Security Directory

G

G5

getg5.com

0

The website's overall security posture reveals significant gaps, particularly in compliance with regulatory frameworks such as GDPR and NIS2, which pose legal and reputational risks. While there are no critical vulnerabilities, several high-severity issues—such as missing security policies, weak SSL key length, and absence of cookie consent—indicate inadequate protection against data breaches and cyber incidents. The security headers and privacy configurations are suboptimal, increasing the likelihood of clickjacking attacks and non-compliance with data privacy laws. Network security and email security are strong points, demonstrating robust perimeter defenses. However, deficiencies in incident response, business continuity planning, and security documentation expose the business to prolonged downtime and regulatory penalties in case of an incident. Immediate attention is needed to address these weaknesses to safeguard customer data, maintain trust, and ensure compliance. Improving these areas will enhance the website’s resilience against cyber threats and regulatory scrutiny.

The website’s overall security posture reveals significant gaps in critical areas, particularly compliance with GDPR and NIS2 regulations, as well as foundational security controls. While there are no critical vulnerabilities, the presence of 11 high-severity issues highlights urgent risks that could lead to legal penalties, data breaches, or service disruptions. Missing key HTTP security headers and weak SSL/TLS configurations expose the site to common web-based attacks such as clickjacking and mixed content exploitation. Compliance gaps, including lack of cookie policies and incident response planning, increase regulatory and operational risks. DNS health issues like unregistered MX records pose risks to email reliability and can affect business communication. Positively, network security controls are strong, and email security is fairly robust, but improvements are needed to prevent spoofing and phishing. Immediate remediation will reduce risks, improve customer trust, and align with regulatory requirements. Without prompt action, the business risks reputational damage, regulatory fines, and potential data compromises.

B

Briscoe Group

briscoegroup.co.nz

0

The website's security posture is currently poor, with significant vulnerabilities across multiple domains including network security, compliance, and security headers. Critical risks arise from numerous exposed critical services such as SMB, MSSQL, MySQL, and Telnet, which pose immediate threats of unauthorized access and data breaches. Additionally, the absence of key security headers and a Content Security Policy increases susceptibility to web-based attacks like clickjacking and cross-site scripting. GDPR compliance is notably lacking, with no cookie policy or consent mechanisms, risking legal penalties and reputational damage. The lack of incident response and information security frameworks further exacerbates business risk by limiting preparedness for cyber events. While email security and DNS health scores are relatively strong, SSL/TLS configurations require urgent improvement to protect data in transit. Overall, the organization faces high exposure to cyber threats and compliance violations that must be urgently addressed to safeguard assets and maintain customer trust.

B

Briscoes AU

briscoes.com.au

0

The website's security posture is currently weak, with numerous critical and high-risk vulnerabilities exposing the business to significant threats including data breaches, regulatory fines, and operational disruptions. Critical services such as Telnet, SMB, MSSQL, MySQL, PostgreSQL, Redis, and MongoDB are openly exposed, posing immediate risk of compromise. Security headers are inadequately configured, leaving the site vulnerable to clickjacking, cross-site scripting, and data leakage attacks. GDPR compliance is poor, with no cookie policy or consent mechanisms in place, increasing legal and reputational risks. The absence of a formal information security framework, incident response plan, and security policies under NIS2 requirements indicates a lack of preparedness for cyber incidents. SSL/TLS configurations are suboptimal, including weak keys and impending certificate expiration, undermining data encryption and trust. Although email security and DNS health show relatively better scores, critical network security gaps must be addressed urgently to protect business assets and maintain customer trust.

N

Nelson Recruiting

nelsonrecruiting.com

0

The website's overall security posture is currently weak, with critical gaps in network security and compliance frameworks, exposing the business to significant operational and reputational risks. Critical services like MySQL and PostgreSQL are publicly accessible, creating immediate vulnerabilities to data breaches. The absence of key security headers and missing incident response and security policies further increase the risk of exploitation and regulatory non-compliance. GDPR compliance is insufficient, lacking essential cookie policies and consent mechanisms, potentially leading to legal penalties. Although email security and TLS configurations show moderate strength, critical certificates and security policies require urgent updating. The NIS2 and network security scores are alarmingly low, indicating inadequate protection against cyber threats and lack of preparedness for incidents. Immediate remediation across network exposure, compliance documentation, and security headers is essential to safeguard the business and maintain customer trust. Without prompt action, the organization faces heightened risks of cyberattacks, data loss, and regulatory fines.

P

Profisee

profisee.com

0

The website demonstrates a moderate overall security posture with no critical issues but multiple high and medium risk findings that could expose the business to significant operational, reputational, and regulatory risks. Key weaknesses exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity framework requirements, reflecting gaps in privacy protection, incident preparedness, and information security governance. SSL/TLS configurations show vulnerabilities including weak key lengths and impending certificate expiration, which threaten secure communications. While email security and network security measures score well, foundational security controls such as Content Security Policy and proper cookie management are missing. Failure to implement GDPR-required cookie consent and policies exposes the business to potential regulatory penalties and loss of customer trust. The absence of incident response and business continuity plans significantly heightens risk from cyber incidents. Immediate remediation will reduce attack surface, improve compliance, and strengthen customer confidence. Overall, addressing these gaps is essential to align with industry standards and regulatory obligations, protecting both the business and its customers.

