Security Directory

V

VOMO Software

vomo.org

0

The website demonstrates a moderate overall security posture with no critical issues but several high and medium-risk vulnerabilities, particularly in security headers, GDPR compliance, and NIS2 regulatory adherence. Missing essential security headers like Content-Security-Policy and X-Frame-Options expose the site to clickjacking and content injection attacks, increasing the risk of data breaches and reputational damage. GDPR compliance gaps, including absence of a cookie policy and consent banner, expose the business to regulatory fines and legal challenges. The lack of a formal information security framework, incident response procedures, and security policies under NIS2 regulations significantly weakens organizational resilience against cyber threats and potential operational disruptions. SSL/TLS weaknesses, such as weak key lengths and an expiring certificate, threaten data confidentiality and trust. However, email and network security measures are robust, minimizing risks from those vectors. Immediate remediation in compliance and security controls will reduce regulatory exposure, protect customer data, and enhance stakeholder confidence.

E

EarthX

earthx.org

0

The website demonstrates a generally moderate security posture with no critical issues but several high and medium risks that could impact business continuity, customer trust, and regulatory compliance. Key deficiencies include missing critical security headers and lack of foundational security policies such as incident response and business continuity planning. GDPR compliance gaps like the absence of a cookie consent banner and incomplete privacy documentation pose legal and reputational risks. The NIS2 framework adoption is notably weak, indicating insufficient organizational security governance and readiness. Email security and SSL/TLS configurations are adequate but require improvements to prevent phishing and data interception. DNS and network security show solid implementation, which reduces exposure to certain attack vectors. Overall, immediate attention to security headers, policy frameworks, and regulatory compliance is vital to strengthen defenses and maintain stakeholder confidence.

The website demonstrates a generally strong security posture with no critical or high severity issues detected. Key areas such as email security, SSL/TLS configurations, and network security are well implemented, scoring perfect marks. However, there are medium-level concerns related to missing security headers, GDPR compliance, NIS2 readiness, and DNS health, specifically the absence of DNSSEC. These issues could expose the business to regulatory risks and increase susceptibility to certain cyber threats like DNS spoofing. Low-level issues such as missing CAA records should also be addressed to further harden DNS security. Overall, the site is secure but would benefit from targeted improvements in compliance and DNS defenses to mitigate potential vulnerabilities and regulatory penalties.

O

Old Parkland

oldparkland.com

0

The website demonstrates a generally strong technical security foundation, with excellent scores in email security, SSL/TLS, DNS health, and network security. However, significant gaps exist in governance and compliance areas, particularly relating to GDPR and NIS2 regulatory requirements. The absence of key privacy policies, cookie consent mechanisms, and documented information security frameworks exposes the business to legal risks, regulatory penalties, and reputational damage. Missing security headers and incomplete incident response and business continuity plans increase vulnerability to cyberattacks and operational disruptions. Immediate remediation in compliance documentation and security governance is critical to align with legal obligations and protect customer trust. Proactive management of expiring SSL certificates and DNSSEC implementation will strengthen overall resilience. Addressing these issues will reduce regulatory exposure and enhance the organization's security maturity, supporting sustainable business growth.

C

Crow Holdings

crowholdings.com

0

The website demonstrates a moderate security posture with no critical issues detected but multiple high and medium-risk vulnerabilities that require urgent attention. Key areas of concern include missing security headers, significant gaps in GDPR compliance, and inadequate implementation of the NIS2 directive requirements. The absence of essential security policies, incident response procedures, and security contact information poses substantial operational and regulatory risks. SSL/TLS weaknesses and impending certificate expiry further elevate the risk of data interception. While email security and network security are strong points, foundational improvements in data protection and governance are urgently needed. Addressing these issues will reduce legal exposure, improve customer trust, and strengthen overall cyber resilience. Immediate remediation efforts should focus on compliance frameworks and critical security controls to align with industry best practices and regulatory mandates.

P

Paperflite

heysales.ai

0

The website's overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, compliance violations, and reputational damage. Key security headers are missing, leaving the site vulnerable to common web attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. GDPR compliance gaps, including missing cookie consent and privacy policy concerns, put the business at risk of regulatory penalties. The absence of fundamental information security frameworks, incident response plans, and security policy documentation highlights a lack of mature security governance. Email security is critically weak due to missing authentication mechanisms, increasing phishing and spoofing risks. While network security shows strength, foundational SSL/TLS and DNS configurations require improvement to prevent man-in-the-middle attacks. Immediate remediation is essential to protect customer data, maintain legal compliance, and safeguard brand trust.

The website's overall security posture reveals significant gaps, particularly in compliance, email security, and security governance frameworks. Critical and high-severity issues suggest urgent attention is required to protect sensitive data, ensure regulatory compliance, and defend against phishing and spoofing attacks. The absence of key HTTP security headers undermines protections against common web-based attacks such as clickjacking and cross-site scripting. GDPR compliance deficiencies expose the business to legal and reputational risks, with missing cookie policies and consent mechanisms. Lack of incident response and security policy documentation indicates immature security management practices. While network security and SSL/TLS configurations are relatively strong, foundational controls like HSTS and DNSSEC are missing or incomplete. Immediate remediation of email authentication and governance policies would significantly reduce the risk of email-based threats and regulatory penalties. Overall, the business must prioritize establishing a formal security framework and improve transparency and controls to safeguard customers and maintain trust.

