Security Directory

The website's overall security posture reveals a critical vulnerability due to the absence of HTTPS encryption, exposing all data transmissions to interception and manipulation. Medium-level concerns include missing essential security headers, non-compliance with GDPR and NIS2 requirements, and lack of DNSSEC, which together increase the risk of data breaches, regulatory penalties, and domain hijacking. While email security and network security are strong, foundational web security controls require urgent enhancement. Failure to address these risks could lead to loss of customer trust, legal liabilities, and reputational damage. The lack of HTTPS is particularly alarming as it directly undermines user data confidentiality and site integrity. Improving DNS configurations and implementing proper security headers will further strengthen defenses against common attack vectors. Overall, addressing these issues promptly will solidify the website’s security posture and support compliance with regulatory frameworks, enabling safer business operations and customer interactions.

D

Dexlab.io

dexlab.io

0

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risks, including data breaches, regulatory penalties, and reputational damage. The complete lack of HTTPS encryption is a critical failure impacting user data confidentiality and trust. Missing essential security headers such as Content-Security-Policy and X-Frame-Options further increase exposure to web-based attacks. Non-compliance with GDPR requirements, including absent privacy and cookie policies and consent mechanisms, poses legal and financial risks. The absence of any formal information security framework, incident response, and business continuity planning undermines operational resilience and incident management. While network security and email security show relatively better results, key gaps like missing DKIM records and DNSSEC reduce overall trustworthiness. Immediate remediation is required to protect customer data, meet regulatory obligations, and safeguard business continuity.

The website's security posture is currently critically deficient, exposing the business to significant security, compliance, and reputational risks. The absence of HTTPS encryption is a fundamental vulnerability that jeopardizes data confidentiality and integrity, undermining user trust and violating key regulations such as GDPR and NIS2. Additionally, the lack of critical security headers like Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy further increases the risk of attacks such as clickjacking, cross-site scripting, and man-in-the-middle exploits. Compliance gaps are evident with missing privacy policies, cookie consent mechanisms, and incomplete GDPR documentation, heightening the risk of regulatory penalties. The absence of a formal information security framework, incident response procedures, and business continuity planning signals a lack of preparedness for security incidents. While some network security measures are well implemented, the overall low scores in core areas require urgent remediation to protect business assets and maintain customer trust. Immediate action is necessary to address these critical vulnerabilities and align with industry standards and legal requirements.

H

Hazera

hazera.com

0

The website's overall security posture is currently at significant risk, primarily due to the complete lack of HTTPS encryption, which is critical for protecting data in transit and maintaining user trust. Multiple critical and high-severity issues indicate gaps in compliance with GDPR and NIS2 regulations, including missing privacy and cookie policies, absence of a cookie consent banner, and lack of security documentation and incident response procedures. While email security and network security show strong scores, foundational web security controls such as Content-Security-Policy headers and security frameworks are missing or weak. The absence of HTTPS not only affects security but also business credibility, search engine rankings, and regulatory compliance. Additionally, DNS security enhancements like DNSSEC are not enabled, increasing exposure to DNS-based attacks. The lack of clear privacy policies and consent mechanisms also poses legal and reputational risks. Immediate remediation is essential to safeguard customer data, ensure compliance, and protect the business from cyber threats and regulatory penalties.

W

Wyser

wyser-search.com

0

The website's current security posture is critically weak, with multiple severe vulnerabilities exposing it to significant risk. The absence of HTTPS encryption is a fundamental flaw, affecting data confidentiality and trust, and violates GDPR and NIS2 requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to common web attacks like XSS and protocol downgrade attacks. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory fines and reputational damage. The absence of documented information security frameworks, security policies, and incident response procedures indicates immature organizational security governance. While email security and network security are relatively strong, this does not compensate for the critical gaps in web application and data protection. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and preserve business reputation. Without swift action, the organization risks data breaches, regulatory penalties, and loss of customer trust.