A

Acentra Health

acentra.com

0

The website's overall security posture reveals significant gaps in compliance and foundational security controls, particularly concerning regulatory requirements and cryptographic protections. While no critical vulnerabilities were found, multiple high and medium severity issues pose material risks to data privacy, legal compliance, and customer trust. Key weaknesses include missing security headers, lack of GDPR-compliant cookie policies and consent mechanisms, absence of formal information security and incident response frameworks, and weak SSL/TLS configurations. Conversely, network security and DNS health show relatively strong scores, indicating some effective controls are in place. The deficient NIS2 compliance score highlights the urgent need for documented security policies and incident handling procedures. Immediate remediation will reduce exposure to data breaches, regulatory penalties, and reputational damage. Investment in security governance and cryptographic standards is needed to align with industry best practices and legal mandates.

C

CNECT

cnectgpo.com

0

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk vulnerabilities across key domains. Significant gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity standards, exposing the business to regulatory, reputational, and operational risks. Missing essential headers like Strict-Transport-Security and Content-Security-Policy weaken defense against common web attacks. GDPR-related deficiencies, including lack of a cookie policy and consent mechanisms, risk non-compliance penalties. The absence of documented security policies, incident response, and business continuity plans under NIS2 further increases exposure to cyber threats and operational disruptions. SSL/TLS configurations are suboptimal with weak key length and upcoming certificate expiry, potentially compromising secure communications. Encouragingly, network security and email security show relatively strong scores, indicating some foundational controls are in place. Immediate remediation focused on regulatory compliance and critical security controls will substantially reduce risk and improve trustworthiness.

B

Bricz

bricz.com

0

The website demonstrates significant security and compliance gaps, particularly in foundational security headers and regulatory adherence, which expose the business to increased risk of data breaches, regulatory penalties, and reputational damage. Although no critical vulnerabilities were found, multiple high and medium risk issues related to missing security headers, incomplete GDPR compliance, and absence of essential NIS2 security frameworks indicate inadequate protection and governance. Email security and network security show relatively strong posture, but weaknesses in SSL/TLS management and DNS configuration could impact trust and data integrity. Immediate attention is needed to establish security policies, incident response capabilities, and enforce data protection measures to align with industry standards and regulations. The low scores in security headers, GDPR, and NIS2 compliance highlight urgent areas that require remediation to safeguard customer data, maintain regulatory compliance, and ensure business continuity. Overall, the website’s security posture is currently insufficient for high-risk operational environments and requires prioritized remediation to reduce exposure and improve stakeholder confidence.

R

RealPage

yieldstar.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities detected but several high and medium-severity issues that could expose the business to regulatory risks and cyber threats. Notably, the absence of essential security headers and weak encryption practices increase susceptibility to common web attacks such as clickjacking and data interception. GDPR compliance gaps, including missing cookie consent and incomplete privacy policies, pose significant legal and reputational risks, especially in markets regulated by data protection laws. The lack of a formal information security framework, policy documentation, and incident response procedures highlights a critical deficiency in organizational security governance. While network security and email security perform relatively well, weaknesses in SSL key strength and DNS configurations undermine overall trustworthiness. Addressing these issues promptly will not only enhance security resilience but also support regulatory compliance and customer confidence. A prioritized, strategic approach focusing on governance, encryption, and compliance will provide the most business value. Continuous monitoring and improvement are essential to maintaining and advancing the security posture over time.

The website exhibits significant security and compliance gaps that could expose the business to legal, reputational, and operational risks. While there are no critical vulnerabilities, multiple high-severity issues related to missing security headers, absence of GDPR compliance measures, and lack of foundational information security frameworks are evident. The absence of a Privacy Policy, Cookie Policy, and consent mechanisms increases the risk of regulatory penalties and undermines user trust. Additionally, missing incident response and security policy documentation hampers the organization's ability to effectively manage and respond to security incidents. Although email security, SSL/TLS, DNS health, and network security scores are relatively strong, foundational security controls such as HSTS and DNSSEC require improvement. Immediate remediation is essential to align with industry best practices and relevant regulations like GDPR and NIS2. Addressing these gaps will substantially reduce the risk of data breaches, regulatory fines, and damage to brand reputation.

S

ShowingTime+

showingtime.com

0

The website demonstrates a moderate overall security posture with strong network security and solid SSL/TLS and email security implementations. However, significant gaps exist in compliance and governance areas, particularly concerning GDPR and NIS2 regulatory requirements, which present considerable legal and reputational risks. The absence of fundamental privacy policies, cookie consent mechanisms, and incident response procedures exposes the business to potential regulatory penalties and customer trust erosion. Missing critical security headers like X-Frame-Options increases susceptibility to web-based attacks such as clickjacking. While core infrastructure like DNS and SSL is generally well-managed, some improvements are needed to maintain robust protection. Immediate focus on establishing comprehensive privacy and security policies, alongside addressing critical security headers, will substantially improve risk posture. Without remediation, these vulnerabilities could lead to data breaches, compliance violations, and operational disruptions impacting business continuity and customer confidence.

