Security Directory

K

KONE Corporation

kone.com

0

The website's current security posture presents significant risks that could severely impact the business's reputation, compliance status, and operational integrity. Critical vulnerabilities such as the absence of HTTPS encryption expose user data to interception and undermine trust. High-severity gaps in GDPR compliance, including the lack of privacy and cookie policies and no cookie consent mechanism, put the organization at risk of regulatory penalties and legal challenges. Key NIS2-related deficiencies, such as missing information security frameworks, incident response plans, and security policy documentation, indicate a lack of maturity in cybersecurity governance. Although email and network security scores are strong, the overall security hygiene is compromised by missing critical security headers and DNS protections. Immediate remediation is necessary to safeguard customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will not only mitigate risks but also enhance customer confidence and reduce potential financial liabilities.

J

Just a moment...

3dconnexion.com

0

The website's overall security posture is currently weak, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory fines, and reputational damage. Most notably, the absence of HTTPS encryption is a severe flaw, undermining all data transmissions and violating GDPR and NIS2 compliance requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing the risk of man-in-the-middle attacks and cross-site scripting. GDPR compliance is poor due to missing privacy and cookie policies and the lack of a consent banner, risking legal penalties. The organization also lacks fundamental information security frameworks, policies, and incident response procedures, indicating immature security governance. However, email security and network security show relatively strong postures, which is a positive foundation to build upon. Immediate remediation is critical to prevent exploitation and align with regulatory mandates. Investing in HTTPS encryption and comprehensive security policies will deliver the highest immediate business value by reducing risk and improving customer trust.

The website exhibits critical security vulnerabilities primarily due to the absence of HTTPS encryption, severely impacting data confidentiality and trustworthiness. Compliance with GDPR is notably poor, with missing cookie consent banners and potentially non-compliant privacy policies, exposing the business to regulatory fines and reputational damage. The NIS2 framework-related deficiencies indicate a lack of formalized security policies, incident response plans, and vulnerability disclosure processes, increasing operational risk and reducing resilience against cyber threats. While network and email security postures are strong, these strengths do not compensate for fundamental issues in encryption and governance. Low-severity issues like weak referrer-policy headers and caching of sensitive data should be addressed to minimize attack surface. Overall, the security posture is inadequate for protecting customer data and ensuring regulatory compliance, necessitating immediate remediation. Prioritizing encryption and governance frameworks will significantly enhance business security and stakeholder confidence.

K

KeeSystem

keesystem.com

0

The website's overall security posture is critically weak, exposing it to significant risks including data breaches, regulatory penalties, and service disruptions. The absence of HTTPS encryption is a fundamental flaw, compromising data confidentiality and user trust. Key security headers are missing or misconfigured, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking legal consequences and reputational damage. Network security is inadequate with critical services like MySQL and FTP exposed publicly, heightening the risk of unauthorized access. Incident response and information security frameworks are either absent or insufficient, limiting the organization’s ability to detect and respond to threats. Email security measures such as DMARC and DKIM are partially implemented but need strengthening to prevent phishing and spoofing. Immediate remediation is essential to safeguard business operations, comply with regulations, and maintain customer trust.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

The website demonstrates a generally moderate security posture but contains one critical vulnerability that requires immediate attention. The absence of HTTPS encryption severely compromises data confidentiality and integrity, exposing users and the business to interception and man-in-the-middle attacks. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, and incomplete email security configurations increase regulatory and reputational risks. DNS security is adequate but can be improved by enabling DNSSEC and configuring CAA records. Encouragingly, network security measures are robust, scoring 100/100. Overall, while foundational defenses exist, the critical SSL/TLS weakness and compliance gaps pose significant threats to business continuity and customer trust. Addressing these issues promptly will strengthen security posture and regulatory compliance, protecting both business assets and customer data.

F

Family Office Exchange

familyoffice.com

0

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing user data and communications to interception and manipulation. Significant compliance gaps exist, particularly with GDPR and NIS2 directives, risking legal penalties and reputational damage. Security headers are inadequately configured, leaving the site vulnerable to common web-based attacks such as cross-site scripting. While email security and network security are strong, foundational elements like incident response, security policies, and vulnerability disclosure frameworks are missing, undermining the organization's ability to detect, respond to, and mitigate threats effectively. DNS security is moderate but could be improved to reduce risks of DNS spoofing and related attacks. The absence of cookie management controls and transparency further increases regulatory non-compliance risk. Immediate remediation is essential to protect business continuity, customer trust, and regulatory standing.