B

Bank of America

ml.com

0

The website's overall security posture is currently at high risk, with multiple critical and high-severity issues identified. The absence of HTTPS encryption is a critical vulnerability that exposes all data transmissions to interception, significantly undermining confidentiality and trust. GDPR compliance is severely lacking, with missing cookie policies and consent mechanisms, which may lead to legal and regulatory penalties. The lack of essential security headers increases the risk of common web attacks such as clickjacking and cross-site scripting. Additionally, the absence of fundamental NIS2 security governance elements, including incident response and security policies, indicates a weak organizational security framework. While DNS and network security are relatively strong, the critical gaps in application-layer security and compliance pose significant business risks. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and preserve brand reputation. Without urgent action, the business faces potential data breaches, regulatory fines, and erosion of customer trust.

S

Sonema

sonema.com

0

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, which exposes all data transmissions to interception and undermines trust and compliance. Multiple critical and high-risk issues span security headers, GDPR compliance, and NIS2 regulatory requirements, indicating significant gaps in both technical controls and governance documentation. The absence of essential headers like Strict-Transport-Security and Content-Security-Policy increases vulnerability to common web attacks such as man-in-the-middle and cross-site scripting. Non-compliance with GDPR and NIS2, including missing privacy policies, cookie consent mechanisms, and incident response procedures, exposes the business to legal risks and potential fines. While network security and DNS health show relatively stronger scores, these cannot compensate for foundational security failures. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and preserve customer trust. Without urgent action, the business faces increased risk of data breaches, legal penalties, and reputational damage. Overall, the current state demands prioritized investment in encryption, policy development, and security hardening.

H

Hallmark

hallmark.com

0

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines compliance with GDPR and NIS2 regulations. While network security and DNS health show relatively strong practices, significant gaps exist in governance, incident response, and data protection policies. Missing GDPR elements such as cookie consent and comprehensive privacy policies put the business at legal and reputational risk. The lack of a security framework and incident response procedures further increases vulnerability to cyberattacks and operational disruptions. Email security configurations are partial but require improvements to prevent phishing and spoofing. Security headers are suboptimal, potentially exposing the site to cross-site scripting and other attacks. Immediate remediation is required to protect customer data, maintain regulatory compliance, and safeguard business continuity.

I

Inside Systems A/S

insidesystems.com

0

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data in transit to interception and manipulation. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. GDPR compliance is severely lacking, with no cookie policy or consent banner, potentially leading to regulatory penalties and loss of customer trust. The absence of an information security framework, incident response procedures, and security policy documentation further exacerbates the organization's vulnerability to cyber threats and operational disruptions. While email and network security are strong, these isolated strengths do not mitigate the critical risks posed by the core deficiencies. The low scores in NIS2 compliance indicate the organization is unprepared to meet mandatory cybersecurity standards, risking legal and financial consequences. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold the company's reputation. Failure to address these issues may result in data breaches, regulatory fines, and significant business disruption.

A

Arcus Consulting LLP

arcus.uk.com

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental flaw impacting data confidentiality and trustworthiness. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is severely lacking, with no privacy policy or cookie consent mechanisms, risking legal penalties and loss of customer trust. The lack of an information security framework, incident response, and business continuity planning indicates unpreparedness for cyber incidents. Email security measures like DMARC and DKIM are insufficient, raising the risk of phishing and spoofing attacks. Exposure of high-risk services like FTP further amplifies vulnerability to unauthorized access. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the business’s reputation.

G

Groupe Banque Richelieu

banquerichelieu.com

0

The website's security posture is currently poor, with multiple critical and high-severity issues significantly increasing business risk. The absence of HTTPS encryption is a critical vulnerability, exposing all data transmissions to interception and undermining customer trust and compliance with regulations. Key security headers are missing, which weakens protection against common web attacks such as clickjacking and cross-site scripting. The lack of GDPR compliance elements like privacy and cookie policies, and consent mechanisms, exposes the business to legal penalties and reputational damage. Additionally, the absence of fundamental NIS2 controls such as incident response procedures, security policies, and a security framework indicates immature security governance. Email authentication mechanisms are partially implemented but need enforcement to reduce phishing risks. DNS security is moderately healthy but could be improved by enabling DNSSEC. Overall, immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard customer trust.