S

Seismic

seismic.com

0

The website demonstrates a generally solid security foundation with no critical vulnerabilities detected, and strong performance in email security, SSL/TLS, DNS health, and network security. However, significant gaps exist in governance and compliance areas, notably GDPR and NIS2 regulations, with multiple high-severity issues such as missing cookie policies, lack of incident response procedures, and absence of security framework documentation. These deficiencies expose the business to regulatory risks, potential legal penalties, and reputational damage. Security headers are not fully optimized, leaving the site vulnerable to clickjacking and some cross-site scripting risks. While SSL/TLS configurations are largely robust, upcoming certificate expiry and incomplete HSTS settings require attention to maintain trust and secure communications. Overall, the organization should prioritize establishing comprehensive security policies and compliance measures to mitigate operational and regulatory risks effectively.

R

RealPage, Inc.

realpagelumina.com

0

The website's overall security posture reveals significant gaps, particularly in governance and compliance areas. Critical issues such as the lack of email authentication and missing incident response procedures expose the business to heightened risks of phishing attacks and prolonged downtime during security incidents. High-severity findings around GDPR compliance and the absence of a documented security framework indicate potential regulatory and reputational risks. Although network security and DNS health scores are strong, foundational security controls like Content-Security-Policy and Strict-Transport-Security headers are insufficiently configured, increasing vulnerability to web-based attacks. Expiring SSL certificates and mixed content issues further degrade trust and security. Immediate remediation is necessary to safeguard sensitive data, ensure regulatory compliance, and protect brand reputation. The business should prioritize establishing formal security policies and improving critical headers and email authentication measures. Addressing these issues will reduce risk exposure and support long-term resilience against evolving cyber threats.

R

Real Estate Team OS

realestateteamos.com

0

The website's overall security posture exhibits significant gaps, particularly in foundational security controls and regulatory compliance. Critical and high-severity issues primarily relate to missing email authentication, lack of comprehensive security policies, and poor implementation of security headers, exposing the business to phishing, data breaches, and clickjacking attacks. GDPR compliance is notably weak, with absent cookie policies and consent mechanisms, risking legal penalties and reputational damage. Although network security and SSL/TLS configurations are relatively strong, imminent SSL certificate expiration and missing DNS security features present moderate risks. The absence of an incident response framework and vulnerability disclosure policy indicates unpreparedness for security incidents. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard brand trust. Addressing these issues will strengthen the website’s resilience against common threats and align it with industry best practices.

F

Freddie Mac

freddiemac.com

0

The website demonstrates a generally solid technical security foundation with no critical vulnerabilities detected and strong scores in email security, network security, SSL/TLS, and DNS health. However, significant gaps exist in regulatory compliance and governance, particularly regarding GDPR and NIS2 mandates, which present substantial legal and operational risks. The absence of essential policies such as cookie consent, incident response, and security frameworks exposes the organization to potential regulatory penalties and undermines customer trust. Missing key security headers and mixed content issues indicate areas where the website’s resilience against common web attacks can be improved. While foundational network and protocol configurations are strong, the low scores in compliance reflect a need for urgent attention to documentation, privacy, and incident management. Overall, the security posture is functional but incomplete, with business-critical exposure due to compliance shortcomings. Addressing these gaps will enhance legal compliance, customer confidence, and incident readiness, thereby reducing potential financial and reputational damage.

F

Fannie Mae

fanniemae.com

0

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that could impact both security and regulatory compliance. Notably, the absence of key GDPR-related elements such as Privacy and Cookie Policies, and a consent banner, exposes the business to potential legal penalties and loss of user trust. Security headers are inadequately configured, increasing susceptibility to common web attacks like cross-site scripting. The lacking information security framework and incident response procedures indicate immature cybersecurity governance, risking delayed or ineffective handling of security incidents. SSL certificate expiration and mixed content issues threaten secure communications, while missing DNSSEC and email authentication elements could allow domain spoofing or phishing attacks. Positively, network security and DNS health are strong, providing a solid foundation. Overall, immediate focus on compliance and security policy establishment is critical to safeguard business operations and reputation.

B

Blend

blend.com

0

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, significant gaps exist in compliance, documentation, and some security configurations. High-severity issues center on GDPR non-compliance, including the absence of a cookie policy and consent mechanisms, which expose the business to regulatory and reputational risks. Additionally, the lack of an established information security framework, incident response procedures, and security policy documentation undermines the organization's ability to effectively manage cybersecurity risks and respond to incidents, potentially affecting business continuity. SSL certificate expiration and mixed content warnings further threaten data integrity and user trust. While network security and email security scores are strong, deficiencies in security headers and DNS configurations expose the website to avoidable attack vectors. Prioritizing compliance and foundational security processes will significantly enhance the organization's risk posture and regulatory standing.

The website demonstrates a mixed security posture with no critical issues but multiple high and medium severity vulnerabilities that expose the business to regulatory, operational, and reputational risks. Key deficiencies exist in privacy compliance (GDPR) with missing privacy policies and cookie consent mechanisms, risking legal penalties and loss of customer trust. The absence of fundamental information security governance, including security policies, incident response, and business continuity planning, indicates immature security management and increases exposure to cyber threats. Technical security controls such as security headers and SSL/TLS configurations are weak or incomplete, which could allow exploitation through web-based attacks and undermine data confidentiality. Email and network security components are relatively strong, though improvements in DNS security and certificate management are needed. Immediate remediation is required for missing privacy documentation and security policies to mitigate compliance risks and build a security-aware culture. Strengthening cryptographic settings and web security headers will help protect customer data and maintain brand integrity. Overall, addressing these issues is critical to safeguarding business operations and maintaining regulatory compliance in an evolving threat landscape.