T

Treasury Intelligence Solutions GmbH

tispayments.com

0

The website demonstrates a solid network security posture and strong email security but reveals significant weaknesses in regulatory compliance and foundational security governance. High-impact issues center around GDPR non-compliance, including absence of cookie policies and consent mechanisms, risking legal penalties and reputational damage. The NIS2-related findings indicate a lack of critical policies and incident response procedures, exposing the organization to operational risks and potential regulatory sanctions. SSL/TLS configurations also present vulnerabilities with weak key lengths and impending certificate expiration that could undermine data confidentiality and user trust. Medium-level header and DNS security gaps further expose the site to exploitation opportunities. Overall, the site needs urgent attention to compliance frameworks and security policy documentation to align with legal and industry standards. Addressing these areas will reduce legal risk, enhance customer trust, and strengthen cyber resilience.

C

Crow Holdings

tcr.com

0

The website's overall security posture shows no critical vulnerabilities but reveals significant gaps in compliance and security best practices, especially in GDPR adherence and NIS2 regulatory requirements. While network and email security are strong, key deficiencies such as missing security headers, weak SSL configurations, and absent incident response and security policies pose material risks. The lack of a Content-Security-Policy header and weak SSL key length expose the business to potential data breaches and man-in-the-middle attacks. GDPR non-compliance, including missing cookie policies and consent mechanisms, exposes the organization to regulatory fines and reputational damage. The absence of an information security framework and incident response procedures under NIS2 indicates immature cybersecurity governance. Addressing these issues will improve legal compliance, reduce risk exposure, and strengthen customer trust. Immediate remediation will also help avoid costly disruptions and penalties while supporting sustainable security management practices.

The website exhibits a moderate overall security posture with no critical vulnerabilities detected but multiple high and medium severity issues that require immediate attention. Key gaps exist in security headers implementation, GDPR compliance, and adherence to NIS2 security framework requirements. The absence of essential HTTP security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle and cross-site scripting attacks. GDPR compliance is inadequate due to missing privacy and cookie policies and lack of a consent mechanism, which could result in regulatory penalties and loss of customer trust. The NIS2-related deficiencies, including missing security policies, incident response procedures, and vulnerability disclosure are significant risks for operational resilience and regulatory compliance. While SSL/TLS and network security scores are relatively strong, DNS security can be improved. Overall, immediate remediation efforts should focus on closing compliance gaps and strengthening foundational security controls to protect business reputation and meet legal requirements.

The website demonstrates a generally moderate security posture with no critical vulnerabilities detected, yet multiple high and medium-risk issues that could expose the business to regulatory penalties, operational risks, and reputational damage. Key deficiencies exist in compliance with GDPR and NIS2 directives, notably the absence of privacy, cookie policies, and security governance documentation. Security headers are inadequately configured, increasing susceptibility to common web-based attacks such as cross-site scripting and data injection. While SSL/TLS and network security are relatively strong, expiring certificates and missing DNSSEC reduce overall trustworthiness. Email security is well managed, reflecting focused controls in that area. Addressing these gaps is essential to mitigate legal risks, protect customer data, and ensure business continuity. Immediate improvements will also enhance customer trust and reduce the potential for costly breaches or service disruptions.

C

Consensus Sales, LLC

goconsensus.com

0

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity vulnerabilities that require urgent attention. Key gaps exist in security headers, GDPR compliance, and especially in adherence to NIS2 requirements, indicating insufficient information security governance and incident response preparedness. Missing Content-Security-Policy and Permissions-Policy headers expose the site to client-side attacks, while the absence of a cookie consent banner and incomplete privacy documentation risk regulatory non-compliance and potential fines. SSL/TLS and network security are strong areas, but upcoming certificate expiry and missing DNSSEC present risks to data integrity and trust. Email security shows room for improvement with missing DKIM signatures, which could affect email authenticity. Addressing these issues will strengthen both the technical defenses and regulatory compliance, reducing the risk of data breaches, reputational damage, and legal penalties.

The website's overall security posture indicates significant gaps in foundational security controls, particularly in security headers, GDPR compliance, and NIS2 regulatory readiness. While there are no critical vulnerabilities, multiple high and medium severity issues expose the organization to risks such as data breaches, regulatory penalties, and reputational damage. Key deficiencies include missing essential HTTP security headers, absence of privacy and cookie policies, and lack of documented security frameworks and incident response plans. On a positive note, network security, email security, SSL/TLS, and DNS health show strong configurations, which reduce exposure to certain attack vectors. However, the lack of governance and compliance measures presents a high business risk, especially in regulated industries. Addressing these issues promptly will not only improve security posture but also ensure regulatory compliance and protect customer trust. Without remediation, the organization remains vulnerable to exploitation, non-compliance fines, and operational disruptions.