The website's security posture is currently weak and exposes the business to significant risks, primarily due to the lack of HTTPS encryption and critical security headers. Absence of HTTPS not only undermines data confidentiality and integrity but also violates GDPR and NIS2 compliance requirements, risking legal penalties and loss of customer trust. Key security controls such as Content-Security-Policy and X-Frame-Options headers are missing, increasing vulnerability to cross-site scripting and clickjacking attacks. The website also lacks essential GDPR compliance elements including a cookie policy and consent mechanisms, exposing the business to regulatory fines. Incident response, information security frameworks, and security policy documentation are absent, which can hamper timely detection and mitigation of security incidents. While email security and network security have relatively strong scores, foundational web security and compliance gaps are critical and require immediate attention. Improving these areas will protect customer data, enhance trust, and reduce potential financial and reputational damage.

R

RMConsulting

rmconsulting.be

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Most notably, the absence of HTTPS encryption is a severe vulnerability affecting data confidentiality and integrity, violating GDPR and NIS2 compliance requirements. Key security headers are missing, increasing the risk of cross-site scripting (XSS) and clickjacking attacks. The lack of security policies, incident response plans, and business continuity strategies demonstrates immature cybersecurity governance. GDPR compliance is insufficient, notably missing a cookie consent banner and proper privacy documentation, which could lead to legal penalties. Exposed high-risk services like FTP increase the attack surface. While email security and DNS health are relatively strong, they do not compensate for foundational weaknesses. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and meet regulatory obligations.

B

Bentley Systems

legion.com

0

The website's security posture is currently weak and exposes the business to significant risks, notably due to lack of HTTPS encryption, absence of key GDPR compliance elements, and deficient information security governance. Critical vulnerabilities, including no HTTPS, missing privacy and cookie policies, and absence of incident response procedures, pose threats to data confidentiality, regulatory compliance, and customer trust. While network security and email security configurations are strong, foundational protections such as security headers and DNS configurations require improvement. The lack of GDPR-related policies and consent mechanisms increases legal and reputational risks, particularly in data privacy jurisdictions. Additionally, missing security framework documentation and vulnerability disclosure policies hinder the organization’s ability to manage and respond to cyber incidents effectively. Overall, urgent remediation is needed to protect sensitive information, meet compliance obligations, and safeguard business continuity. Immediate attention to encryption, policy development, and security controls will significantly reduce risk exposure.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

S

Stéphane-Alexandre Dani

art-dani.com

0

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputation damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all data confidentiality and integrity guarantees. Key security headers like Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options are missing, increasing the risk of web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements including Privacy Policy, Cookie Policy, and consent mechanisms places the company at risk for legal penalties and customer trust erosion. Additionally, the absence of foundational NIS2 security governance documents such as incident response and security policies further weakens organizational readiness against cyber threats. While network security and DNS health show relatively strong posture, critical gaps in SSL/TLS and email security remain. Immediate action is required to remediate these high and critical issues to protect customer data, comply with regulations, and maintain business continuity.

The website's overall security posture is currently weak and exposes the business to significant risks, particularly due to the absence of HTTPS encryption, which is classified as critical. The lack of essential security headers such as Content-Security-Policy and missing GDPR compliance elements like privacy and cookie policies further exacerbates vulnerability and regulatory exposure. Additionally, the site lacks foundational NIS2 cybersecurity framework elements, including incident response procedures and security policy documentation, indicating immature security governance. While network security and email security scores are strong, these strengths do not mitigate the critical risks posed by missing encryption and compliance controls. The absence of GDPR-required consent mechanisms could lead to legal penalties and reputational damage. Overall, urgent remediation is needed to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Without addressing these critical issues, the business remains exposed to data breaches, regulatory fines, and customer trust erosion.

F

FITT

interplast.mc

0

The website's security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Notably, the absence of HTTPS encryption is a critical vulnerability that jeopardizes all data in transit and severely undermines user trust. Key security headers are largely missing, increasing the risk of cross-site scripting, clickjacking, and content injection attacks. Additionally, the lack of GDPR compliance elements such as privacy policies and cookie consent exposes the business to potential legal penalties. The absence of a formal information security framework, incident response procedures, and security policies indicates immature security governance. Email security mechanisms like DMARC and DKIM are weak or missing, raising the risk of phishing and email spoofing. While DNS and network security show some strengths, critical gaps remain, such as the exposure of SSH services. Immediate remediation is required to protect sensitive data, comply with regulations, and maintain customer trust.