A

AFIMAC Global

afimacglobal.com

0

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. Key deficiencies include the complete lack of HTTPS encryption, absence of essential security headers, and non-compliance with GDPR requirements such as missing cookie policies and consent mechanisms. Furthermore, the organization lacks foundational NIS2 framework elements like incident response procedures and security policy documentation, highlighting immature security governance. While email security and network security show relatively strong scores, critical SSL/TLS and web application security gaps undermine these strengths. Immediate remediation is crucial to protect customer data, ensure regulatory compliance, and maintain trust. Without swift action, the business risks financial loss, legal consequences, and operational disruptions. This assessment clearly indicates the need for urgent investment in web security controls and governance frameworks.

M

Molori Private Collection

molorisafari.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and trust. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, content injection, and MIME-type sniffing. GDPR compliance deficiencies, including lack of privacy and cookie policies, place the company at risk of legal penalties. Additionally, the lack of an information security framework, incident response plan, and vulnerability disclosure policy signals immature security governance. Email security is moderately strong but could be improved. DNS configurations are generally good but could be enhanced with DNSSEC and CAA records. Network security posture is solid but insufficient to compensate for fundamental web security gaps. Immediate remediation is essential to protect customer data, ensure regulatory compliance, and maintain business continuity.

I

InspireME Monte Carlo sarl

inspireme-mc.com

0

The website's security posture is currently poor, with multiple critical and high-severity vulnerabilities that expose the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical flaw that jeopardizes all data in transit, undermining customer trust and violating GDPR and NIS2 regulations. Missing essential security headers like Strict-Transport-Security and Content-Security-Policy further increase exposure to common web attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, risks regulatory penalties and loss of customer confidence. Additionally, inadequate incident response, security policies, and business continuity planning indicate insufficient preparedness for security incidents. The exposure of high-risk services like FTP, which is inherently insecure, amplifies the attack surface. Overall, immediate remediation is needed to protect sensitive customer data, ensure regulatory compliance, and maintain business continuity.

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, which exposes all data in transit to interception and undermines customer trust. Key security headers are missing or misconfigured, increasing vulnerability to clickjacking, cross-site scripting, and data leakage attacks. The absence of GDPR compliance elements such as Privacy and Cookie Policies, along with no consent mechanisms, exposes the business to significant legal and regulatory risks. The NIS2 framework requirements are largely unmet, with no incident response or security policies documented, putting the organization at risk of inadequate breach management and regulatory penalties. While network security is strong, DNS and email configurations have notable gaps, including an unregistered MX record and missing DKIM, which can affect email deliverability and increase phishing risks. The combination of these issues indicates a high likelihood of security incidents and regulatory non-compliance. Immediate remediation is essential to protect customer data, preserve brand reputation, and avoid costly fines.

N

NEOFA

neofa.com

0

The website's security posture is currently poor, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical issues include the complete lack of HTTPS encryption, which undermines all data confidentiality and integrity. The absence of essential security headers and policies leaves the site vulnerable to common web attacks such as clickjacking, cross-site scripting, and content injection. Furthermore, the lack of GDPR compliance elements such as privacy and cookie policies, and missing consent mechanisms, poses legal risks and potential fines. Deficiencies in NIS2 compliance and incident response planning highlight gaps in organizational readiness to address and recover from security incidents. While network security is strong, foundational elements like DNS health and email authentication require improvement to prevent domain spoofing and phishing. Immediate remediation is essential to protect customers, maintain trust, and comply with legal obligations.

M

Magtor

magtor.tech

0

The website's security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption across the site is the most alarming vulnerability, leaving all data transmissions unprotected and potentially interceptable by attackers. Critical gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and essential security documentation, which could result in hefty regulatory penalties. Email systems lack fundamental authentication protocols, increasing the risk of phishing and spoofing attacks that could damage brand trust. The website also exposes high-risk services like FTP, which are known vectors for compromise. Additionally, basic security headers are misconfigured or absent, increasing susceptibility to common web-based attacks. Overall, the current security state undermines customer trust and business continuity. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the company’s digital assets.