W

WorkSpan, Inc.

workspan.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but multiple high and medium severity issues significantly undermine its overall security and regulatory compliance. Key weaknesses include missing critical HTTP security headers, lack of GDPR-compliant cookie policies, and an absence of foundational NIS2 security governance such as incident response and security documentation. While email security, SSL/TLS, DNS health, and network security show strong performance, gaps in security headers and compliance frameworks expose the business to risks including clickjacking, cross-site scripting, data privacy violations, and regulatory penalties. The absence of a formal information security framework and incident response procedures increases exposure to operational disruption and reputational damage. Immediate remediation is essential to strengthen defenses and meet legal obligations. Addressing these issues will reduce the risk of data breaches, improve customer trust, and ensure regulatory compliance, safeguarding business continuity and brand reputation.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected, but several high and medium severity issues present notable risks. Key deficiencies exist in security header configurations, particularly the absence of Strict-Transport-Security and Content-Security-Policy headers, exposing the site to man-in-the-middle and content injection attacks. Compliance-related gaps are significant, with missing GDPR-required elements such as Privacy Policy, Cookie Policy, and Consent Banner, which may result in regulatory penalties and reputational damage. The NIS2 compliance posture is weak, lacking foundational security policies, incident response procedures, and business continuity plans, increasing operational risk in the event of cyber incidents. Positive aspects include strong email security, SSL/TLS, DNS health, and network security configurations. Addressing these gaps promptly will reduce legal exposure, enhance customer trust, and strengthen resilience against cyber threats. Prioritizing compliance and security framework development will align the organization with regulatory requirements and industry best practices.

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but multiple high and medium priority issues, particularly in security headers, GDPR compliance, and NIS2 regulatory adherence. Key gaps include missing essential HTTP security headers, absence of GDPR cookie policies and consent mechanisms, and a lack of documented information security and incident response frameworks. While email security, network security, and DNS health score relatively well, the deficiencies in SSL/TLS configurations and regulatory compliance expose the business to data protection risks and potential non-compliance penalties. The absence of business continuity and vulnerability disclosure policies further increases operational and reputational risks. Immediate remediation is essential to protect customer data, maintain trust, and avoid regulatory fines. Overall, the website’s security controls require urgent strengthening to meet modern cyber risk management and legal standards.

The website demonstrates a concerning security posture with no critical issues but multiple high and medium severity vulnerabilities, particularly in compliance and security policy areas. Key deficiencies include missing essential HTTP security headers, absence of GDPR-compliant privacy and cookie policies, and lack of an established information security framework and incident response procedures. The presence of a potential subdomain takeover risk and weak SSL configurations further exacerbate the risk landscape. While email and network security are strong points, significant improvements are needed to reduce exposure to data breaches, regulatory penalties, and reputational damage. The low NIS2 compliance score signals a need for urgent alignment with applicable cybersecurity regulations. Overall, these vulnerabilities could lead to loss of customer trust, legal liabilities, and operational disruptions if not addressed promptly. Immediate attention to governance, technical controls, and compliance is critical for safeguarding business continuity and stakeholder confidence.

C

Cliniko

cliniko.com

0

The website demonstrates a solid foundation in network security, email security, and SSL/TLS configurations, reflecting a mature stance on technical defenses. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, posing legal and reputational risks. Missing privacy and cookie policies, along with absence of consent mechanisms, expose the business to potential fines and customer trust erosion. Lack of formal information security frameworks and incident response plans weakens the organization's ability to manage and mitigate security incidents effectively. Security headers are partially implemented but require strengthening to guard against common web-based attacks. DNS security can be enhanced further by enabling DNSSEC and properly configuring CAA records. Overall, while technical controls are generally strong, urgent improvements in governance, compliance, and policy documentation are critical to reduce business risk and ensure regulatory adherence.

The website demonstrates a strong security foundation with no critical or high-risk vulnerabilities detected. Core security modules such as email security, SSL/TLS, and network security score a perfect 100, indicating robust protections in these areas. However, medium-severity issues related to security headers, GDPR compliance, NIS2 requirements, and DNS configuration suggest gaps that could expose the business to regulatory risks and moderate security threats. The absence of DNSSEC and incomplete security header implementation are notable weaknesses that could impact trust and data integrity. Low-severity issues like missing CAA records further indicate areas for DNS hardening. Overall, while the current posture minimizes immediate high-risk threats, addressing these medium-level issues is essential to maintain compliance, enhance resilience, and protect business reputation in the longer term.

O

OneTrust, LLC

cookiebanners.com

0

The website demonstrates a moderate overall security posture with no critical issues detected, but several high and medium risks require urgent attention. Key weaknesses lie in compliance areas, particularly GDPR and NIS2 regulatory frameworks, with missing privacy policies, cookie consent mechanisms, and essential security documentation. Email security configurations are incomplete, exposing the organization to phishing and spoofing risks. SSL/TLS implementations have vulnerabilities that could compromise data confidentiality and integrity. While network security is strong, missing security headers and weak configurations reduce protection against certain web-based attacks. Immediate remediation will not only improve security but also ensure regulatory compliance, reducing potential legal and reputational risks. Addressing these issues will strengthen customer trust and safeguard business continuity. Proactive security governance and incident response planning are currently insufficient and should be prioritized.