I

InfraOpS

infraops.fr

0

The website's security posture is critically weak, exposing the business to significant risk both technically and legally. The absence of HTTPS encryption and critical security headers like Strict-Transport-Security and Content-Security-Policy leaves user data vulnerable to interception and attacks such as man-in-the-middle and clickjacking. Moreover, the lack of GDPR compliance measures including privacy and cookie policies, as well as consent mechanisms, exposes the business to regulatory penalties, especially given the EU presence. The missing NIS2 security framework and incident response plans indicate inadequate preparedness for cyber incidents, increasing downtime and reputational damage risks. Email security weaknesses, such as missing DMARC and DKIM records, heighten the risk of email spoofing and phishing attacks targeting customers and partners. DNS health is moderate but could be improved with DNSSEC to prevent DNS attacks. Although network security posture is strong, this does not compensate for the critical gaps in web security and compliance. Immediate remediation is essential to protect customer trust, ensure regulatory compliance, and safeguard business continuity.

The website exhibits a severely compromised security posture with multiple critical vulnerabilities that expose it to significant risks, including data breaches, service disruption, and regulatory penalties. The absence of HTTPS encryption is a critical flaw impacting data confidentiality and user trust. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, MIME sniffing, and cross-site scripting. Compliance gaps with GDPR and NIS2 frameworks pose legal and operational risks, especially due to missing privacy policies and incident response procedures. Exposure of critical backend services like MySQL and PostgreSQL to the internet further elevates the risk of unauthorized access and data theft. Although email security and DNS health show relatively better scores, these strengths are overshadowed by critical network and application layer weaknesses. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and avoid regulatory sanctions. Overall, urgent investment in security infrastructure and governance is required to stabilize the environment and reduce business risk.

E

Eurimpex MDD

eurimpexmdd.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting data confidentiality and integrity, highlighted as a critical issue across multiple frameworks (GDPR, NIS2, SSL/TLS). Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing the risk of cross-site scripting and clickjacking attacks. There is a complete lack of privacy and cookie policies, which not only undermines user trust but also violates GDPR requirements, potentially resulting in heavy fines. The security governance framework is also deficient, with no documented incident response, security policies, or vulnerability disclosure processes, leaving the business ill-prepared for cyber incidents. Email security is partially implemented but lacks essential authentication mechanisms, increasing the risk of phishing and spoofing. DNS and network security are relatively stronger areas but cannot compensate for the critical gaps elsewhere. Immediate remediation is required to protect customer data, ensure compliance, and safeguard business continuity.

The website's overall security posture exhibits significant vulnerabilities primarily due to the absence of HTTPS encryption, which poses a critical risk to data confidentiality and user trust. Key compliance failures with GDPR and NIS2 regulations, including missing privacy and cookie policies, consent mechanisms, and security framework documentation, expose the business to regulatory penalties and reputational damage. While network and email security appear robust, critical security headers are either missing or weakly configured, increasing the risk of cross-site scripting and clickjacking attacks. The lack of vulnerability disclosure and incident response policies further limits the organization’s ability to manage and remediate security incidents effectively. DNS security settings are partially implemented but could be strengthened to prevent domain-related attacks. Immediate remediation is required to secure communication channels and ensure compliance, thereby protecting customer data and maintaining business continuity. Addressing these issues will enhance trust, reduce legal exposure, and improve resilience against cyber threats.

V

VolkerRail

volkerrail.nl

0

The website exhibits critical vulnerabilities that severely impact its security posture, notably the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust. Compliance with GDPR is critically deficient, with missing privacy measures, cookie consent, and policy elements, risking significant legal and financial penalties for operating as an EU business without proper safeguards. The lack of an information security framework, incident response procedures, and security policies further amplifies operational risks and regulatory non-compliance under NIS2 requirements. While network security and email security show strengths, foundational issues such as weak security headers and DNS security gaps must be addressed to prevent exploitation. Overall, the site is at high risk of data breaches, legal repercussions, and reputational damage unless urgent remediation occurs. Immediate focus on encryption, privacy compliance, and security governance is essential to protect business interests and customer trust. The current security posture scores indicate critical gaps in GDPR, NIS2, and SSL/TLS domains that require rapid attention. Addressing these will significantly improve compliance, resilience, and stakeholder confidence.

4

403 Forbidden

carredor-monaco.com

0

The website's current security posture is critically weak, exposing the business to significant operational, compliance, and reputational risks. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and trust, violating GDPR and NIS2 mandates. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, XSS, and content injection. The lack of privacy and cookie policies, along with missing consent mechanisms, puts the business at risk of regulatory penalties under data protection laws. There is no formal information security framework, incident response, or business continuity planning, which impairs the organization's ability to effectively manage and recover from cyber incidents. While network security and email security show some strengths, the overall environment lacks foundational protections. Immediate remediation is needed to secure communications, comply with legal requirements, and establish governance around cybersecurity. Failure to address these issues promptly could lead to data breaches, legal fines, loss of customer trust, and business disruption.

