Security Directory

The website's overall security posture demonstrates strengths in network security and email security, with high scores of 100 and 95 respectively. However, there are critical vulnerabilities related to GDPR compliance and organizational security policies, particularly for EU business operations, which pose significant legal and reputational risks. The absence of a cookie policy, consent banner, and adequate privacy measures exposes the business to potential regulatory penalties under GDPR. Additionally, foundational security frameworks such as incident response procedures, security policies, and vulnerability disclosure mechanisms are lacking, undermining the organization's ability to manage and respond to cybersecurity events effectively. SSL/TLS configurations show weaknesses that could compromise data in transit, while DNS security features like DNSSEC are not fully implemented. Low-severity issues in security headers suggest room for improvement in protecting user data from leakage and caching risks. Immediate remediation of critical and high-risk issues will significantly enhance compliance posture and reduce threat exposure.

The website demonstrates a generally strong network and email security posture but exhibits significant deficiencies in compliance with GDPR and NIS2 regulations, which expose the business to legal and operational risks. The absence of fundamental privacy documentation such as Privacy and Cookie Policies, combined with missing consent mechanisms, places the company at high risk of regulatory penalties, particularly given its operations within the EU. Critical gaps in information security frameworks, incident response, and business continuity planning indicate insufficient preparedness against cybersecurity incidents. SSL/TLS configurations are suboptimal, with weak key lengths and an expiring certificate, potentially undermining data confidentiality and trust. While foundational DNS and security header settings are adequate, improvements are needed to enhance overall resilience. Addressing these issues promptly is essential to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Prioritizing remediation of privacy and security governance will significantly reduce business exposure and strengthen the security posture.

The website exhibits significant security gaps, particularly in GDPR compliance and NIS2 regulatory adherence, posing substantial legal and operational risks for the business. While network security and email security demonstrate strong postures, critical issues such as the absence of cookie consent mechanisms and privacy policies expose the organization to regulatory penalties and reputational damage. The presence of a weak SSL key length and upcoming SSL certificate expiration increases the risk of encrypted data interception. Missing incident response, security policies, and business continuity plans indicate unpreparedness for security events, threatening operational resilience. Low scores in GDPR and NIS2 modules highlight urgent needs for privacy governance and information security frameworks. Overall, the site’s technical security measures are mixed, but compliance deficiencies must be addressed immediately to avoid fines and customer trust erosion. Immediate attention to privacy policies and foundational security documentation will substantially improve the business risk profile.

M

mstack

mstack.nl

0

The website's overall security posture shows strengths in network security and email security, with scores of 100 and 95 out of 100 respectively. However, critical vulnerabilities exist in GDPR compliance and NIS2 regulatory adherence, scoring 18 and 25 respectively, which pose significant legal and operational risks. Key issues include the absence of cookie policies and consent mechanisms, lack of incident response and security policy documentation, and weak SSL configurations. These gaps not only expose the business to potential data breaches but also to regulatory penalties, particularly within the EU jurisdiction. While basic security headers and DNS health are generally well configured, improvements are needed to align with best practices. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will reduce liability and strengthen customer trust.

The website exhibits a generally strong network and email security posture, but critical deficiencies exist in GDPR compliance, NIS2 security governance, and SSL/TLS configuration. The critical GDPR issue indicates the business is operating in the EU without adequate privacy measures, posing significant regulatory and reputational risks. Multiple high-severity issues around the lack of security policies, incident response, and vulnerability disclosure reflect immature information security management, potentially leading to delayed breach detection and response. SSL/TLS weaknesses, including an expiring certificate and weak key length, expose the site to man-in-the-middle attacks and data interception. While security headers and DNS health are relatively strong, minor improvements would further harden the environment. Immediate remediation of GDPR non-compliance and NIS2 framework adoption are essential to avoid legal penalties and ensure business continuity. Addressing these gaps will significantly reduce risk exposure and enhance trust with customers and regulators.

The website exhibits a mixed security posture with strong network security and email protections but significant gaps in GDPR compliance and information security governance. Critical and high-severity findings around privacy policies, cookie consent, and EU data protection requirements expose the business to regulatory penalties and reputational risk. Additionally, the absence of key NIS2 security governance elements—including incident response, security policies, and business continuity planning—indicates immature cybersecurity management. SSL/TLS configurations also present vulnerabilities, such as weak key lengths and imminent certificate expiration, which could lead to compromised data in transit. While foundational controls like security headers and DNS health are generally good, low-level misconfigurations suggest opportunities for improvement. Addressing these issues holistically will reduce legal exposure, enhance customer trust, and strengthen resilience against cyber incidents. Immediate focus on GDPR compliance and security governance will yield the highest business impact.

U

UC3

uc3.com

0

The website demonstrates a moderate to low overall security posture, with no critical vulnerabilities but several high and medium priority issues that pose significant business risks. Key deficiencies include missing essential security headers, lack of GDPR compliance elements such as a cookie consent banner, and absence of foundational NIS2 security documentation and policies. While email security, SSL/TLS, DNS health, and network security scores are strong, gaps in governance, incident response, and privacy controls expose the business to regulatory penalties, reputational damage, and potential exploitation. Immediate remediation is needed to reduce attack surface and comply with regulatory frameworks, especially NIS2 and GDPR. The absence of security policies and incident response procedures is especially concerning for business continuity and crisis management. Proactive enhancements in security headers, privacy controls, and policy documentation will strengthen defense-in-depth and regulatory compliance. Overall, the current posture may hinder customer trust and operational resilience if unaddressed.