O

Ooshman

ooshman.au

0

The website demonstrates significant security gaps, particularly in foundational security headers, privacy compliance, and information security governance, resulting in a poor overall security posture. While network security and email security score relatively well, critical vulnerabilities such as missing Strict-Transport-Security and Content-Security-Policy headers expose the site to data interception and cross-site scripting attacks. The absence of GDPR compliance elements like privacy and cookie policies presents legal and reputational risks. Additionally, missing NIS2-related documentation and incident response procedures indicate a lack of preparedness for cyber incidents, increasing operational risk. Weak SSL key lengths and impending certificate expiration further undermine secure communications. Addressing these high and medium priority issues is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity. Immediate remediation will reduce potential breach impact, enhance customer trust, and align with industry standards.

J

Jelly Health Pty Ltd

jellyhealth.com.au

0

The website demonstrates significant security weaknesses, particularly in its security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements. While no critical issues were detected, there are numerous high and medium severity findings that expose the business to data breaches, regulatory non-compliance, and operational risks. Key concerns include missing essential HTTP security headers, absence of a cookie policy and consent mechanisms, and a lack of documented security policies and incident response procedures. Additionally, the exposure of high-risk services such as FTP increases the attack surface. Although email security and SSL/TLS configurations are relatively strong, the impending SSL certificate expiry and lack of HSTS enforcement pose risks. Immediate remediation is needed to protect customer data, maintain regulatory compliance, and safeguard business continuity. Overall, the current security posture is inadequate for a business seeking to minimize cyber risk and ensure trustworthiness with customers and regulators.

H

HandL Digital LLC

utmgrabber.com

0

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to significant security and compliance risks. Key gaps in security headers and transport security headers reduce protection against common web-based attacks and data interception. Non-compliance with GDPR, notably lacking a cookie consent banner and incomplete privacy policies, risks regulatory penalties and undermines user trust. The absence of a formal information security framework, incident response procedures, and security policies indicates weak organizational security maturity, potentially leading to poor incident handling and increased downtime. While email, network security, SSL/TLS, and DNS configurations are relatively strong, critical improvements are needed in governance and application-layer protections. Addressing these vulnerabilities promptly will protect sensitive data, improve regulatory compliance, and strengthen overall cyber resilience. Prioritizing governance and security headers will provide the greatest immediate business value. Continuous monitoring and policy updates should follow to maintain security posture and compliance.

B

Benchmarkit

saasbenchmarks.ai

0

The website's overall security posture is concerning, with multiple critical and high-severity issues identified across key areas such as security headers, GDPR compliance, NIS2 requirements, and email security. The absence of fundamental security headers exposes the site to common web-based attacks like clickjacking, MIME sniffing, and content injection. GDPR compliance gaps, including missing privacy and cookie policies, pose legal and reputational risks. Critical deficiencies in incident response, security policy documentation, and vulnerability disclosure under NIS2 regulations indicate immature security governance. Email authentication is critically lacking, increasing the risk of phishing and spoofing attacks that can damage brand trust. While SSL/TLS and DNS configurations are relatively strong, essential enhancements like HSTS and DNSSEC are missing. Network security posture is commendable, showing effective perimeter defenses. Immediate remediation is essential to reduce risk, ensure regulatory compliance, and protect customer trust and business continuity.

The website demonstrates an overall moderate security posture with no critical vulnerabilities but several high and medium risk issues that require urgent attention. Significant gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy, cookie, and security policies, which expose the business to legal and regulatory penalties. Security headers are inadequately configured, increasing risk from common web attacks such as clickjacking and man-in-the-middle attacks. Although network security and email security scores are strong, the SSL/TLS configuration needs improvement, specifically regarding certificate renewal and enabling HSTS. Lack of incident response and business continuity planning further exposes the organization to operational risks in the event of a security breach. Addressing these issues promptly will reduce legal exposure, improve customer trust, and strengthen the overall security framework. Executive leadership should prioritize compliance and policy development alongside technical remediations to safeguard business continuity and reputation. Continuous monitoring and regular security assessments are recommended to maintain and improve security posture over time.

The website exhibits a concerning security posture with no critical issues but a significant number of high and medium priority vulnerabilities, indicating substantial risk exposure. Missing essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy weaken defenses against common web attacks like clickjacking and cross-site scripting. GDPR compliance is notably deficient, lacking a Privacy Policy, Cookie Policy, and Consent Banner, which exposes the business to regulatory penalties and damages customer trust. The absence of a documented information security framework, incident response plan, and security policies further increases operational risks and non-compliance with NIS2 requirements. DNS health issues, including potential subdomain takeover, present additional attack vectors that could lead to domain hijacking or data breaches. While email and network security are strong, gaps in SSL/TLS management and DNS configurations require timely remediation. Overall, the organization must urgently address governance and technical controls to protect brand reputation, ensure regulatory compliance, and reduce cyber risk exposure.