S

ShowingTime Plus, LLC

marketviewbroker.com

0

The website's overall security posture is weak, with critical and high-severity issues predominantly related to foundational security controls. Missing essential HTTP security headers and lack of email authentication expose the business to web-based attacks, phishing, and data interception risks. Non-compliance with GDPR requirements, including absence of privacy and cookie policies and consent mechanisms, risks regulatory penalties and reputational damage. The absence of documented information security frameworks, incident response plans, and security policies reflects immature governance, increasing operational and compliance risks. While network infrastructure and SSL/TLS configurations are relatively strong, critical gaps in DNS security and email authentication reduce trust and increase vulnerability to spoofing and phishing. Immediate remediation is necessary to protect customer data, ensure legal compliance, and maintain stakeholder confidence. Addressing these issues will reduce risk exposure, improve incident readiness, and support business continuity.

D

DotLoop LLC

dotloop.com

0

The website demonstrates a generally strong network and email security posture, with high scores in networkSecurity (100/100) and emailSecurity (95/100). However, significant gaps exist in compliance and governance areas, particularly related to GDPR and NIS2 regulations, where scores are notably low (43/100 and 25/100 respectively). Critical business risks stem from missing cookie policies and consent mechanisms, lack of information security frameworks, and absent incident response and business continuity plans. Security headers are partially implemented but lack essential protections like Content-Security-Policy, increasing exposure to web-based attacks. SSL/TLS configurations are good overall but require timely certificate renewal and improved HSTS settings. DNS health is solid but could be enhanced by enabling DNSSEC. Addressing these deficiencies is crucial to mitigate regulatory non-compliance risks, protect customer data, and ensure operational resilience against security incidents.

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but numerous high and medium-risk issues exist that could expose the business to regulatory, reputational, and operational risks. Key deficiencies are primarily in security headers, GDPR compliance, and NIS2 cybersecurity governance frameworks. Missing essential HTTP security headers like Strict-Transport-Security and Content-Security-Policy increase the risk of man-in-the-middle and cross-site scripting attacks. Compliance gaps, including absent privacy and cookie policies and lack of cookie consent mechanisms, pose legal and financial risks under data protection laws. Furthermore, the absence of documented security policies, incident response plans, and vulnerability disclosure procedures undermines organizational resilience and regulatory compliance. Although email security, DNS health, and network security postures are strong, weaknesses in SSL/TLS configuration and certificate management require urgent remediation. Immediate improvements in these areas will reduce attack surface, enhance customer trust, and support regulatory adherence.

B

Briscoes

briscoes.co.nz

0

The website's security posture is currently weak, exposing the business to significant cyber risks and potential regulatory non-compliance. Numerous critical and high-severity issues exist, especially in network security where multiple critical services such as Telnet, SMB, MSSQL, and databases are openly exposed, significantly increasing the risk of unauthorized access and data breaches. Key security controls including essential HTTP security headers and GDPR compliance measures like cookie policies and consent banners are missing, elevating legal and reputational risks. The absence of formal information security frameworks, incident response plans, and security policies further undermines the organization's resilience to cyber incidents. While email security and DNS health show relatively better scores, weaknesses remain in SSL/TLS configurations that could allow interception or downgrade attacks. Immediate remediation is required to protect sensitive data, maintain customer trust, and comply with regulations such as GDPR and NIS2. Failure to address these gaps could result in financial loss, legal penalties, and damage to brand reputation. Strengthening foundational security controls and network defenses should be prioritized to reduce the attack surface and improve overall risk posture.

The website demonstrates a generally sound technical security posture with strong network security, SSL/TLS configurations, and email security. However, there are significant compliance and governance gaps, primarily related to GDPR and NIS2 regulatory requirements, which pose high legal and operational risks. Key concerns include the absence of privacy and cookie policies, lack of consent mechanisms, and missing incident response and information security framework documentation. These deficiencies could lead to regulatory penalties, reputational damage, and loss of customer trust. Security headers are implemented but need strengthening to mitigate web-based attacks effectively. DNS and email security are adequate but have room for improvement to reduce attack surface. Addressing governance and compliance issues should be prioritized alongside enhancing security headers to ensure a balanced, robust security posture that supports business continuity and regulatory adherence.

The website exhibits a moderate security posture with no critical vulnerabilities but several high and medium-risk issues that could expose the business to regulatory, reputational, and operational risks. Key weaknesses include missing crucial security headers like Content-Security-Policy and inadequate GDPR compliance, notably the absence of a cookie policy and consent mechanism. The most significant gaps lie in the lack of foundational NIS2 security governance elements, including no documented security policies, incident response procedures, or vulnerability disclosure policies. While SSL/TLS and network security are relatively strong, mixed content issues and suboptimal HTTP Strict Transport Security (HSTS) configurations reduce overall protection. DNS security is good but could be enhanced by enabling DNSSEC and configuring CAA records. Immediate remediation is especially critical to meet regulatory requirements, protect sensitive user data, and reduce exposure to web-based attacks. The current state may lead to compliance penalties, customer trust erosion, and increased risk of successful cyberattacks if not addressed promptly.

