security, SSL/TLS, email security, and DNS health. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, posing potential legal and operational risks. The absence of essential security headers and policies, such as Content-Security-Policy and Permissions-Policy, increases exposure to common web-based attacks. Lack of privacy and cookie policies, as well as missing consent mechanisms, may lead to regulatory penalties and damage customer trust. Furthermore, missing incident response and business continuity plans indicate unpreparedness for security incidents, risking prolonged downtime and data breaches. Addressing these deficiencies is vital to protect the business from compliance violations, security incidents, and reputational harm. Prioritizing these improvements will strengthen the organization's security resilience and regulatory adherence. Overall, the website’s foundational security controls are sound but require urgent enhancement in policy, compliance, and incident management areas.

Z

Zillow Group

zillowgroup.com

0

The website demonstrates a moderate overall security posture with no critical issues found, but several high and medium severity gaps that pose significant risks. Key vulnerabilities include missing essential security headers, lack of GDPR compliance measures such as cookie policy and consent mechanisms, and absence of comprehensive security governance aligned with NIS2 requirements. While network security and email security are strong, deficiencies in incident response, security policy documentation, and vulnerability disclosure processes expose the business to operational and regulatory risks. The presence of mixed content and weak HSTS configurations could lead to data interception and man-in-the-middle attacks. Non-compliance with GDPR and NIS2 frameworks may result in regulatory penalties and damage to brand reputation. Immediate remediation will reduce exposure to cyber threats and enhance customer trust. Overall, addressing these gaps is critical to aligning security practices with business continuity and regulatory expectations.

M

Move, Inc.

move.com

0

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but numerous high and medium risk issues, particularly in security headers, GDPR compliance, and NIS2 regulatory alignment. Key gaps include missing essential HTTP security headers and absence of privacy and cookie policies, which increase exposure to data breaches and regulatory penalties. The lack of incident response procedures, security policy documentation, and security framework indicate immature security governance, potentially impacting business resilience. Email security, SSL/TLS configuration, DNS health, and network security show relatively strong controls, mitigating some risks. However, missing GDPR elements and security headers threaten customer trust and compliance standing, which could lead to legal consequences and brand damage. Immediate remediation in these areas will strengthen defense-in-depth and regulatory compliance. Overall, the site needs focused improvements in baseline security controls and policy implementations to reduce risk and ensure data protection.

C

Christie's International Real Estate

christiesrealestate.com

0

The website demonstrates a moderate to low overall security posture with no critical issues but several high and medium severity gaps that expose the business to compliance risks, data exposure, and operational disruptions. Key weaknesses include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of foundational NIS2 security management practices like incident response and security policy documentation. While network security and SSL/TLS configurations score relatively well, the absence of strict transport security (HSTS) and DNSSEC adoption weaken the defense-in-depth strategy. Email security is adequate but can be improved by enabling DKIM. Addressing these issues is imperative to reduce regulatory risks, protect customer data, and ensure business continuity. Overall, the website requires urgent enhancements in security governance, privacy compliance, and HTTP security controls to meet industry standards and protect brand reputation.

R

Rosengart

rosengart.mc

0

The website's security posture is currently poor, with multiple critical and high-severity issues posing significant risks to data confidentiality, integrity, and regulatory compliance. Most notably, the absence of HTTPS encryption critically exposes user data to interception and undermines trust. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, content injection, and cross-site scripting. The lack of GDPR compliance elements such as a privacy policy, cookie policy, and consent mechanisms exposes the business to legal penalties and reputational damage. Additionally, the absence of NIS2-related security frameworks, policies, and incident response plans indicates inadequate preparedness against cyber threats and regulatory requirements. While network security posture and DNS health show relative strength, other foundational security controls need urgent implementation. Overall, immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity and trust.

L

London Property Investments

londonpropertyinvestments.com

0

The website's overall security posture is critically weak, with multiple high and critical severity issues primarily related to missing HTTPS encryption and key security headers. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a severe risk to user privacy and business integrity. Compliance with GDPR and NIS2 regulations is insufficient, posing potential legal and regulatory consequences, including fines and reputational damage. Security governance gaps such as missing incident response procedures, security policies, and vulnerability disclosure processes further increase organizational risk. While network security and email security show relatively stronger postures, foundational web security controls and privacy safeguards are lacking. Immediate remediation is required to protect customer data, maintain trust, and ensure regulatory compliance. The company must prioritize establishing a secure HTTPS environment and implementing critical HTTP security headers. Addressing these issues will significantly reduce the risk of cyberattacks and data breaches that could disrupt business operations and harm the brand reputation.

B

Barnes I Valeri Agency

valeri-agency.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, compliance violations, and operational disruptions. The absence of HTTPS encryption, a fundamental security control, affects multiple compliance areas such as GDPR and NIS2, undermining user trust and legal standing. Key security headers vital for protecting against web-based attacks are missing, increasing vulnerability to exploits like clickjacking and content injection. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory penalties and reputational damage. The NIS2 framework requirements are largely unmet, with no documented security policies, incident response plans, or vulnerability disclosure processes, elevating risks of prolonged security incidents. Although email security and DNS health show relatively better scores, critical gaps such as non-enforced DMARC and disabled DNSSEC remain. The exposure of high-risk services like FTP further amplifies attack vectors. Immediate remediation is essential to protect customers, preserve brand integrity, and avoid legal consequences.