The website's overall security posture reveals significant gaps, especially in compliance and critical security controls. While network security appears robust, there are critical vulnerabilities in email authentication and SSL configurations that expose the business to phishing and data interception risks. The absence of GDPR-compliant measures such as a cookie consent banner and clear privacy policies could lead to regulatory penalties and reputational damage. Moreover, severe deficiencies in NIS2-related governance—like missing incident response procedures and security policy documentation—indicate unpreparedness for cyber incidents, increasing operational risk. Security headers are partially implemented but require strengthening to protect user data and prevent information leakage. DNS security is moderate but can be improved with DNSSEC and CAA records. Immediate remediation is essential to mitigate potential breaches, comply with regulations, and safeguard customer trust and business continuity.

C

Christie's International Real Estate

christiesrealestate.com

0

The website demonstrates a moderate to low overall security posture with no critical issues but several high and medium severity gaps that expose the business to compliance risks, data exposure, and operational disruptions. Key weaknesses include missing essential security headers, lack of GDPR compliance elements such as cookie policies and consent mechanisms, and absence of foundational NIS2 security management practices like incident response and security policy documentation. While network security and SSL/TLS configurations score relatively well, the absence of strict transport security (HSTS) and DNSSEC adoption weaken the defense-in-depth strategy. Email security is adequate but can be improved by enabling DKIM. Addressing these issues is imperative to reduce regulatory risks, protect customer data, and ensure business continuity. Overall, the website requires urgent enhancements in security governance, privacy compliance, and HTTP security controls to meet industry standards and protect brand reputation.

C

Culture Montréal

culturemontreal.ca

0

The website's overall security posture is concerning, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key security headers are missing, weakening protections against common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy or cookie policies and absence of consent mechanisms, which could lead to legal penalties and reputational damage. The lack of a formal information security framework, incident response plans, and security documentation under NIS2 regulations further heightens operational risk and regulatory exposure. Critical network services like MySQL and FTP are exposed publicly, representing immediate high-risk attack vectors. Email security is relatively strong but could be improved with stricter DMARC enforcement and reporting. SSL/TLS configurations require attention to avoid certificate expiry and enable HSTS for improved transport security. Overall, urgent remediation is needed to reduce exposure, ensure compliance, and safeguard customer trust.

R

Réseau Scènes

reseauscenes.com

0

The website’s overall security posture is currently inadequate, exposing the business to significant risk from both technical vulnerabilities and regulatory non-compliance. Critical and high-severity issues, including exposed critical services such as MySQL and FTP, combined with missing essential security headers, indicate a high likelihood of exploitation. The absence of key GDPR policies (Privacy Policy, Cookie Policy, and consent mechanisms) exposes the company to potential legal and reputational damage. Additionally, the lack of a formal information security framework, incident response plans, and security documentation under NIS2 requirements suggests immature security governance. While email security and DNS health scores are relatively strong, foundational web security controls, encryption enforcement (HSTS), and secure service exposure are lacking. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and avoid regulatory penalties. Addressing these gaps will also improve resilience against cyberattacks and support business continuity.

The website demonstrates a moderate to weak overall security posture with no critical vulnerabilities but multiple high and medium-risk issues, particularly in security headers, GDPR compliance, and NIS2 regulatory adherence. Key gaps include missing essential HTTP security headers such as Strict-Transport-Security and Content-Security-Policy, exposing the site to man-in-the-middle and cross-site scripting attacks. GDPR compliance is poor, lacking privacy and cookie policies and consent mechanisms, risking regulatory penalties and reputational damage. Similarly, the absence of documented information security frameworks, incident response procedures, and security contact points undermines operational resilience and regulatory compliance under NIS2. Email security controls like DMARC and DKIM are partially implemented but need enforcement to prevent phishing risks. SSL/TLS and DNS configurations are relatively strong but can be further improved by enabling HSTS and DNSSEC. Network security posture is solid, indicating good infrastructure controls. Addressing these issues promptly will reduce legal risks, enhance customer trust, and strengthen overall cyber resilience.

I

Inforoutes 06

inforoutes06.fr

0

The website's overall security posture reveals significant gaps, particularly in privacy compliance and core security controls. Critical issues include the absence of essential email authentication, exposing the organization to phishing risks, and non-compliance with GDPR regulations despite operating in the EU, which could result in legal penalties and reputational damage. The lack of security policies, incident response procedures, and vulnerability disclosure mechanisms indicates immature information security governance. Missing key HTTP security headers such as Content-Security-Policy and X-Frame-Options increase exposure to common web attacks like clickjacking and cross-site scripting. Additionally, the presence of a high-risk exposed FTP service and issues within SSL/TLS configurations further elevate the risk profile. While DNS and network security show moderate maturity, critical controls require immediate attention. Addressing these findings will enhance regulatory compliance, reduce cyber risk, and protect customer trust.