O

Osano, Inc.

trusthub.com

0

The website demonstrates a generally stable security posture with no critical vulnerabilities detected and strong scores in SSL/TLS and network security. However, significant gaps exist in compliance-related areas, notably GDPR and NIS2 regulatory requirements, which expose the business to legal and operational risks. Missing cookie policies, consent mechanisms, and privacy policy issues create potential non-compliance liabilities under data protection laws. Additionally, the absence of documented security policies, incident response procedures, and security contact information undermines the organization's ability to effectively manage security incidents and regulatory audits. Security headers are partially implemented but lack key protections, increasing the risk of clickjacking and cross-site scripting. Email security is reasonably well configured but can be improved with DKIM and DMARC enhancements. DNS security is good but would benefit from enabling DNSSEC and configuring CAA records to prevent unauthorized certificate issuance. Overall, the company should prioritize compliance maturity and governance to reduce business risk while reinforcing technical controls.

A

Aryeo

aryeo.com

0

The website demonstrates several significant security gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. While there are no critical vulnerabilities, the presence of multiple high and medium severity issues in security headers, GDPR compliance, NIS2 regulatory adherence, and SSL/TLS configuration indicate an urgent need for remediation. The low scores in security headers (30/100), GDPR (43/100), and especially NIS2 (25/100) highlight weaknesses in both technical controls and governance practices. Email security and network security are relatively strong, reducing some exposure to phishing and network-based attacks. However, the absence of key policies and procedures, such as incident response and vulnerability disclosure, leaves the organization ill-prepared for security events. The lack of cookie consent mechanisms also risks non-compliance fines under data protection laws. Overall, the organization should prioritize strengthening foundational security controls and compliance frameworks to protect customer data and maintain trust.

F

Follow Up Boss

followupboss.com

0

The website demonstrates a generally stable security posture with no critical vulnerabilities detected; however, significant gaps exist in compliance and governance areas, particularly GDPR and NIS2 requirements. While foundational network and email security controls are strong, missing security headers and incomplete security policies expose the business to potential data privacy risks and regulatory penalties. The absence of a cookie policy, consent mechanisms, and incident response procedures presents considerable legal and operational risks, especially as data privacy regulations tighten. Insufficient documentation of security frameworks and contact points undermines stakeholder trust and readiness to respond to incidents. Addressing these issues promptly will enhance regulatory compliance, reduce exposure to data breaches, and improve overall security resilience. The organization should prioritize establishing formal security policies, GDPR compliance measures, and incident response capabilities to protect business continuity and reputation. Investment in these areas will mitigate risks of fines, customer dissatisfaction, and operational disruption.

Z

Zillow, Inc.

zillowhomeloans.com

0

The website demonstrates a concerning security posture with significant gaps in fundamental protections and regulatory compliance. While there are no critical vulnerabilities detected, the presence of 11 high and multiple medium-severity issues indicates elevated risk exposure. Key deficiencies include missing essential security headers, lack of GDPR compliance elements such as privacy and cookie policies, and absence of core NIS2 security governance frameworks and incident response protocols. These lapses increase the risk of data breaches, regulatory penalties, and reputational damage. On a positive note, email security and network security configurations are robust, and SSL/TLS and DNS health are relatively strong but still require improvements. Immediate remediation is needed to address regulatory compliance and secure communication headers to reduce attack surfaces. Implementing structured security policies and response plans will enhance resilience and trust with customers and partners.

A

Access to this page has been denied

hotpads.com

0

The website demonstrates a concerning overall security posture, with significant gaps in foundational security headers, privacy compliance, and organizational security policies. While no critical vulnerabilities were identified, the presence of 11 high-level issues related to missing security headers and lack of GDPR and NIS2 compliance exposes the business to increased risk of data breaches, regulatory penalties, and reputational damage. The absence of key headers such as Strict-Transport-Security and Content-Security-Policy reduces protection against common web-based attacks. Additionally, the lack of privacy policies and cookie consent mechanisms highlights non-compliance with GDPR requirements, potentially resulting in legal consequences. Organizational security governance is weak, with missing incident response procedures, security policies, and contact information, impairing the ability to detect, respond to, and recover from security incidents effectively. Email and network security show relatively strong posture, indicating some existing controls are in place. Immediate focus on addressing high-impact security headers, privacy compliance, and security governance will considerably improve the website’s risk profile and business resilience.

The website's overall security posture shows significant gaps in foundational security controls, particularly in HTTP security headers and compliance with privacy regulations. While there are no critical vulnerabilities, 11 high and 8 medium severity issues indicate considerable risk exposure. Key weaknesses include missing essential security headers such as Strict-Transport-Security and Content-Security-Policy, which increase the risk of attacks like clickjacking, man-in-the-middle, and cross-site scripting. Additionally, the absence of GDPR compliance elements — including privacy policies, cookie consent banners, and third-party privacy oversight — poses legal and reputational risks. The lack of adherence to NIS2 security frameworks and incident response planning raises concerns about the organization's preparedness for cyber incidents. Positively, email security, SSL/TLS configuration, DNS health, and network security show strong performance, reducing risk from certain attack vectors. Immediate action is required to address policy gaps, security headers, and compliance to protect business assets, customer trust, and regulatory standing.