A

AppList Media

applistmedia.com

0

The website exhibits a severely deficient security posture with multiple critical vulnerabilities, most notably the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation. The absence of foundational security headers and policies increases susceptibility to common web attacks such as clickjacking, content sniffing, and cross-site scripting. Compliance with GDPR and NIS2 regulations is substantially lacking, risking legal penalties and reputational damage due to missing privacy policies, cookie consent mechanisms, and security governance documentation. Email security mechanisms like DMARC and DKIM are partially implemented but not enforced, increasing phishing risks. While network security and DNS health appear relatively robust, the critical gaps in secure communication and regulatory adherence overshadow these strengths. Immediate remediation is essential to protect customer data, maintain trust, and ensure regulatory compliance. Failure to act promptly could result in data breaches, regulatory fines, and loss of customer confidence.

A

Attention Required! | Cloudflare

montecarlosbm.com

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising all data in transit and violating GDPR and NIS2 requirements. Key security headers are missing, which increases susceptibility to common web attacks such as XSS and content injection. The lack of privacy and cookie policies and absence of consent mechanisms creates legal exposure under GDPR regulations. Additionally, the organization lacks fundamental information security frameworks, incident response plans, and vulnerability disclosure policies, indicating immature security governance. Email security is relatively stronger, but incomplete DMARC enforcement leaves phishing risks unmitigated. DNS health and network security are satisfactory, providing a foundation to build upon. Immediate remediation is essential to protect customer data, maintain compliance, and preserve business trust.

M

MTN Bénin

mtn.bj

0

The website exhibits a concerning overall security posture with several critical and high-risk vulnerabilities that expose the business to significant legal, reputational, and operational risks. The absence of HTTPS encryption is a critical flaw, undermining data confidentiality and integrity for all website visitors and users. The lack of foundational GDPR compliance elements, such as a privacy policy and cookie consent banner, further exposes the business to potential regulatory penalties and customer trust erosion. Additionally, the missing security frameworks and incident response plans highlight insufficient readiness to detect and mitigate cyber threats or respond effectively to security incidents. While email and network security postures are strong, fundamental gaps in web security headers and DNS configurations must be addressed. Immediate remediation is needed to protect customer data, ensure regulatory compliance, and safeguard business continuity. Without these improvements, the organization remains vulnerable to data breaches, legal actions, and reputational damage.

N

Nico Rosberg

nicorosberg.com

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Key deficiencies include the absence of HTTPS encryption, leading to insecure data transmission, and missing fundamental security headers that protect against common web attacks. Additionally, the lack of GDPR compliance elements—such as privacy policies and cookie consent—poses legal risks and potential fines. Network exposure of critical services like MySQL and FTP further increases the attack surface, making unauthorized access more likely. The organization's security governance is underdeveloped, with no formal information security framework, incident response procedures, or vulnerability disclosure policies in place. Although email security and DNS health show moderate maturity, the overall low scores in core security domains highlight urgent remediation needs. Immediate action is required to safeguard business assets, maintain customer trust, and comply with regulatory requirements.

O

Opéra de Monte-Carlo

opera.mc

0

The website's overall security posture is currently at risk due to a critical vulnerability: the absence of HTTPS encryption, which compromises data confidentiality and user trust. While network security and email security measures are strong, several medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, and DNSSEC not being enabled expose the business to regulatory, operational, and reputational risks. The failure to implement essential security headers leaves the site vulnerable to common web attacks. Non-compliance with GDPR and NIS2 could result in legal penalties and fines. DNS vulnerabilities could allow domain hijacking or spoofing attacks, impacting service availability and customer confidence. Immediate remediation of HTTPS is crucial to protect sensitive data and maintain customer trust. Addressing these gaps will significantly improve the website's resilience against cyber threats and regulatory compliance posture.