D

Département des Alpes-Maritimes

mesdemarches06.fr

0

The website’s overall security posture reveals significant gaps, particularly in privacy compliance and foundational security policies, posing substantial business and regulatory risks. Critical and high-severity issues center around GDPR non-compliance, including the absence of privacy and cookie policies and consent mechanisms, which expose the business to potential legal penalties and reputational damage within the EU market. The lack of an established information security framework, incident response plan, and security documentation further undermines operational resilience and regulatory adherence, notably under NIS2 requirements. Technical security controls such as missing Content-Security-Policy headers, weak SSL key length, and incomplete email authentication protocols exacerbate the risk of data breaches and phishing attacks. While network security and DNS health show relatively strong scores, essential improvements in SSL/TLS configuration and security headers are needed. Immediate remediation is critical to avoid compliance violations, reduce attack surfaces, and protect customer trust. Without addressing these issues promptly, the business risks operational disruption, data compromise, and financial penalties. Overall, the assessment points to urgent needs for governance, compliance, and technical controls alignment to safeguard the enterprise and its customers.

B

BNP Paribas

integrated-report.bnpparibas

0

The website exhibits significant security weaknesses across several critical domains, posing substantial risks to business operations and regulatory compliance. Notably, the absence of key email authentication mechanisms and poor SSL/TLS configurations expose the site to phishing, spoofing, and data interception threats. GDPR compliance is severely lacking, with no privacy policy or cookie consent banner, increasing legal and reputational risks. The missing security framework, policies, and incident response plans reflect immature cybersecurity governance, undermining the organization's ability to manage and recover from security incidents. While network security posture and DNS health are relatively strong, fundamental security headers and content security policies are not properly implemented, leaving the site vulnerable to common web attacks. Overall, the current posture could lead to data breaches, regulatory fines, and erosion of customer trust if not addressed promptly. Immediate action is essential to strengthen defenses and align with industry best practices and regulatory requirements.

The website demonstrates a generally strong technical security posture with robust SSL/TLS settings and good network security. However, significant gaps exist in compliance with GDPR and NIS2 regulations, posing substantial legal and operational risks. Critical issues include the complete absence of essential privacy policies and cookie consent mechanisms, which threaten regulatory compliance and customer trust, especially for EU users. The lack of documented information security frameworks, policies, and incident response procedures further exposes the business to heightened cyber risk and potential operational disruption. Email and DNS security configurations require improvement to prevent spoofing and enhance domain integrity. While security headers are mostly adequate, refinements can strengthen defense-in-depth. Immediate focus on regulatory compliance and governance frameworks is imperative to mitigate potential fines, reputational damage, and business continuity risks.

The website demonstrates a generally strong technical security foundation with robust network security, SSL/TLS configurations, and email security. However, significant gaps exist in regulatory compliance, particularly GDPR and NIS2, which present considerable legal and operational risks. Missing privacy and cookie policies, lack of consent mechanisms, and absent security governance documentation indicate insufficient organizational controls. Security headers are partially implemented but require enhancements to mitigate common web-based attacks. The absence of incident response and business continuity planning exacerbates potential downtime and breach impact. Addressing these deficiencies is critical to maintain customer trust, avoid regulatory penalties, and strengthen overall risk management. Prioritizing compliance and governance reforms will align security posture with legal requirements and industry best practices. Immediate remediation will reduce exposure to data privacy violations and operational disruptions.

The website demonstrates a generally strong foundation in network security, SSL/TLS implementation, and email security, reflected by high module scores in these areas. However, critical weaknesses exist in GDPR compliance and NIS2 regulatory adherence, posing significant legal and operational risks, especially for EU business operations. Missing privacy and cookie policies, lack of cookie consent mechanisms, and inadequate privacy measures expose the business to potential fines and reputational damage. The absence of an information security framework, incident response plans, and documented security policies undermines the organization's ability to manage and respond to security incidents effectively. Additionally, some security headers and DNS configurations are incomplete, which could increase exposure to data leakage and DNS-based attacks. Immediate remediation in privacy compliance and governance documentation is essential to mitigate regulatory risks and enhance trust with customers and partners. Overall, while technical defenses are strong, governance and compliance gaps represent the most pressing concerns for business continuity and legal compliance.

The website's overall security posture reveals significant gaps, especially in GDPR compliance and information security management aligned with NIS2 directives. Critical vulnerabilities include an invalid SSL certificate and the absence of email authentication, posing immediate risks to data integrity and user trust. High-risk issues such as missing privacy and cookie policies, lack of incident response procedures, and no security framework indicate inadequate governance and potential regulatory exposure. While network security and DNS health show strength, fundamental security headers and privacy controls are insufficient. The low scores in GDPR and NIS2 modules highlight urgent compliance and operational security deficiencies. Addressing these key areas will reduce legal risks, protect user data, and enhance the organization's reputation. Immediate remediation of critical SSL and email security issues is essential to maintain secure communications and prevent exploitation.

The website exhibits a mixed security posture with strong email, SSL/TLS, and network security measures, reflected in high module scores. However, significant gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and absence of essential security governance documents. A critical issue flagged is operating as an EU business without adequate privacy safeguards, exposing the organization to regulatory fines and reputational damage. Medium-level security header deficiencies and DNS configuration gaps further increase the risk surface. While foundational technical controls are solid, the lack of formalized incident response, business continuity, and vulnerability disclosure processes signals immature security management. This combination represents a substantial compliance and operational risk that must be addressed promptly to safeguard customer trust and avoid legal penalties. Immediate attention to privacy, policy documentation, and incident readiness will provide the greatest business value and risk reduction.