B

benchmarkseverywhere.com

benchmarkseverywhere.com

0

The website's overall security posture exhibits significant deficiencies that expose the business to reputational, legal, and operational risks. Critical gaps exist in email authentication, security headers, and compliance with GDPR and NIS2 requirements, indicating a lack of foundational security controls and regulatory adherence. The absence of privacy and cookie policies, along with missing consent mechanisms, increases the risk of regulatory penalties and customer trust erosion. Missing incident response and business continuity plans further amplify operational vulnerabilities in case of a breach. While network security and SSL/TLS configurations show relative strength, critical aspects like HSTS and DNSSEC remain unimplemented. The low scores in security headers and compliance modules highlight urgent remediation needs to protect the organization from common web attacks and regulatory scrutiny. Immediate attention to these issues is essential to safeguard customer data, ensure compliance, and maintain business continuity.

The website demonstrates a generally strong security posture in network security and SSL/TLS implementation, scoring 100/100 in those areas. However, critical vulnerabilities exist in email security, notably the absence of any email authentication mechanisms, which poses a significant risk of phishing, spoofing, and brand reputation damage. Medium-level issues such as failure to implement key security headers, lack of GDPR compliance measures, absence of NIS2 compliance, and missing DNSSEC configuration indicate gaps in regulatory adherence and DNS security. The absence of DKIM records further weakens email security, increasing the likelihood of email-based attacks. While network security is robust, the lack of CAA records and incomplete DNS health measures suggest room for improvement in DNS trustworthiness. Overall, the organization must urgently address email authentication and compliance-related controls to reduce exposure to targeted attacks and regulatory penalties. Failure to act could lead to data breaches, financial loss, and erosion of customer trust.

The website exhibits a generally solid security foundation with no critical or high-level vulnerabilities detected, indicating a stable security posture. SSL/TLS and network security modules are fully optimized, ensuring encrypted communications and robust network defenses. However, there are medium-level concerns primarily around missing or misconfigured security headers, GDPR compliance, NIS2 regulatory adherence, and DNS security features like DNSSEC. Low-level issues include complexities in email SPF records and lack of DMARC reporting, which could affect email deliverability and phishing resilience. The absence of certain DNS configurations such as CAA records slightly increases risk exposure to unauthorized certificate issuance. Addressing these medium and low-level gaps will enhance regulatory compliance, reduce attack surface, and improve overall trustworthiness. Proactively closing these gaps will also mitigate risks related to data privacy regulations and evolving cybersecurity threats. Overall, the site is secure but requires targeted improvements to meet best practices and regulatory expectations fully.

The website demonstrates a concerning security posture with no critical vulnerabilities but multiple high and medium risks that could expose the business to significant threats. Key security headers are missing, exposing the site to common web attacks such as clickjacking, content injection, and cross-site scripting. Compliance gaps around GDPR and NIS2 regulations pose legal and reputational risks, including the absence of privacy policies, cookie consent mechanisms, incident response plans, and security documentation. The presence of an exposed FTP service introduces a high-risk attack vector that could lead to unauthorized access or data breaches. Although email security and DNS health are relatively stronger, SSL/TLS configurations need attention, especially with an expiring certificate and lack of HSTS enforcement. Overall, the site requires immediate remediation to secure user data, meet regulatory requirements, and prevent potential operational disruptions or fines. Addressing these issues will improve customer trust, reduce liability, and enhance the organization's cyber resilience.

U

Uber

uberhealth.com

0

The website's overall security posture shows strengths in network security and SSL/TLS configurations, with high scores in these areas reflecting robust technical defenses. However, significant gaps exist in compliance and governance, particularly concerning GDPR and NIS2 requirements, which pose substantial legal and operational risks. Missing privacy policies, cookie consent mechanisms, and third-party privacy assessments expose the business to regulatory penalties and reputational damage. The absence of formal information security frameworks, incident response plans, and security policies indicates a lack of preparedness for cyber incidents, increasing the risk of prolonged disruptions. Security headers and email security need improvements to enhance data protection and mitigate phishing risks. DNS health is generally solid but could be strengthened by enabling DNSSEC and configuring CAA records. Addressing these issues promptly will reduce compliance risks, improve customer trust, and enhance overall resilience against cyber threats.

U

Uber Freight

uberfreight.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities but multiple high and medium-level issues that expose the business to significant risks. Key deficiencies exist in HTTP security headers, which leave the site susceptible to common web attacks like clickjacking, XSS, and data interception. GDPR compliance is notably weak, lacking core privacy elements such as a privacy policy, cookie policy, and consent mechanisms, which can result in regulatory penalties and reputational damage. The absence of a documented information security framework, incident response, and business continuity planning highlights operational risks in managing security incidents. While email security and network security show strong maturity, the gaps in SSL/TLS configurations and DNS settings further reduce overall resilience. Immediate remediation is required to protect user data, ensure regulatory compliance, and maintain customer trust. Proactive security governance and policy documentation are essential to meet NIS2 directives and strengthen organizational security posture.