S

ShowingTime+

showingtimeplus.com

0

The website's security posture reveals significant gaps primarily in compliance and governance frameworks, particularly related to GDPR and NIS2 requirements, which could expose the business to regulatory penalties and reputational damage. While there are no critical vulnerabilities, multiple high and medium severity issues in security headers, encryption practices, and incident response readiness indicate an elevated risk profile. The absence of privacy policies, cookie consent mechanisms, and security documentation undermines trust and legal compliance. Network and email security are strong points, suggesting foundational infrastructure controls are effective. However, weaknesses in SSL configuration and DNS security measures could jeopardize data confidentiality and integrity. Overall, immediate attention to regulatory compliance and security governance will mitigate substantial business and operational risks. Enhancing security headers and cryptographic standards will further strengthen defenses against common web-based threats.

C

CNHI

cnhi.com

0

The website demonstrates a concerning security posture with no critical issues but multiple high and medium risks that could expose the business to data breaches, regulatory penalties, and reputational damage. Key deficiencies include missing essential security headers, poor GDPR compliance, lack of documented security policies, and weak SSL/TLS configurations. While network security and email security appear relatively strong, significant gaps in incident response, vulnerability disclosure, and security governance are evident. The absence of cookie policies and consent banners increases legal exposure under GDPR. Additionally, weak encryption and missing HTTP Strict Transport Security reduce protection against common web attacks. Immediate remediation is necessary to safeguard customer data, ensure regulatory compliance, and maintain stakeholder trust. Addressing these issues will strengthen the overall security posture and reduce business risk significantly.

The website demonstrates a concerning overall security posture with significant gaps in foundational web security headers and regulatory compliance, particularly related to GDPR and NIS2 directives. Although no critical vulnerabilities were identified, the presence of 11 high-severity issues—especially missing key security headers and lack of privacy policies—exposes the business to risks including data breaches, legal non-compliance, and reputational damage. The absence of incident response and security policy documentation further increases organizational risk by limiting preparedness for potential cyber incidents. Email security, SSL/TLS, DNS health, and network security show relatively strong scores, indicating good controls in these areas. However, the lack of strict transport security (HSTS) and DNSSEC weakens the overall defense posture. Immediate remediation of compliance gaps and security header misconfigurations is essential to reduce legal liabilities and improve customer trust. The business should prioritize establishing clear security governance and incident response capabilities to align with industry and regulatory standards.

The website demonstrates a moderate overall security posture with no critical issues but multiple high and medium severity findings that pose significant risks. Key weaknesses include missing essential security headers, lack of GDPR compliance elements such as privacy and cookie policies, and absence of foundational security governance aligned with NIS2 requirements. SSL/TLS configurations are suboptimal, with weak keys and impending certificate expiration, potentially exposing data transmissions to interception. The absence of incident response and business continuity plans increases organizational risk in the event of a security breach. While email security and network infrastructure show relatively strong scores, critical gaps in policy, governance, and user privacy protections expose the business to regulatory penalties and reputational damage. Immediate remediation in these areas will improve compliance, reduce attack surface, and build customer trust. Overall, the site requires urgent attention to security policies, encryption standards, and privacy disclosures to align with best practices and regulatory mandates.

M

Moving.com

moving.com

0

The website demonstrates a concerning security posture with no critical vulnerabilities but multiple high and medium-risk issues primarily related to missing security headers, inadequate GDPR compliance, and absent information security governance aligned with NIS2 requirements. The lack of key HTTP security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy exposes the site to common web attack vectors like clickjacking, man-in-the-middle, and cross-site scripting. GDPR compliance gaps, including missing privacy and cookie policies and consent mechanisms, pose significant legal and reputational risks. Additionally, the absence of documented security policies, incident response plans, and vulnerability disclosure processes reflects immature security governance, increasing operational risk. SSL/TLS and DNS configurations are relatively strong but can be further improved by enabling HSTS and DNSSEC. Email and network security show solid postures, indicating some effective controls are in place. Immediate remediation is crucial to reduce exposure to cyber threats and ensure regulatory compliance, protecting both business assets and customer trust.

The website demonstrates a generally stable security posture with no critical vulnerabilities detected, and strong scores in network security, SSL/TLS, email security, and DNS health. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, posing potential legal and operational risks. The absence of essential security headers and policies, such as Content-Security-Policy and Permissions-Policy, increases exposure to common web-based attacks. Lack of privacy and cookie policies, as well as missing consent mechanisms, may lead to regulatory penalties and damage customer trust. Furthermore, missing incident response and business continuity plans indicate unpreparedness for security incidents, risking prolonged downtime and data breaches. Addressing these deficiencies is vital to protect the business from compliance violations, security incidents, and reputational harm. Prioritizing these improvements will strengthen the organization's security resilience and regulatory adherence. Overall, the website’s foundational security controls are sound but require urgent enhancement in policy, compliance, and incident management areas.