L

LCL

lcl.fr

0

The website exhibits a mixed security posture with strong performance in SSL/TLS, network security, and email security, but significant gaps in GDPR compliance and NIS2 regulatory requirements. Critical issues include operating an EU-facing business without adequate privacy measures, lacking core privacy policies, and missing incident response and security documentation. These deficiencies expose the business to legal risks, regulatory penalties, and reputational damage, particularly under stringent EU data protection laws and NIS2 mandates. Security headers are generally adequate but could be improved to guard against common web threats. DNS and email security are moderately well-configured but require enhancements to strengthen defenses against spoofing and DNS attacks. Overall, the company must prioritize compliance and governance frameworks to reduce exposure and build customer trust. Addressing these gaps will mitigate significant business risks and align the website with current cybersecurity and privacy best practices.

C

Centre d'Imagerie du Sport de Monaco : IRM, scanner, échographie

centre-imagerie-sport-monaco.com

0

The website demonstrates a mixed security posture with no critical issues but multiple high and medium severity vulnerabilities that could significantly impact both security and regulatory compliance. Key weaknesses include missing essential security headers, inadequate GDPR compliance due to absent privacy and cookie policies, and a lack of foundational security governance frameworks such as incident response and security policies aligned with NIS2 requirements. SSL/TLS configurations and email security have notable gaps that could expose communications to interception or spoofing. However, network security and DNS health show relatively strong performance, indicating a stable underlying infrastructure. Failure to address these gaps increases the risk of data breaches, legal penalties, and reputational damage. Prioritizing compliance and foundational security controls will better protect customer data and maintain trust. Immediate remediation is critical to reduce exposure and align with industry best practices and regulatory mandates.

L

La Clinique Monte-Carlo

lacliniquemontecarlo.com

0

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. While there are no critical vulnerabilities detected, numerous high and medium severity issues exist, particularly around security headers, GDPR compliance, and information security governance aligned with NIS2 requirements. The absence of key HTTP security headers such as Strict-Transport-Security and Content-Security-Policy increases risk of web-based attacks. GDPR deficiencies, including missing privacy and cookie policies, expose the company to potential legal penalties and customer trust erosion. Lack of documented security policies and incident response plans under NIS2 further weakens the organization’s ability to manage and respond to cyber incidents effectively. SSL/TLS weaknesses and suboptimal email security settings present additional attack vectors. However, network security and DNS-related controls show relatively strong maturity. Immediate remediation in these areas will reduce risk and improve compliance posture substantially.

The website exhibits significant security and compliance gaps, particularly in privacy and incident management frameworks, posing considerable risks to business reputation and regulatory compliance. Critical deficiencies in GDPR adherence, such as the absence of a privacy policy, cookie policy, and consent mechanisms, expose the business to potential legal penalties and loss of customer trust. The lack of a security policy framework, incident response procedures, and vulnerability disclosure processes undermines the organization's ability to manage and respond to cyber threats effectively. Weak HTTP security headers and mixed content issues indicate vulnerabilities to web-based attacks, potentially compromising user data integrity. Exposure of high-risk services like FTP increases the attack surface and opens pathways for unauthorized access. While email security and DNS health are relatively stronger, they do not compensate for the fundamental gaps in governance and technical controls. Immediate remediation is required to address compliance and critical security flaws to safeguard business continuity and customer confidence. Overall, the security posture is inadequate for operating securely within the EU regulatory environment and against evolving cyber threats.

A

Agence Z&KO

zandko.fr

0

The website exhibits a concerning security posture with multiple critical and high-severity issues that expose the business to regulatory, operational, and reputational risks. Key deficiencies include the absence of fundamental security headers, lack of GDPR compliance mechanisms such as privacy and cookie policies, and missing core information security framework documentation required under NIS2 regulations. These gaps indicate inadequate protection of user data and insufficient preparedness for incident response, which could lead to regulatory fines and loss of customer trust. Additionally, the presence of high-risk exposed services like FTP and incomplete SSL/TLS configurations increase vulnerability to cyberattacks. While some areas like email security and DNS health show relative strength, the overall security maturity is low, necessitating immediate remediation. Addressing these issues will improve compliance, reduce attack surface, and safeguard business continuity. Without prompt action, the organization risks data breaches, legal penalties, and damage to its brand reputation.

C

CIEPP

ciepp.ch

0

The website's overall security posture shows strong network security and solid SSL/TLS and DNS configurations, but reveals significant vulnerabilities in privacy compliance, email authentication, and information security governance. Critical gaps exist in GDPR compliance, including missing privacy and cookie policies and consent mechanisms, exposing the business to regulatory and reputational risks. The lack of an information security framework, security policies, and incident response procedures indicates immature security management, increasing exposure to cyber threats and operational disruptions. Email security is critically weak due to missing SPF and DKIM records, raising the risk of phishing and domain spoofing attacks. Security headers are partially implemented but omit key protections against cross-site scripting and feature abuse. Addressing these deficiencies will mitigate regulatory exposure, improve customer trust, and reduce the risk of cyber incidents. Prioritizing compliance and governance controls alongside email security enhancements is vital for business resilience and trustworthiness.