B

BPAY Pty Ltd

bpay.com.au

0

The website demonstrates a moderate overall security posture with no critical issues detected, but several high and medium-risk vulnerabilities that pose significant risks to business operations and compliance. Key deficiencies exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, exposing the organization to regulatory penalties and potential data breaches. The absence of privacy and cookie policies, as well as missing consent mechanisms, undermines trust and legal compliance with data protection laws. Weak SSL/TLS configurations and mixed content issues threaten secure data transmission and user confidentiality. Network security and email security are strong points, reflecting good foundational controls in those areas. However, the lack of incident response procedures and security documentation hampers the organization's ability to effectively manage and respond to cyber incidents. Immediate remediation efforts should focus on closing compliance gaps, strengthening encryption standards, and improving security policy frameworks to safeguard business continuity and reputation.

N

NZX Wealth Technologies

nzxwt.nz

0

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but multiple high and medium severity issues, particularly in compliance and policy enforcement. Key weaknesses include missing essential security headers, lack of GDPR compliance, absence of a formal information security framework, and poor DNS health. These gaps expose the business to data privacy risks, reputational damage, and potential regulatory penalties. Email security is moderately strong but can be improved. Network security and SSL/TLS configurations are generally well implemented, which mitigates some risk. However, the lack of incident response and business continuity planning raises concerns about resilience to cyber incidents. Urgent attention to governance, privacy policies, and DNS configurations is required to strengthen defense and regulatory compliance. Overall, the site is vulnerable to web-based attacks and non-compliance fines that could impact business continuity and customer trust.

S

SuperLife

superlife.co.nz

0

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but multiple high and medium-risk issues that could expose the business to significant risks. Key gaps exist in security headers implementation, GDPR compliance, and adherence to the NIS2 cybersecurity framework, indicating potential regulatory non-compliance and increased risk of data breaches. The SSL/TLS configuration is suboptimal, with an expiring certificate posing a near-term availability risk. While network security and email security are relatively strong, foundational aspects such as incident response, security policies, and cookie management need urgent attention. The absence of critical headers like Content-Security-Policy and X-Frame-Options increases the risk of cross-site scripting and clickjacking attacks. GDPR-related deficiencies, including missing cookie consent and insufficient privacy policy, may lead to legal penalties and reputational damage. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

S

Smartshares Limited

smartinvest.co.nz

0

The website's overall security posture reveals significant gaps, particularly in foundational security headers, GDPR compliance, and NIS2 regulatory adherence. While there are no critical vulnerabilities, multiple high-severity issues expose the business to risks such as data breaches, regulatory penalties, and reputational damage. Missing key HTTP security headers and an impending SSL certificate expiration undermine secure communications and user trust. GDPR compliance deficiencies, including the absence of a cookie policy and consent mechanisms, present legal and operational risks, especially in European markets. The lack of documented information security and incident response policies indicates insufficient preparedness against cyber incidents. On a positive note, the network security and email security modules score relatively well, showing strengths in these areas. Immediate remediation is needed to protect sensitive data, ensure regulatory compliance, and maintain customer confidence.

D

DiscoverOrg

discoverorg.com

0

The website exhibits a concerning security posture with no critical issues but multiple high and medium-risk findings, indicating significant gaps in foundational security controls. Key deficiencies include missing essential HTTP security headers, weak SSL/TLS configurations, and inadequate GDPR compliance measures, exposing the business to data breaches and regulatory penalties. The absence of a formal information security framework, incident response, and business continuity plans further increases operational risk and vulnerability to cyber incidents. While email and network security are strong, critical areas like web security headers, SSL/TLS, and compliance require urgent attention to protect sensitive user data and maintain customer trust. DNS security is relatively robust but can be improved with additional configurations. Addressing these issues will reduce the risk of exploitation, improve regulatory compliance, and strengthen overall resilience. Prioritizing governance, technical controls, and privacy policies will provide the best risk reduction and business value.

A

Aramex

aramex.net

0

The website demonstrates a generally strong security posture with no critical or high-severity issues detected. Core protections such as email security, SSL/TLS implementation, and network security are fully compliant and scored at 100%. However, medium-severity gaps exist primarily around security headers, GDPR compliance, NIS2 regulation adherence, and DNS security configurations, notably the absence of DNSSEC. These weaknesses expose the site to potential risks like data privacy non-compliance, increased susceptibility to DNS spoofing attacks, and suboptimal mitigation of common web-based threats. Addressing these areas will enhance regulatory compliance, strengthen defenses against DNS-based and web application attacks, and reduce potential legal and reputational risks. The low-severity issues, such as missing CAA records, while less urgent, should be resolved to maintain comprehensive security hygiene. Overall, the site is well-protected but requires targeted improvements to ensure robust, future-proof security and regulatory alignment.