The website demonstrates a concerning security posture with multiple high and medium severity issues, particularly in security headers, GDPR compliance, and NIS2 regulatory readiness. While network security and core TLS configurations appear strong, critical security headers are missing, exposing the site to common web attacks like clickjacking, XSS, and content injection. The absence of a privacy policy, cookie policy, and consent mechanisms indicates non-compliance with GDPR, risking regulatory fines and reputational damage. Lack of documented information security frameworks, incident response plans, and security policies further increase operational risk and vulnerability to cyber incidents. Email security is reasonably well implemented but can be improved. Immediate focus on regulatory compliance and implementing foundational security controls is essential to protect user data, maintain trust, and avoid legal consequences. Overall, the website requires urgent remediation to align with best practices and regulatory requirements to safeguard business continuity and customer confidence.

The website demonstrates a moderately weak security posture with no critical issues detected but several high and medium-severity vulnerabilities that pose significant risks. Key deficiencies include missing essential security headers, inadequate GDPR compliance with absent privacy and cookie policies, and lack of fundamental NIS2 security governance such as incident response and security policy documentation. SSL/TLS configurations need urgent improvement due to weak key lengths and expiring certificates, risking encrypted communications. Email and network security are relatively strong, but gaps in DNSSEC and email authentication (DKIM) remain. These shortcomings expose the business to data breaches, regulatory penalties, and reputational damage. Immediate remediation is necessary to strengthen defenses, ensure legal compliance, and maintain customer trust. Proactive governance and technical controls will significantly reduce the risk of cyber incidents and compliance violations.

C

Contentful

contentfulstatus.com

0

The website exhibits significant security gaps, particularly in compliance, email security, and incident management frameworks, which pose substantial risks to business operations and regulatory adherence. Critical and high severity issues, such as the absence of email authentication and missing key security headers, expose the organization to phishing attacks, data breaches, and clickjacking vulnerabilities. GDPR compliance is notably weak, with no cookie policy or consent mechanism, risking regulatory fines and eroding customer trust. The lack of documented information security and incident response policies under NIS2 directives indicates unpreparedness for cyber incidents, threatening operational resilience. Although network security and SSL/TLS configurations show strengths, weaknesses in DNS security and HTTP security headers reduce overall protection. Addressing these issues promptly will reduce exposure to cyber threats, improve regulatory compliance, and enhance customer confidence. Prioritizing governance and technical controls will support sustainable security posture improvements. Incremental remediation aligned with business priorities is essential to mitigate risks effectively.

The website exhibits significant security weaknesses that present substantial risks to the business, including exposure of critical services and non-compliance with key regulations such as GDPR and NIS2. Missing essential HTTP security headers severely undermine protection against common web threats like clickjacking, XSS, and content injection. The absence of privacy and cookie policies, alongside no cookie consent mechanism, risks regulatory penalties and damages user trust. Critical infrastructure services like PostgreSQL and FTP are openly exposed, representing immediate attack vectors that could lead to data breaches or operational disruptions. Furthermore, the lack of documented security policies, incident response plans, and business continuity strategies indicates immature security governance. Although SSL/TLS and DNS configurations are relatively stronger, notable gaps such as near-expiring certificates and missing DNSSEC remain. Immediate remediation will reduce legal exposure, protect sensitive data, and improve overall resilience against cyber threats.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected but several high and medium severity issues that pose significant risk. Key deficiencies include missing critical security headers such as Content-Security-Policy and weak configurations of transport security headers, increasing exposure to client-side attacks. Compliance gaps with GDPR and NIS2 regulations are evident, notably the absence of cookie policies, consent mechanisms, incident response procedures, and security policy documentation, which could lead to regulatory penalties and reputational damage. The SSL/TLS and DNS configurations are generally solid but require improvements to fully protect data in transit and DNS integrity. Email and network security modules score well, indicating good controls in those areas. However, the lack of a formal information security framework and vulnerability disclosure processes introduces organizational risk. Addressing these issues will strengthen security posture, regulatory compliance, and customer trust.

The website exhibits a generally solid network and SSL/TLS security posture, scoring 100/100 in these areas, which is a strong foundation for secure communications. However, significant gaps exist in email authentication, with a critical issue of no email authentication configured and missing DKIM records, increasing risks of phishing and email spoofing. Medium-level issues in security headers, GDPR compliance, NIS2 compliance, and DNS health (notably the lack of DNSSEC) indicate potential vulnerabilities in data protection, regulatory adherence, and domain security. Low-level issues such as missing CAA records, while less urgent, still impact overall DNS security robustness. The failure in GDPR and NIS2 analyses also poses legal and regulatory risks that could result in penalties or damage to brand reputation. Immediate remediation in email security and DNS protection will greatly enhance the website’s trustworthiness and compliance posture. Overall, while the infrastructure is strong, the organization should prioritize closing these critical and medium gaps to reduce exposure to cyber threats and regulatory non-compliance.

The website demonstrates a mixed security posture with strengths in network security, SSL/TLS configuration, email security, and DNS health. However, critical gaps exist in compliance with GDPR and NIS2 regulations, especially due to missing privacy policies, cookie consent mechanisms, and comprehensive security documentation. The absence of key security headers and vulnerability disclosure policies further exposes the site to preventable threats like clickjacking and content-type based attacks. These compliance and security shortcomings not only increase operational risk but could also result in regulatory penalties and damage to brand reputation. Immediate attention to privacy compliance and incident response readiness is crucial for business continuity and trust. While foundational security controls are in place, the lack of documented policies and frameworks leaves the organization vulnerable to evolving threats. Addressing these gaps will improve regulatory alignment, customer trust, and overall resilience against cyber threats.