The website demonstrates a moderate security posture with no critical vulnerabilities currently detected; however, there are multiple high and medium risk issues that could expose the business to regulatory non-compliance and cyber threats. Significant gaps exist in privacy compliance, including missing privacy and cookie policies and absence of a consent banner, which expose the business to GDPR fines and reputational damage. The lack of documented information security and incident response policies indicates immature cybersecurity governance, increasing risk during security incidents. Network security weaknesses, such as exposed FTP service and missing DNSSEC, further heighten the risk of unauthorized access and data interception. While email security and SSL/TLS implementations are generally strong, some SSL and HSTS configurations require improvement to maintain secure communications. The overall security headers configuration is suboptimal, missing key protections like Content-Security-Policy, increasing risk of content injection attacks. Immediate attention to governance, privacy compliance, and network service exposure will significantly reduce business risk and improve regulatory adherence. Strengthening these areas will bolster customer trust and reduce potential financial and operational impacts from security incidents.

M

MYSEA

mysea.co

0

The website's overall security posture is weak, with critical and high-severity vulnerabilities that expose the business to significant risks including data breaches and compliance violations. Key deficiencies include the absence of essential security headers, lack of GDPR compliance mechanisms such as cookie consent, and missing foundational NIS2 security policies and incident response plans. Critically, the exposure of database services (MySQL and PostgreSQL) and unsecured FTP services presents immediate threats that could lead to unauthorized access and data compromise. While email security and SSL/TLS configurations show moderate strength, gaps like impending SSL certificate expiration and missing HSTS reduce resilience against interception attacks. DNS security is fairly solid but could be improved with DNSSEC and CAA records. Overall, urgent remediation is required to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Failure to address these issues could result in financial loss, reputational damage, and legal penalties.

D

D-EDGE

fastbooking.com

0

The website's overall security posture reveals significant gaps in key areas critical to protecting business assets and customer trust. While no critical vulnerabilities were detected, there are multiple high and medium severity issues, particularly concerning missing security headers, GDPR compliance, and lack of formalized security frameworks. The absence of essential security headers like Strict-Transport-Security and Content-Security-Policy exposes users to elevated risks from man-in-the-middle and cross-site scripting attacks. GDPR compliance deficiencies, including no cookie consent banner and incomplete privacy policies, pose regulatory and reputational risks, especially in EU markets. The lack of incident response procedures and security policy documentation indicates immature organizational security governance, increasing potential downtime and breach impact. Email security and network infrastructure are relatively stronger but still require improvements to prevent phishing and spoofing threats. Immediate remediation will bolster customer confidence, reduce compliance risks, and lower the likelihood and impact of cyber incidents.

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity findings that pose significant risks. Key gaps include missing essential security headers, lack of GDPR compliance artifacts such as privacy and cookie policies, and absence of foundational NIS2 security governance documentation. The absence of a security framework, incident response procedures, and vulnerability disclosure policies increases exposure to regulatory penalties and potential prolonged breach impacts. While network security and SSL/TLS configurations are strong, email security and DNS configurations need improvement, particularly in DMARC enforcement and DNSSEC deployment. Immediate remediation in governance, policy, and header configurations is crucial to reduce attack surface and improve trust with customers and regulators. Without addressing these issues, the business risks reputational damage, regulatory fines, and operational disruptions. Investing in these security controls will enhance resilience, compliance posture, and customer confidence.

A

Andbank

andbank.es

0

The website's security posture is currently weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Critical and high-severity issues dominate the assessment, especially in privacy compliance (GDPR) and foundational web security headers, indicating gaps in legal and technical safeguards. The absence of key security headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to man-in-the-middle and cross-site scripting attacks. Lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks, especially for EU customers. The missing security framework, incident response procedures, and vulnerability disclosure policies reflect immature security governance, increasing exposure to prolonged or unmitigated incidents. Exposure of high-risk services such as FTP further elevates the attack surface. While email security, SSL/TLS, DNS health, and network security show moderate maturity, they still require improvements. Immediate attention to these issues will reduce risk, support regulatory compliance, and enhance customer trust.

The website demonstrates a generally stable security posture with no critical or high severity vulnerabilities detected. However, several medium and low-risk issues indicate areas requiring improvement to strengthen overall defenses and regulatory compliance. Notably, failures in security headers, GDPR, and NIS2 compliance analyses suggest gaps in privacy and cybersecurity controls that could expose the business to regulatory and reputational risks. DNS configuration weaknesses such as lack of DNSSEC and CAA records increase susceptibility to DNS spoofing and certificate mis-issuance. The exposure of SSH services without adequate controls represents a potential entry point for attackers if not properly secured. Email security is mostly robust, though the absence of DMARC reporting reduces visibility into email abuse. Addressing these medium and low-level issues will enhance the company’s security posture, reduce risk exposure, and support compliance with evolving regulations.