A

AFRY

afconsult.com

0

The website's overall security posture is currently inadequate, exposing the business to significant risks related to data protection, regulatory compliance, and potential cyberattacks. The absence of HTTPS encryption is a critical vulnerability that compromises data confidentiality and integrity, severely undermining user trust and legal compliance, especially under GDPR and NIS2 frameworks. Key regulatory compliance gaps include missing privacy and cookie policies and the lack of a cookie consent mechanism, which can lead to legal penalties and reputational damage. Security governance is weak, with no documented information security or incident response policies, indicating poor preparedness for cyber incidents. While some foundational network security controls are in place, critical header configurations and missing Content-Security-Policy headers leave the website susceptible to common web attacks. DNS health is moderately good but can be improved by enabling DNSSEC to prevent DNS spoofing. Email security measures are strong, indicating some security awareness. Immediate remediation is essential to protect customer data, maintain trust, and comply with regulatory mandates.

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Key deficiencies include the absence of HTTPS encryption, missing essential security headers, and exposed critical network services such as MySQL, FTP, and RDP, which are prime targets for attackers. GDPR compliance is severely lacking due to missing privacy and cookie policies, as well as the absence of a cookie consent mechanism, risking legal penalties and reputational damage. The lack of a formal information security framework, incident response plans, and business continuity procedures further exacerbates vulnerability to cyber incidents and operational outages. While email security and DNS health show relatively better scores, critical gaps in SSL/TLS and network security overshadow these strengths. Immediate remediation is imperative to safeguard sensitive data, ensure compliance with regulations like GDPR and NIS2, and maintain customer trust. Without urgent action, the business faces increased likelihood of cyberattacks, regulatory fines, and erosion of stakeholder confidence.

The website's security posture presents significant risks that could impact business operations and customer trust. The absence of HTTPS encryption represents a critical vulnerability, exposing data in transit and potentially leading to data breaches or compliance failures. Additionally, the exposure of a high-risk FTP service increases the attack surface and could allow unauthorized access. Medium-level issues such as missing security headers, lack of DNSSEC, and incomplete email security configurations further weaken defenses against common threats. GDPR and NIS2 compliance failures indicate potential regulatory risks, which could result in legal penalties and reputational damage. While email security and DNS health scores are moderate, improvements are necessary to enhance overall protection. Immediate remediation is essential to secure sensitive data, maintain regulatory compliance, and protect brand reputation. Overall, the site requires prioritized security enhancements to mitigate critical vulnerabilities and align with best practices.

B

Best Western Plus Casino Royale Hotel

casinoroyalehotel.com

0

The website's overall security posture is critically weak, with multiple high and critical severity issues posing significant risks to business operations and compliance. The absence of HTTPS encryption represents an immediate threat to data confidentiality and integrity, undermining user trust and exposing sensitive information to interception. Key security headers are missing, leaving the site vulnerable to common web attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. GDPR compliance is severely lacking, increasing regulatory and legal risks due to missing cookie policies, consent mechanisms, and privacy safeguards. The lack of an established information security framework, incident response procedures, and business continuity plans further exacerbates operational risks under the NIS2 directive. While network security and email security show some strengths, critical gaps in SSL/TLS implementation and DNS security reduce overall trustworthiness. Urgent remediation is required to protect user data, ensure regulatory compliance, and maintain business continuity in the face of evolving cyber threats.

E

Engeco Engenharia e Construção LTDA

engeco.com.br

0

The website's overall security posture is critically weak, with multiple high and critical severity issues spanning encryption, compliance, and network exposure. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a fundamental risk. Key security headers that protect against common web attacks are missing, increasing vulnerability to clickjacking, MIME sniffing, and cross-site scripting. Compliance deficiencies, particularly with GDPR and NIS2 regulations, pose significant legal and reputational risks due to missing privacy policies, cookie consent, and documented security policies. Network services such as FTP and MySQL are exposed without adequate controls, presenting easy attack vectors for unauthorized access. While email security and DNS health show relatively better scores, critical gaps in vulnerability disclosure, incident response, and business continuity planning further weaken organizational resilience. Immediate attention is required to establish a secure baseline, ensure regulatory compliance, and protect customer data to maintain trust and avoid costly breaches.