C

Country Road

countryroad.co.nz

0

The website's overall security posture shows no critical vulnerabilities but reveals significant high and medium risks that could expose the business to compliance, operational, and reputational threats. Notably, the absence of foundational GDPR documentation and cookie consent mechanisms presents major regulatory compliance gaps, risking legal penalties and loss of customer trust. The missing core security headers and lack of an incident response framework further amplify exposure to common web-based attacks and operational disruptions. DNS and email configurations contain high-risk issues such as unregistered MX records and missing DKIM records, which could lead to email delivery problems and increased phishing risks. While network security and SSL/TLS configurations are generally strong, mixed content and incomplete HSTS policies reduce overall transport security effectiveness. Immediate remediation in governance, compliance, and core security controls is needed to safeguard customer data, ensure regulatory compliance, and maintain business continuity. Without addressing these, the business faces increased risks of data breaches, service interruptions, and regulatory fines.

Z

Zillow Group

zillowgroup.com

0

The website demonstrates a moderate overall security posture with no critical issues found, but several high and medium severity gaps that pose significant risks. Key vulnerabilities include missing essential security headers, lack of GDPR compliance measures such as cookie policy and consent mechanisms, and absence of comprehensive security governance aligned with NIS2 requirements. While network security and email security are strong, deficiencies in incident response, security policy documentation, and vulnerability disclosure processes expose the business to operational and regulatory risks. The presence of mixed content and weak HSTS configurations could lead to data interception and man-in-the-middle attacks. Non-compliance with GDPR and NIS2 frameworks may result in regulatory penalties and damage to brand reputation. Immediate remediation will reduce exposure to cyber threats and enhance customer trust. Overall, addressing these gaps is critical to aligning security practices with business continuity and regulatory expectations.

M

Move, Inc.

move.com

0

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but numerous high and medium risk issues, particularly in security headers, GDPR compliance, and NIS2 regulatory alignment. Key gaps include missing essential HTTP security headers and absence of privacy and cookie policies, which increase exposure to data breaches and regulatory penalties. The lack of incident response procedures, security policy documentation, and security framework indicate immature security governance, potentially impacting business resilience. Email security, SSL/TLS configuration, DNS health, and network security show relatively strong controls, mitigating some risks. However, missing GDPR elements and security headers threaten customer trust and compliance standing, which could lead to legal consequences and brand damage. Immediate remediation in these areas will strengthen defense-in-depth and regulatory compliance. Overall, the site needs focused improvements in baseline security controls and policy implementations to reduce risk and ensure data protection.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected, but several high and medium risk issues significantly undermine its security and compliance standing. Key weaknesses include missing essential HTTP security headers, lack of GDPR compliance elements such as privacy and cookie policies, and absence of foundational cybersecurity frameworks and incident response planning required under NIS2 regulations. While email security, SSL/TLS configuration, DNS health, and network security score well, the gaps in security policies, data protection measures, and header configurations expose the business to risks such as data breaches, regulatory fines, and reputational damage. Immediate attention is needed to address compliance-related deficiencies and implement strong security controls. Strengthening these areas will not only reduce risk but also enhance customer trust and ensure regulatory alignment. Without remediation, the business remains vulnerable to targeted attacks and legal liabilities. Proactive investment in security governance and technical controls is critical to safeguard assets and maintain competitive advantage.

The website demonstrates a generally sound network security and SSL/TLS posture, with strong email security and DNS health scores. However, significant shortcomings exist in privacy compliance and information security governance, notably lacking a privacy policy, cookie policies, and essential GDPR compliance elements. Critical NIS2 regulation adherence is absent, including no incident response plan, security policies, or business continuity planning, exposing the organization to regulatory and operational risks. Security headers are incompletely implemented, increasing the risk of common web attacks such as clickjacking and content sniffing. While there are no critical vulnerabilities identified, the high and medium issues collectively indicate a need for urgent remediation to reduce legal exposure, enhance customer trust, and safeguard against potential breaches. Addressing these gaps will improve regulatory compliance, reduce reputational risk, and strengthen the overall security posture. Prioritizing governance and compliance measures alongside technical controls is essential for sustainable business security.

The website demonstrates a moderate security posture with no critical issues but several high and medium-risk findings that could expose the business to regulatory, reputational, and operational risks. Key deficiencies include missing fundamental security headers, lack of GDPR compliance measures such as privacy and cookie policies, and the absence of essential NIS2 cybersecurity governance frameworks like incident response and security policy documentation. While email security, SSL/TLS, DNS health, and network security show strong maturity, the gaps in legal compliance and governance frameworks pose significant risks for regulatory penalties and customer trust erosion. Addressing these gaps is vital to reduce legal liability, improve customer confidence, and strengthen overall cybersecurity resilience. Immediate focus on privacy policy implementation and establishing security governance will enhance compliance with evolving legal and industry standards. Proactive communication of security policies and incident response readiness will also support business continuity and reputation management. Overall, the website requires targeted improvements to bridge compliance and policy deficiencies while maintaining its strong technical security controls.