A

Actyus | Fintech venture capital

actyus.com

0

The website demonstrates a moderate overall security posture with no critical issues but multiple high-severity vulnerabilities predominantly in governance, compliance, and configuration areas. Key deficiencies exist in GDPR compliance, including missing privacy and cookie policies and absence of a consent banner, exposing the organization to regulatory and reputational risks. Security headers are inadequately configured, increasing exposure to common web-based attacks such as clickjacking and cross-site scripting. The lack of a formal information security framework, incident response procedures, and security policy documentation indicates immature cybersecurity governance, which could delay breach detection and response. Email security and DNS health are relatively strong, though improvements in DMARC enforcement and DNSSEC could further reduce phishing and spoofing risks. SSL/TLS configuration issues, including weak key length and imminent certificate expiration, present risks to secure communications and customer trust. Network security posture is solid, providing a stable foundation for other improvements. Addressing these issues promptly will reduce regulatory exposure, enhance customer trust, and strengthen overall risk management.

The website's overall security posture shows significant vulnerabilities in foundational security controls, privacy compliance, and incident preparedness, despite no critical issues detected. High-severity gaps in HTTP security headers expose the site to common web attacks such as clickjacking, content injection, and data interception. There is a notable absence of GDPR compliance elements like privacy policies and cookie consent mechanisms, posing legal and reputational risks. Furthermore, the lack of an information security framework, incident response procedures, and business continuity planning indicates immature security governance, increasing the impact of potential security incidents. While email security and TLS/DNS configurations are relatively strong, expiring SSL certificates and missing HSTS reduce the effectiveness of encryption protections. The presence of an exposed high-risk FTP service significantly raises the risk of unauthorized data access. Overall, immediate remediation is needed to protect customer data, ensure regulatory compliance, and reduce operational risks from cyber threats.

The website's overall security posture is concerning, with no critical vulnerabilities detected but multiple high and medium priority issues that could significantly impact business operations and compliance. Key gaps in security headers leave the site vulnerable to common web attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is notably weak, lacking essential privacy documents and user consent mechanisms, exposing the business to regulatory fines and reputational damage. The absence of a documented information security framework, incident response procedures, and security policies indicates immature cybersecurity governance, increasing risk in the event of a breach. SSL/TLS and DNS configurations are generally acceptable but require improvements to maintain trust and secure communications. The exposure of high-risk services like FTP presents a direct avenue for attackers to compromise systems. While email security is robust, overall network and website security need urgent attention to protect data, ensure regulatory compliance, and sustain customer confidence.

I

Icecat

icecat.fr

0

The website's overall security posture reveals significant gaps, especially in privacy compliance and email security, which pose substantial risks to business reputation and regulatory adherence. Critical findings include the absence of essential GDPR-related policies and mechanisms, notably for an EU-based business, exposing the company to potential legal penalties and customer trust erosion. Email authentication is critically lacking, increasing the risk of phishing and domain spoofing attacks that could harm brand integrity. While SSL/TLS and network security are robust, foundational security controls such as Content-Security-Policy headers and security policy documentation are missing or insufficient. The NIS2 compliance score is notably low, indicating inadequate preparedness for incident response and governance requirements. DNS health is generally good but would benefit from enabling DNSSEC to protect against DNS spoofing. Addressing these issues will strengthen regulatory compliance, reduce cyber risk, and protect business continuity and customer trust.

I

Icecat NV

icecat.com

0

The website demonstrates a moderate to low overall security posture with no critical issues but multiple high and medium severity findings that pose significant risks. Key vulnerabilities include missing essential security headers, weak SSL configurations, and inadequate GDPR compliance due to absent privacy and cookie policies. Additionally, the absence of a formal information security framework and incident response procedures under NIS2 regulations exposes the business to regulatory non-compliance and operational risks. Email security and network security scores are relatively strong, but improvements are necessary to maintain trust and safeguard data. Immediate remediation is required to protect against clickjacking, cross-site scripting, data leakage, and legal penalties. Addressing these gaps will enhance customer confidence, reduce exposure to cyber threats, and ensure regulatory compliance. Failure to act promptly may result in reputational damage, financial losses, and legal consequences.

I

International University of Monaco

monaco-executive-education.com

0

The website exhibits a mixed security posture with strong network security and SSL/TLS configurations but significant gaps in compliance and core security policies. Critical and high-severity issues primarily surround email authentication, regulatory compliance (GDPR and NIS2), and absence of formal security documentation and procedures. The lack of email authentication poses immediate risks of phishing and email spoofing, undermining brand trust and deliverability. GDPR compliance deficiencies, including missing cookie policies and consent banners, expose the business to potential legal penalties and reputational damage. The absence of an information security framework, incident response plan, and vulnerability disclosure process under NIS2 indicates a maturity gap in organizational security governance. While technical controls like DNS and SSL are generally solid, missing headers and policy configurations reduce defense-in-depth effectiveness. Addressing these vulnerabilities is critical to safeguarding customer data, ensuring regulatory compliance, and maintaining operational resilience. Immediate action will mitigate risks, enhance customer trust, and support long-term business continuity.