S

SCC

scc.com

0

The website's overall security posture is currently inadequate, with critical deficiencies that expose the business to significant risks. The absence of HTTPS encryption represents a severe vulnerability, impacting data confidentiality, user trust, and regulatory compliance. Furthermore, the lack of a privacy policy, cookie policy, and consent mechanisms places the business at high risk of GDPR non-compliance, potentially resulting in regulatory penalties and reputational damage. The site also lacks foundational information security governance elements such as security policies, incident response procedures, and business continuity planning, severely weakening its resilience to cyber threats. While network and email security show strong performance, critical gaps in encryption and legal compliance overshadow these strengths. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and comply with relevant regulations such as GDPR and NIS2. Addressing these issues will significantly reduce legal liabilities and enhance overall cyber defense capabilities.

The website's security posture shows significant concerns, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. While network security measures are strong, critical gaps exist in foundational protections such as security headers and DNS configurations. Medium-level issues with GDPR and NIS2 compliance indicate potential legal and regulatory risks that could lead to penalties or reputational damage. Email security is relatively strong, but complex SPF records could cause deliverability issues. DNS health is moderate but can be improved by enabling DNSSEC and configuring CAA records to prevent unauthorized certificate issuance. Addressing these issues will enhance data confidentiality, integrity, and compliance, reducing the risk of breaches and regulatory fines. Immediate remediation of the critical HTTPS deficiency should be the top priority to safeguard customer trust and business continuity.

F

Fastway Global Ltd

fastway.org

0

The website's overall security posture is critically weak, with multiple serious vulnerabilities exposing the business to significant risks, including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is the most severe issue, exposing communications to interception and violating GDPR and NIS2 regulations. Critical security headers are missing, increasing susceptibility to various web attacks such as clickjacking, XSS, and content injection. The lack of GDPR compliance elements, including cookie policies and consent mechanisms, presents a high legal and reputational risk. Network security is compromised by exposing high-risk services like FTP and SSH without adequate controls. Additionally, the absence of documented information security frameworks, incident response, and business continuity plans reflects poor organizational preparedness. While email and DNS configurations show moderate strength, they are insufficient to compensate for the critical gaps. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity.

N

Namebay

namebay.com

0

The website's security posture is currently inadequate, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Additionally, missing GDPR compliance elements such as privacy and cookie policies, along with a lack of consent mechanisms, expose the business to legal penalties and customer trust erosion. Security governance is weak, with no documented incident response, security policies, or vulnerability disclosure processes, increasing the risk of unmanaged security incidents. Security headers are partially implemented but lack essential protections against common web attacks. Network-level controls are strong, but this does not offset the critical application-layer and compliance deficiencies. Immediate remediation is required to safeguard customer data and meet regulatory requirements. Without prompt action, the business faces heightened operational and legal risks.

P

perseusmirrors.com

perseusmirrors.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe vulnerability, compromising all data transmission and violating GDPR and NIS2 requirements. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and data leakage. The lack of GDPR compliance elements like privacy and cookie policies, as well as consent mechanisms, further exposes the company to legal penalties. Email security is insufficient due to missing SPF, DKIM, and overall email authentication, heightening the risk of phishing and spoofing attacks. Organizational security governance is inadequate, with no documented security or incident response policies, which undermines preparedness for cybersecurity incidents. DNS and network security show relatively better maturity but are insufficient to mitigate the critical gaps elsewhere. Immediate remediation is required to protect sensitive data, ensure regulatory compliance, and safeguard customer trust.

The website's overall security posture is critically weak, with multiple critical and high-severity issues identified. Most notably, the absence of HTTPS encryption exposes all data transfers to interception and manipulation, severely undermining user trust and regulatory compliance. The lack of essential security headers and privacy policies increases vulnerability to attacks such as clickjacking, cross-site scripting, and data leakage. Compliance with GDPR and NIS2 is significantly deficient, risking substantial legal and financial penalties. While email and network security aspects show relative strength, foundational security controls are missing or poorly implemented. This leaves the organization exposed to cyber threats, reputational damage, and operational disruption. Immediate remediation is vital to protect customer data, maintain business continuity, and meet regulatory requirements. Without rapid improvements, the business faces increased risk from cyber incidents and compliance failures.