G

g5search.com

g5search.com

0

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but multiple high and medium risk issues that expose it to potential threats. Key deficiencies include missing essential security headers, absence of GDPR compliance elements such as privacy and cookie policies, and lack of foundational NIS2 security framework documentation and procedures. The DNS configuration poses significant risk due to potential subdomain takeover vulnerabilities, which could lead to unauthorized access or phishing attacks. While email security and SSL/TLS implementations are relatively strong, critical gaps in headers and policy enforcement weaken the site's resilience against common web-based attacks. The absence of incident response and business continuity planning increases operational risk in the event of a security breach. Immediate attention to compliance and infrastructure security improvements will reduce legal exposure and improve customer trust. Overall, the site is vulnerable to both technical exploitation and regulatory penalties unless these issues are addressed promptly.

A

Australia Post

australiapostcollectables.com.au

0

The website demonstrates a generally solid technical security foundation with strong network security, SSL/TLS configurations, and DNS health. However, critical gaps exist in compliance with GDPR and NIS2 regulations, particularly around privacy policies, consent mechanisms, and documented security frameworks. The absence of privacy and cookie policies, along with missing consent banners, exposes the business to regulatory and reputational risks. Lack of incident response procedures and security policy documentation further elevates operational risks in case of security events. Security headers are moderately implemented but can be strengthened to reduce attack surface. Email security is good but could be improved with DKIM implementation to prevent spoofing. Overall, the site is secure from a technical standpoint but requires urgent compliance and governance enhancements to mitigate legal and operational risks.

A

Australia Post

digitalid.com

0

The website demonstrates a generally strong technical security posture in areas such as email security, SSL/TLS configuration, DNS health, and network security, reflecting effective implementation of foundational controls. However, significant gaps exist in compliance and governance domains, notably regarding GDPR and NIS2 requirements, which pose substantial legal, reputational, and operational risks. The absence of a privacy policy, cookie policy, and consent mechanisms undermines user trust and exposes the business to potential regulatory penalties. Furthermore, critical deficiencies in information security frameworks, incident response, and security policy documentation indicate a lack of formalized cybersecurity governance and preparedness. While security header implementations are moderate, enhancements are needed to reduce exposure to web-based threats. Addressing these compliance and governance gaps will be essential to align with industry best practices, regulatory mandates, and customer expectations. Prioritizing these improvements will strengthen both risk management and stakeholder confidence.

A

Australia Post

postbillpay.com.au

0

The website demonstrates a solid foundation in network, email, and SSL/TLS security, indicating good baseline protections. However, significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity frameworks, which together expose the business to legal, reputational, and operational risks. Missing critical headers like Content-Security-Policy and X-Frame-Options leave the site vulnerable to cross-site scripting and clickjacking attacks. The absence of privacy and cookie policies, along with no cookie consent mechanism, poses compliance risks under data protection laws such as GDPR, potentially leading to fines and loss of customer trust. Lack of documented security policies, incident response procedures, and business continuity planning increases the risk of inadequate response to cyber incidents, threatening business operations. DNSSEC is not enabled, which could allow DNS spoofing attacks. Addressing these issues will significantly strengthen security posture, reduce compliance risks, and protect the organization from both cyber threats and regulatory penalties. Immediate focus on privacy policies, security headers, and incident response frameworks is recommended. Overall, the current posture requires urgent remediation to align with industry standards and legal requirements.

C

Cure Kids

rednoseday.co.nz

0

The website demonstrates a moderate overall security posture with no critical issues detected; however, there are multiple high and medium severity gaps that present significant risk to business operations and compliance. Key vulnerabilities include lack of foundational security headers and insufficient email authentication, which increase exposure to web-based attacks and phishing risks. Compliance with GDPR and NIS2 regulations is notably weak, with missing cookie consent mechanisms, security policies, and incident response procedures that could lead to regulatory penalties and reputational damage. While network and DNS security are relatively strong, the absence of core security policies and frameworks undermines the organization's resilience against cyber threats. Immediate remediation is critical to protect sensitive customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will also improve customer trust and reduce the likelihood of data breaches. Prioritizing security governance and visibility should be central to the remediation roadmap. Overall, the organization must advance beyond technical fixes to establish a robust security culture aligned with regulatory expectations.

S

Spotify AB

spotifyjobs.com

0

The website demonstrates significant security gaps, particularly in foundational security headers, data privacy compliance, and incident management frameworks. While no critical vulnerabilities were found, multiple high-severity issues indicate an elevated risk exposure that could lead to data breaches, reputational damage, and regulatory penalties. GDPR compliance is notably weak, lacking essential cookie policies and consent mechanisms, which threatens legal compliance and customer trust. The absence of a formal information security framework, incident response, and security policy documentation further exacerbates operational risks. Email security is suboptimal with missing DMARC and DKIM records, increasing the risk of phishing and spoofing attacks. SSL/TLS configurations are moderately healthy but require timely renewal and enabling of HSTS to ensure encrypted communications. DNS and network security are relatively strong, providing a solid foundation on which to build. Immediate remediation of critical governance and privacy controls will significantly reduce business risk and support regulatory adherence.