O

OMNES Education

omneseducation.com

0

The website security assessment reveals a concerning overall security posture with no critical issues but multiple high and medium severity findings, particularly in governance, compliance, and security policy domains. Key weaknesses exist in security headers, GDPR compliance, and NIS2 regulatory adherence, exposing the business to legal risks, data privacy violations, and increased vulnerability to cyber threats. Email security and network security show relatively strong performance, reducing risk from phishing and network-based attacks. SSL/TLS configurations need urgent improvement to maintain secure communications, especially given the impending certificate expiry and weak key length. The absence of incident response and business continuity plans further heightens operational risk. Addressing these gaps will significantly reduce the risk of data breaches, regulatory fines, and reputational damage. Immediate focus on compliance and foundational security controls is essential to protect customer trust and meet regulatory requirements.

The website demonstrates a moderate overall security posture with no critical vulnerabilities detected, which reduces immediate risk of severe exploitation. However, significant gaps exist in compliance with GDPR and NIS2 regulations, particularly concerning privacy policies, cookie management, and documented security frameworks. Missing or weak security headers and incomplete SSL/TLS configurations leave the site vulnerable to man-in-the-middle attacks and data exposure. The absence of incident response and business continuity plans poses risks to operational resilience during security incidents. Network and email security settings are strong, which is a positive foundation. Immediate remediation in legal compliance and security policy documentation is essential to avoid regulatory penalties and reputational damage. Addressing SSL/TLS and header-related weaknesses will enhance user trust and protect sensitive information. Overall, the business should prioritize closing compliance gaps and reinforcing core security controls to safeguard assets and customer data effectively.

The website exhibits a concerning security posture with no critical issues but multiple high and medium-risk findings, particularly in security headers, GDPR compliance, and organizational security frameworks. Key deficiencies include missing essential HTTP security headers like Strict-Transport-Security and Content-Security-Policy, which expose users to potential attacks such as man-in-the-middle and cross-site scripting. GDPR compliance is notably poor, lacking a privacy policy, cookie policy, and consent mechanisms, which risks regulatory penalties and damages customer trust. The absence of a documented information security framework, incident response procedures, and security policies under NIS2 regulations further indicates a lack of organizational preparedness for cyber incidents. While email security, SSL/TLS, DNS health, and network security show reasonably strong controls, the gaps in foundational security and compliance measures present significant business risks. Addressing these issues promptly will reduce exposure to data breaches, regulatory fines, and reputational harm. Prioritizing governance, policy documentation, and user protection mechanisms is essential for improving the overall security and compliance posture.

S

SupplHi S.r.l. Società Unipersonale

supplhi.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities but several high and medium risk issues that warrant immediate attention. Key deficiencies exist in security header implementations, GDPR compliance, and adherence to NIS2 requirements, potentially exposing the business to regulatory, reputational, and operational risks. The absence of essential headers like Content-Security-Policy and X-Frame-Options increases susceptibility to web-based attacks such as clickjacking and cross-site scripting. GDPR-related gaps, including missing cookie policies and consent mechanisms, expose the company to legal penalties and erode customer trust. NIS2 compliance is particularly weak, lacking formal security frameworks, incident response plans, and documented policies, which could impair the company’s ability to handle cyber incidents effectively. Email security measures are moderate but require improvements to prevent phishing and spoofing threats. SSL/TLS and DNS configurations are relatively strong but need minor updates to maintain robustness. Overall, the organization should prioritize closing regulatory gaps and enhancing web security controls to protect its assets and reputation.

V

Volcanic

volcanic.co.uk

0

The website demonstrates a generally strong technical security foundation with perfect SSL/TLS and network security scores, and good email and DNS configurations. However, significant shortcomings exist in governance and compliance areas, particularly regarding NIS2 and GDPR requirements, which expose the business to regulatory risks and potential operational disruptions. The absence of critical security policies, incident response plans, and clear security contact information severely undermines the organization's ability to manage security incidents effectively. Additionally, missing security headers and weak email authentication configurations increase vulnerability to attacks such as cross-site scripting and email spoofing. The lack of a cookie consent banner and potentially non-compliant privacy policies also risk non-compliance with GDPR, potentially resulting in legal penalties and reputational damage. Overall, while technical controls are mostly robust, governance and compliance gaps present the most urgent business risks. Addressing these will improve resilience, regulatory compliance, and customer trust.

U

UDITIS SA

formalites-export.com

0

The website demonstrates a generally strong technical security foundation with no critical issues found and excellent scores in network security (100/100) and SSL/TLS (97/100). However, significant gaps exist in regulatory compliance and governance, particularly concerning GDPR and NIS2 frameworks, which present high-risk exposure for legal penalties and operational risks. The absence of privacy and cookie policies, as well as missing consent mechanisms, undermines user trust and compliance with data protection laws. Furthermore, the lack of formal information security frameworks, incident response plans, and security policy documentation exposes the organization to increased vulnerability and reputational damage in case of a breach. Email security posture is moderate but requires improvement to prevent phishing and spoofing attacks. Security headers are generally well-implemented but missing critical policies that enhance protection against clickjacking and information leakage. Addressing these issues promptly will reduce compliance risks, strengthen incident readiness, and improve overall security resilience.