H

Hays PLC

hays.com

0

The website's overall security posture is critically weak, primarily due to the complete absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Compliance with GDPR and NIS2 regulations is severely lacking, risking significant legal and financial penalties, especially given the missing cookie policy, consent mechanisms, and absence of key security governance documents. While network security and email security show strong implementation, fundamental weaknesses in security headers and encryption overshadow these strengths. The lack of an incident response plan and vulnerability disclosure policy further increases the risk of prolonged breaches and reputational damage. DNS security is moderately good but can be enhanced by enabling DNSSEC to protect against DNS spoofing attacks. Immediate remediation is essential to protect user data, maintain customer trust, and ensure regulatory compliance. Without urgent action, the business faces increased exposure to cyber threats and potential regulatory sanctions.

I

Icon Connect

iconconnect.com

0

The website's overall security posture is critically weak, with significant gaps in foundational security controls and compliance requirements. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining user trust. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. Compliance with GDPR is poor, lacking a cookie policy, consent mechanisms, and sufficient privacy disclosures, exposing the business to regulatory penalties. The NIS2 directive requirements are largely unmet, with no documented security frameworks, incident response plans, or business continuity strategies. While email security and network posture are relatively strong, these do not compensate for the critical web and compliance deficiencies. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain customer confidence. Without urgent action, the business faces heightened cyber risk, legal exposure, and reputational damage.

M

Monaco Mediax

tvfestival.com

0

The website’s security posture is currently poor, with multiple critical and high-risk vulnerabilities that expose the business to significant cyber threats and compliance violations. The absence of HTTPS encryption is a critical and immediate risk, compromising data confidentiality and integrity, and violating GDPR and NIS2 regulatory requirements. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of privacy and cookie policies, as well as the absence of a cookie consent banner, places the business at risk of GDPR non-compliance and potential legal penalties. Additionally, the organization has not implemented essential information security frameworks, policies, or incident response procedures, weakening its ability to manage and recover from security incidents. Although email security and network security postures are relatively strong, gaps in DNS security and policy documentation remain. Immediate remediation is necessary to protect customer data, maintain trust, and comply with regulatory mandates, thereby safeguarding the business’s reputation and operational continuity.

F

Fabi AS

fabi.no

0

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk. The absence of HTTPS encryption is a critical failure, undermining data confidentiality and user trust, and violating key regulatory requirements such as GDPR and NIS2. There is a lack of foundational security policies and procedures, including incident response, security framework, and vulnerability disclosure, which impairs the organization's ability to detect and respond to threats. Privacy compliance is inadequate, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Security headers are poorly implemented, increasing exposure to common web attacks like clickjacking and cross-site scripting. Email security is incomplete, lacking enforcement of DMARC and missing DKIM records, increasing the risk of phishing and domain spoofing. DNS security is moderately strong but can be improved. Network security posture is good, indicating some positive controls in place. Immediate remediation is essential to protect sensitive data, comply with regulations, and maintain customer trust.

H

HP

design4rent.com

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruption. The absence of HTTPS encryption is a critical vulnerability that compromises data confidentiality and integrity, potentially leading to customer trust erosion and legal penalties. Key security headers are missing, increasing susceptibility to common web attacks such as cross-site scripting and clickjacking. The lack of GDPR compliance elements, including privacy policies and cookie consent, presents severe regulatory risks with potential fines. There is no evidence of a security framework, incident response plan, or vulnerability disclosure process, indicating immature security governance. The exposure of high-risk services like FTP further elevates the threat profile. Although email security scores well, foundational network and application security controls require urgent improvement to protect business assets and customer data effectively. Overall, immediate remediation is essential to safeguard both operational continuity and reputation.

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is the most severe vulnerability, risking data interception and undermining customer trust. Missing fundamental security headers further exposes the platform to common web attacks such as clickjacking, cross-site scripting, and content injection. Non-compliance with GDPR, especially lacking cookie policies and consent mechanisms, increases legal and financial liabilities. The exposure of critical services like MySQL and FTP without adequate protections heightens the risk of unauthorized access and data loss. Additionally, the lack of documented security policies, incident response plans, and business continuity strategies indicates poor preparedness for cyber incidents. While email security scores well, network security and governance frameworks are significantly lacking, undermining overall resilience. Immediate remediation is essential to protect business reputation, customer data, and ensure regulatory compliance.

C

Crédit Agricole

credit-agricole.com

0

The website exhibits serious security deficiencies, particularly the complete absence of HTTPS encryption, which critically exposes data in transit and undermines user trust. Compliance with GDPR and NIS2 regulations is severely lacking, with missing cookie policies, consent mechanisms, and essential security governance documentation, posing significant legal and operational risks. While network security and email security demonstrate relatively strong postures, foundational issues around encryption and policy frameworks significantly elevate the organization's exposure to data breaches and regulatory penalties. Security headers and DNS configurations are suboptimal but less urgent relative to the critical gaps. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and uphold the organization's reputation. Without urgent action, the business remains vulnerable to interception, data leakage, and potential loss of customer confidence. Prioritizing HTTPS implementation alongside privacy and incident response policies will substantially improve the security stance. Overall, the current posture demands urgent attention to align with industry best practices and regulatory mandates.