S

Solamito Properties

solamito-properties.mc

0

The website's overall security posture is critically deficient, with multiple high and critical severity issues across key areas such as encryption, privacy compliance, and security policies. The absence of HTTPS encryption exposes all data transmissions to interception and manipulation, representing the most urgent risk to both users and business integrity. Critical gaps in GDPR compliance, including missing privacy and cookie policies as well as lack of cookie consent mechanisms, put the organization at risk of regulatory sanctions and reputational damage. Security headers essential for protecting against common web attacks are largely missing, increasing vulnerability to clickjacking, XSS, and other exploits. Furthermore, foundational governance elements like incident response procedures, security policies, and vulnerability disclosure frameworks are absent, indicating a lack of mature security management. DNS and email security posture are relatively strong, but these do not compensate for the critical failures in encryption and compliance. Immediate remediation is required to safeguard customer data, maintain trust, and meet legal obligations. Without prompt action, the organization faces significant operational, financial, and reputational risks.

L

Lorenza Von Stein Luxury Real Estate

lorenzavonstein.com

0

The website's security posture is currently weak and exposes significant risks to both business operations and customer trust. Critical vulnerabilities include the absence of HTTPS encryption, lack of essential email authentication, and missing critical security headers, which collectively leave the site highly susceptible to data interception, phishing, and content injection attacks. Additionally, the absence of GDPR compliance elements such as privacy and cookie policies, along with no cookie consent mechanism, exposes the business to regulatory penalties and reputational damage. The lack of documented information security policies, incident response, and business continuity plans indicates unpreparedness for managing security incidents effectively. While network security and DNS health show relatively better scores, the overall security framework is insufficient for protecting sensitive customer data and ensuring legal compliance. Immediate remediation is necessary to safeguard business continuity, customer trust, and comply with legal requirements. Without urgent action, the business faces increased risks of data breaches, regulatory fines, and operational disruptions.

A

AFIM S.A.M.

afim.mc

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental flaw, severely undermining confidentiality and trust. Missing key security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options further increase vulnerability to common web attacks like clickjacking, cross-site scripting, and data interception. Additionally, the lack of GDPR compliance elements such as privacy policies and cookie consent mechanisms could lead to legal penalties and customer trust erosion. The absence of an information security framework, incident response plans, and vulnerability disclosure policies highlights poor organizational security maturity. Email security is also lacking due to missing DMARC and DKIM records, increasing phishing and spoofing risks. While network security and DNS health show relative strength, critical gaps overshadow these positives. Immediate remediation is essential to protect business assets and customer data effectively.

M

Miells - Christie's

miells.com

0

The website's overall security posture reveals significant weaknesses in compliance, network security, and incident preparedness, posing considerable legal and operational risks. While foundational protections such as email security and some security headers score moderately well, critical exposure of backend services like MySQL and FTP dramatically increase the risk of unauthorized access and data breaches. The absence of GDPR-mandated policies and consent mechanisms exposes the business to regulatory penalties and reputational damage. Additionally, the lack of a formal information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. SSL/TLS configurations are suboptimal and could undermine user trust and data confidentiality. DNS security measures are partially implemented but could be strengthened. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and safeguard business continuity.

C

Caroline Olds Real Estate

carolineolds.com

0

The website demonstrates a concerning security posture with no critical issues but multiple high and medium risk vulnerabilities, primarily related to missing security headers, insufficient GDPR compliance, and lack of key NIS2 security frameworks. The absence of crucial HTTP security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks, clickjacking, and cross-site scripting risks. GDPR non-compliance, including the lack of a cookie consent banner and incomplete privacy policies, poses legal and reputational risks, especially in jurisdictions enforcing data protection laws. Additionally, the site lacks documented security policies, incident response plans, and business continuity procedures required under the NIS2 directive, increasing operational risk and regulatory exposure. SSL/TLS configurations are suboptimal, with weak key lengths and impending certificate expiry risking data confidentiality and trust. DNS security is moderate but could be strengthened by enabling DNSSEC and configuring CAA records. While email and network security appear robust, the overall low scores in security headers and NIS2 compliance indicate urgent remediation is necessary to protect business assets and maintain customer trust.

J

John Taylor

john-taylor.com

0

The website's overall security posture reveals significant gaps, particularly in regulatory compliance and foundational security controls. While no critical vulnerabilities were detected, there are 11 high-severity issues mainly related to missing security headers, lack of GDPR compliance, and absence of key information security frameworks. The absence of privacy and cookie policies, along with missing consent mechanisms, exposes the business to regulatory and reputational risks. Security header deficiencies such as missing Strict-Transport-Security and Content-Security-Policy headers increase exposure to common web attacks. Additionally, weaknesses in SSL/TLS configurations and incomplete incident response and business continuity planning indicate immature security governance. The email security and network security modules show strong performance, but the gaps in policy documentation and vulnerability management must be addressed. Immediate improvements will reduce compliance risk, protect customer data, and strengthen the organization’s resilience to cyber threats.

M

Monaco Properties

monacoproperties.mc

0

The website monacoproperties.mc exhibits a weak overall security posture with numerous high-risk vulnerabilities, especially in security header configurations, GDPR compliance, and information security governance. While no critical issues were detected, the presence of multiple high-severity risks, such as missing essential security headers and lack of privacy policies, exposes the business to regulatory fines, reputation damage, and potential cyberattacks.

P

Pillar Capital, AS

pillarliving.lv

0

The website https://pillarliving.lv currently exhibits significant security and compliance deficiencies, particularly in GDPR adherence and overall information security management, exposing the business to legal, reputational, and operational risks. Immediate remediation is essential to establish trust, meet regulatory requirements, and protect sensitive data. The security posture is weak, with critical gaps in privacy measures, security policies, and technical controls.

N

NEW HANZA

newhanza.lv

0

The website https://newhanza.lv exhibits significant security and compliance weaknesses, particularly in GDPR adherence and core security controls. While some foundational elements like email security and network security score well, critical gaps in data protection, security policies, and HTTP security headers expose the business to regulatory risks and potential cyber threats.