S

Swissquote

swissquote.ch

0

The website demonstrates a generally strong technical security foundation, with excellent SSL/TLS, network security, and DNS health scores. However, significant gaps exist in compliance with GDPR and NIS2 regulations, indicated by missing privacy and cookie policies, absence of consent mechanisms, and lack of documented security and incident response procedures. These deficiencies expose the business to regulatory risks, potential fines, and reputational damage, especially in regions governed by GDPR and NIS2 mandates. While some medium severity issues like missing X-XSS-Protection header and lack of DKIM records impact security, the primary concern is the absence of governance frameworks and policies. Addressing these will not only reduce compliance risk but also improve overall security posture and stakeholder trust. Immediate prioritization of privacy compliance and formal security documentation is critical to align with legal obligations and industry best practices. The organization's proactive network and SSL/TLS configurations provide a solid base to build upon. Overall, the security posture is solid technically but requires urgent policy and compliance enhancements to mitigate business risks effectively.

The website demonstrates a generally strong network security posture and good email security measures, but critical gaps exist in compliance and governance areas, particularly relating to GDPR and NIS2 requirements. The absence of a cookie policy and consent banner exposes the business to regulatory non-compliance risks and potential fines under GDPR. Key documentation and procedures such as incident response, security policies, and business continuity planning are missing, which heightens operational and security risks. SSL certificate expiry is imminent, threatening site availability and user trust. DNS configuration weaknesses, including an unregistered MX record and lack of DNSSEC, increase exposure to email spoofing and DNS attacks. While security headers are mostly in place, missing permissions-policy headers could allow unnecessary resource access. Overall, the security posture requires urgent attention to governance, compliance, and certificate management to mitigate legal, reputational, and operational risks.

The website demonstrates a concerning security posture with no critical issues but several high-impact vulnerabilities primarily related to missing security headers, lack of GDPR compliance, and absence of essential security policies. Key risks include exposure to man-in-the-middle attacks due to missing Strict-Transport-Security, clickjacking threats from absent X-Frame-Options, and legal/regulatory risks stemming from missing privacy and cookie policies. The lack of an incident response plan and security framework further exposes the business to prolonged downtime and data breaches. While email security, DNS health, and network security scores are relatively strong, deficiencies in SSL/TLS configuration and mixed content issues reduce overall trustworthiness. Immediate remediation is necessary to protect user data, comply with regulations, and maintain customer confidence. Addressing these gaps will significantly reduce the risk of cyber incidents and potential financial and reputational damage. Overall, the site requires focused security governance and technical improvements to elevate its security maturity to an acceptable business standard.

S

Superfund Towarzystwo Funduszy Inwestycyjnych S.A.

superfund.pl

0

The website's overall security posture is currently weak, with critical gaps in privacy compliance, security headers implementation, and incident response readiness. The lack of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to man-in-the-middle attacks and cross-site scripting risks. GDPR compliance is severely lacking, with no privacy policies or cookie consent mechanisms, placing the business at high regulatory and reputational risk, especially as it operates in the EU. The absence of an information security framework and incident response procedures under NIS2 requirements further increases vulnerability to targeted cyberattacks and potential operational disruptions. Email security is moderate but incomplete, increasing the risk of phishing and spoofing. Although SSL/TLS and DNS configurations are relatively stronger, issues like imminent certificate expiration and missing DNSSEC weaken the trust chain. High-risk network exposures, such as an open FTP service, compound the overall risk. Immediate remediation is critical to safeguard customer data, maintain compliance, and protect brand reputation.

D

Die neue Dimension der Geldanlage-Investieren in eine digitale Zukunft

superfund.de

0

The website's security posture is currently weak, with significant deficiencies across multiple critical areas including privacy compliance, email authentication, and security policy frameworks. Critical gaps in GDPR adherence expose the business to regulatory penalties and reputational damage, especially given its EU operations without adequate privacy measures. The absence of key HTTP security headers leaves the site vulnerable to common web-based attacks such as clickjacking, content injection, and cross-site scripting. Email infrastructure lacks essential authentication mechanisms, increasing risks of phishing and email spoofing. Additionally, missing incident response and security documentation undermines the organization’s ability to detect, respond to, and recover from security incidents effectively. While SSL/TLS and DNS configurations are relatively stronger, urgent attention is needed to enable HSTS and extend certificate validity. Overall, this assessment reveals a pressing need to implement foundational security controls and compliance policies to safeguard the business and its customers. Failure to address these issues promptly could result in severe operational, financial, and legal consequences.

D

Die neue Dimension der Geldanlage-Investieren in eine digitale Zukunft

superfund.at

0

The website's security posture is currently weak, with critical and high severity issues impacting key areas such as privacy compliance, security headers, and information security management. Notably, the absence of essential security headers like Strict-Transport-Security and Content-Security-Policy leaves the site vulnerable to man-in-the-middle attacks, clickjacking, and cross-site scripting. GDPR compliance is critically lacking, with no privacy or cookie policies and no consent mechanisms, exposing the business to regulatory fines and reputational damage. Furthermore, the lack of a formal information security framework, incident response procedures, and security policy documentation undermines the organization's ability to manage and respond to cyber threats effectively. While email security, SSL/TLS, DNS health, and network security score moderately well, imminent SSL certificate expiration and missing DNSSEC are concerns. Overall, urgent remediation is required to reduce legal, operational, and cybersecurity risks. Implementing prioritized controls will strengthen defenses, ensure regulatory compliance, and protect customer trust.