I

International Superyacht Society

superyachtsociety.org

0

The website’s security posture is currently inadequate and exposes the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and integrity of user data, severely undermining trust and violating GDPR and NIS2 requirements. Key security headers that mitigate common web attacks are largely missing, leaving the site vulnerable to clickjacking, content injection, and cross-site scripting exploits. Additionally, the lack of privacy and cookie policies, along with no cookie consent mechanism, poses serious compliance risks with GDPR regulations, potentially leading to legal penalties. The organization also lacks essential security governance components such as incident response procedures, security policies, and business continuity plans, which are vital for operational resilience. While some areas like DNS health and network security show moderate strength, critical gaps in email authentication and SSL/TLS further increase exposure to phishing and man-in-the-middle attacks. Immediate remediation is necessary to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Without swift action, the business risks financial loss, legal consequences, and damage to brand reputation.

I

IQVIA

imshealth.com

0

The website's security posture currently exhibits significant vulnerabilities that pose notable risks to business operations and customer trust. Most critically, the absence of HTTPS encryption exposes all data transmissions to interception and manipulation, violating GDPR and NIS2 compliance requirements and potentially leading to regulatory penalties. The lack of fundamental privacy policies and cookie consent mechanisms further threatens legal compliance and customer confidence. Additionally, missing core security governance elements such as incident response, security policies, and vulnerability disclosure indicate a weak security management framework. While network and email security show strengths, critical gaps in web security headers and DNS configurations leave attack surfaces open. Immediate remediation is essential to prevent data breaches, reputational damage, and compliance failures. Overall, the website needs a prioritized security overhaul to align with industry standards and regulatory mandates.

The website's security posture is critically insufficient, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting confidentiality and trust. Key security headers that protect against common web attacks are missing, increasing the risk of cross-site scripting and content injection. Compliance with GDPR and NIS2 regulations is lacking, with no privacy policies, cookie consent mechanisms, or incident response procedures documented. Email security and DNS health show moderate maturity but require improvements to prevent spoofing and domain hijacking. Although network security appears strong, it cannot compensate for critical deficiencies in application-layer and regulatory security controls. Immediate remediation is essential to protect customer data, ensure legal compliance, and maintain business continuity.

The website's overall security posture is critically weak, with multiple high and critical severity issues that expose the business to significant data breaches, regulatory non-compliance, and operational risks. The absence of HTTPS encryption is a critical vulnerability that jeopardizes data confidentiality and integrity, directly violating GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to common web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of privacy and cookie policies, along with no cookie consent mechanism, further amplifies compliance risks and potential legal penalties. Organizational security governance is insufficient, with no documented security or incident response policies, which could delay or complicate breach mitigation. Email security and network security are relatively strong, but they cannot compensate for the critical web and compliance vulnerabilities. Immediate remediation is essential to protect customer data, maintain trust, and avoid regulatory fines. Overall, the site requires urgent security improvements and governance enhancements to meet industry best practices and legal mandates.

The website's security posture is currently poor and exposes the business to significant risks, including data breaches, regulatory non-compliance, and operational disruptions. Critical vulnerabilities such as the complete lack of HTTPS encryption and exposure of critical services like MySQL and FTP pose immediate threats to data confidentiality and integrity. Missing key security headers and policies increase the likelihood of web-based attacks such as clickjacking, content injection, and cross-site scripting. Additionally, the absence of GDPR compliance elements like privacy policies and cookie consent can lead to regulatory penalties and damage to brand reputation. The lack of defined information security frameworks, incident response, and business continuity planning further exacerbates the organization's exposure to cyber threats and slows recovery from incidents. Email security and DNS configurations are moderately strong but require improvements to align with best practices. Overall, urgent remediation is required across infrastructure, compliance, and web application security to protect business assets and customer trust.

V

Valeo

valeo.com

0

The website's overall security posture is currently poor, with critical deficiencies severely impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical risk, exposing all data in transit to interception and undermining user trust. The site lacks essential GDPR compliance elements, including a privacy policy and cookie consent mechanisms, increasing legal exposure. Furthermore, there is no evidence of adherence to the NIS2 directive, with missing information security frameworks, incident response plans, and security policies. While email and network security scores are strong, foundational web security controls like Content-Security-Policy headers are missing or weak. DNS health is moderately good but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is required to protect customer data, comply with regulations, and mitigate reputational and financial risks. Without urgent action, the business risks significant security incidents and regulatory penalties.