The website demonstrates a strong overall security posture with no critical or high severity issues, and perfect scores in email security, SSL/TLS configuration, and network security. However, medium-level concerns exist related to security headers, GDPR compliance, NIS2 directives, and DNS health, particularly the absence of DNSSEC. These medium issues could expose the business to regulatory risks, data privacy challenges, and potential domain spoofing vulnerabilities. Low-level issues, such as missing CAA records, slightly reduce DNS security but have less immediate impact. Addressing these gaps will enhance compliance, reduce attack surface, and improve trustworthiness with customers and partners. Prioritizing remediation in the context of evolving regulatory landscapes will safeguard business continuity and reputation. Overall, the website is secure but would benefit from targeted improvements in governance and DNS-related controls.

A

Australia Post

auspost.com.au

0

The website demonstrates a generally solid technical security foundation with strong email security, network security, SSL/TLS, and DNS health scores. However, significant deficiencies exist in compliance with data privacy regulations such as GDPR, and critical gaps are present in information security governance aligned with NIS2 requirements. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the business to regulatory penalties and reputational damage. Moreover, lacking documented security policies, incident response plans, and vulnerability disclosure processes increases operational risk and may delay breach mitigation. Security headers are moderately configured but require improvements to reduce attack surface and prevent data leakage. Overall, the site’s technical controls are adequate but the organization must urgently address compliance and governance shortcomings to safeguard customer trust and meet legal obligations. Failure to act on these high-impact, high-risk issues could result in financial losses and regulatory scrutiny.

N

NZX Limited

nzx.com

0

The website demonstrates a concerning overall security posture with multiple high and medium risk issues primarily related to security headers, GDPR compliance, and NIS2 regulatory standards. While there are no critical vulnerabilities, the absence of key security headers and weak SSL/TLS configurations expose the site to common attacks like clickjacking, XSS, and data interception. GDPR compliance gaps, including missing cookie policies and consent mechanisms, pose legal and reputational risks, especially in regulated markets. The lack of documented information security frameworks, incident response procedures, and security policies further increases organizational risk and may hinder timely breach response. Positive aspects include strong network security and good email security practices, but these do not offset the critical gaps in web application and regulatory security controls. Immediate improvements are necessary to protect sensitive data, maintain customer trust, and ensure regulatory compliance. Without action, the business risks data breaches, regulatory fines, and damage to brand reputation.

R

RealPage

realpagecares.com

0

The website's overall security posture reveals significant gaps, particularly in governance and compliance areas such as GDPR and NIS2 frameworks, exposing the business to regulatory and reputational risks. Critical email security misconfigurations pose a high risk of phishing and spoofing attacks, potentially undermining customer trust. Missing key security headers like Content-Security-Policy and X-Frame-Options increase vulnerability to cross-site scripting and clickjacking attacks, threatening data integrity. Although network security and DNS health are relatively strong, foundational SSL/TLS and header configurations require improvement to safeguard data in transit. The absence of documented incident response and business continuity plans limits the organization's ability to effectively respond to cyber incidents, increasing potential downtime and financial loss. Lack of a cookie policy and consent mechanisms places the company at risk of non-compliance with privacy laws, which could result in fines and legal challenges. Immediate attention to these areas will reduce attack surfaces, ensure compliance, and strengthen overall resilience. Prioritizing governance frameworks and critical technical controls will deliver the greatest business impact.

S

Spotify AB

spotifyforbrands.com

0

The website demonstrates a moderate to weak security posture with no critical issues but several high and medium severity findings that could expose the business to significant risks. Key gaps include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of foundational NIS2 security governance documentation. Email and network security are relatively strong, but SSL/TLS configurations show weaknesses that could undermine data integrity and confidentiality. The absence of incident response and vulnerability disclosure policies increases the risk of prolonged breaches and reputational damage. Overall, the organization faces regulatory compliance risks, potential data breaches, and operational disruptions if these issues remain unaddressed. Immediate remediation will enhance customer trust, reduce legal exposure, and improve resilience against cyber threats. Prioritizing governance and technical controls will strengthen the security framework and align with industry best practices.

The website demonstrates a generally strong security posture with no critical or high-level issues identified and excellent scores in SSL/TLS and network security. However, several medium-severity vulnerabilities exist, primarily related to missing security headers, lack of GDPR and NIS2 compliance verification, absent email authentication via DKIM, and incomplete DNS security configurations such as missing DNSSEC. While low-severity issues like unconfigured CAA records are less urgent, addressing them will further strengthen defenses. The absence of key security headers and email authentication mechanisms could expose the business to data leakage, spoofing, and compliance risks, potentially impacting customer trust and regulatory standing. Overall, the site is well-protected at the network and transport layers but requires focused improvements in application-layer security and regulatory compliance. Prompt remediation of these medium issues will reduce attack surface and enhance resilience against phishing, data breaches, and legal penalties. The current posture positions the business well but leaves room for improvement in critical compliance and email security areas.