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, undermining data confidentiality and integrity across all communications. Multiple missing security headers further increase vulnerability to common web attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of GDPR compliance components such as privacy policies, cookie policies, and consent mechanisms exposes the business to legal penalties and erodes customer trust. Additionally, there is no evidence of adherence to the NIS2 cybersecurity directive, with critical gaps in incident response, security policies, and business continuity planning. Email security is insufficient, lacking proper authentication configurations which increase the risk of phishing and spoofing attacks. Although network security and DNS health are relatively strong, these alone do not mitigate the critical weaknesses present. Immediate remediation is required to protect sensitive customer data, maintain regulatory compliance, and safeguard the company’s brand reputation.

S

Sophia Business Angels

sophiabusinessangels.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability impacting user data confidentiality and trust. Key security headers are missing, increasing exposure to common web attacks such as clickjacking, cross-site scripting (XSS), and content injection. The site also lacks essential GDPR compliance elements like privacy policies and cookie consent, risking substantial legal penalties. Organizational security governance under NIS2 directives is severely lacking with no incident response, security policies, or information security framework in place. While email security and DNS health show moderate strengths, they are insufficient to mitigate the broader critical deficiencies. Immediate remediation is required to protect customer data, meet regulatory requirements, and maintain business continuity. Without urgent improvements, the business faces heightened risk of cyber incidents and regulatory sanctions.

The website's overall security posture is currently weak, with critical deficiencies in encryption, compliance, and security governance. The absence of HTTPS encryption represents a critical risk, exposing data in transit to interception and undermining user trust. Key GDPR compliance elements such as cookie policies and consent mechanisms are missing, putting the organization at risk of regulatory penalties. Security headers are inconsistently implemented, leaving the site vulnerable to common web attacks. Additionally, foundational security frameworks, incident response procedures, and business continuity planning are lacking, which could impair the organization's ability to detect, respond to, and recover from security incidents. While email security and network security perform well, these strengths do not offset the critical vulnerabilities present. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and preserve brand reputation. Investing in security governance and encryption will yield the highest business value and risk reduction.

M

Merkle

merkleinc.com

0

The website exhibits a poor overall security posture with critical vulnerabilities that expose it to significant risks. The absence of HTTPS encryption is the most alarming issue, affecting GDPR compliance, NIS2 regulations, and user data confidentiality. Key security headers are missing, increasing susceptibility to common web attacks such as cross-site scripting and data leakage. The lack of essential GDPR components, including a cookie consent banner and compliant privacy policy, poses legal and reputational risks. Organizational security maturity is low, with no documented security policies, incident response plans, or vulnerability disclosure processes, indicating weak governance. Email security is moderate but requires improvements to prevent phishing and spoofing attacks. DNS security is relatively strong, while network security demonstrates a good posture. Immediate remediation is needed to protect sensitive data, comply with regulations, and maintain customer trust.

The website's overall security posture is critically weak, with multiple high and critical severity issues identified across core security domains. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and MIME-sniffing. Compliance with privacy regulations is inadequate, lacking essential policies and consent mechanisms, which could lead to legal repercussions and loss of customer trust. The organization also lacks fundamental information security governance, including incident response, security policies, and vulnerability disclosure, increasing exposure to breaches and operational disruptions. While network security and email security are relatively stronger, DNS and SSL/TLS configurations are incomplete. Immediate remediation is vital to protect customer data, maintain regulatory compliance, and preserve brand reputation.

A

APM Monaco

apm.mc

0

The website's overall security posture is currently weak, with critical vulnerabilities severely impacting confidentiality and compliance. The absence of HTTPS encryption is a critical failure affecting GDPR, NIS2, and SSL/TLS compliance, exposing all data in transit to interception and undermining customer trust. Governance issues are apparent, with no documented security or incident response policies and missing GDPR-required cookie policies and consent mechanisms. While network security and DNS health show strengths, critical gaps in email security enforcement and security headers remain. The poor NIS2 and GDPR compliance scores highlight significant regulatory risk, potentially leading to legal penalties and reputational damage. Addressing these issues is urgent to protect customer data, ensure business continuity, and maintain regulatory compliance. The current state exposes the business to data breaches, legal fines, and loss of customer confidence. Immediate remediation efforts on encryption, policies, and user privacy controls are imperative to improve security posture and business resilience.