M

Medtronic

covidien.com

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a severe vulnerability impacting data confidentiality and integrity, affecting customer trust and legal compliance, especially under GDPR and NIS2 regulations. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing susceptibility to man-in-the-middle and cross-site scripting attacks. The lack of GDPR compliance elements such as a Privacy Policy, Cookie Policy, and Consent Banner exposes the company to potential fines and customer distrust. The organization also lacks foundational information security documentation, including security policies and incident response procedures, which undermines its ability to effectively manage and respond to security incidents. While network security and DNS health show some strengths, they do not compensate for fundamental flaws in encryption and governance. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and safeguard business continuity. Overall, the current state presents a critical risk to both operational security and legal standing.

F

fortepharmashop-int

fortepharma.com

0

The website's overall security posture reveals significant critical vulnerabilities that pose immediate risks to business operations and compliance. The absence of HTTPS encryption is a critical failure affecting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 requirements. Key governance frameworks, such as information security policies, incident response, and business continuity plans, are missing, undermining the organization's ability to manage and recover from security incidents. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking regulatory penalties and reputational damage. Network security and DNS health are relatively strong, but email security can be improved to reduce phishing and spoofing risks. Security headers are partially implemented but require strengthening to enhance protection against web-based attacks. Immediate remediation efforts should focus on establishing fundamental security controls and compliance documentation to safeguard the business and its customers.

I

ITECO Oil Field Supply Group

iteco-supply.com

0

The website's security posture is critically weak, exposing the business to substantial risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability that jeopardizes all data transmissions, undermining user trust and violating GDPR and NIS2 requirements. Key security headers are largely missing, increasing susceptibility to common web attacks like clickjacking and cross-site scripting. The lack of fundamental GDPR compliance elements such as a Privacy Policy, Cookie Policy, and Consent Banner further exposes the company to legal penalties. Network services like FTP and SSH are unnecessarily exposed, elevating the risk of unauthorized access. Email security is moderately strong, but critical DNS security measures such as DNSSEC are absent. Overall, urgent remediation is required to protect customer data, ensure compliance with industry regulations, and maintain business continuity.

C

COFIP

cofip.pro

0

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant operational, reputational, and regulatory risks. The absence of HTTPS encryption is the most alarming issue, compromising data confidentiality and violating GDPR and NIS2 compliance requirements. Key HTTP security headers are missing, increasing the risk of client-side attacks such as clickjacking, XSS, and content injection. GDPR compliance is deficient, lacking privacy policies and cookie consent mechanisms, which may result in legal penalties. Network services expose critical ports like MySQL and FTP without adequate protections, creating high-risk attack surfaces. The lack of documented security policies, incident response procedures, and vulnerability disclosure policies further weakens the organization's ability to detect and respond to threats. Email and DNS security are relatively stronger, but the overall risk profile remains critical. Immediate remediation is necessary to safeguard business continuity, customer trust, and regulatory compliance.

S

SwissBorg

swissborg.com

0

The website exhibits a severely weak security posture with critical deficiencies in fundamental areas such as HTTPS encryption, GDPR compliance, and adherence to NIS2 cybersecurity directives. Absence of HTTPS encryption exposes data in transit to interception, posing significant risks to user privacy and trust. The lack of cookie policy and consent mechanisms highlights potential legal non-compliance risks under GDPR, increasing exposure to regulatory penalties. Security governance is notably inadequate, with missing incident response, vulnerability disclosure, and security policy documentation, creating vulnerabilities to cyber threats and operational disruptions. While network and email security appear strong, critical gaps in security headers and DNS configurations further weaken defenses. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and uphold the organization’s reputation. Without swift action, the business faces increased risk of data breaches, legal liabilities, and loss of customer confidence.

The website's security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability, severely compromising data confidentiality and integrity. Key security headers are missing, leaving the website vulnerable to common web attacks like clickjacking and cross-site scripting. GDPR compliance is severely lacking, with no privacy or cookie policies and no consent mechanisms, exposing the business to legal penalties, especially given its EU operations. The lack of a documented security framework, incident response, and business continuity plans under NIS2 standards further increases organizational risk. Additionally, exposing high-risk services like FTP without proper controls increases the attack surface. While email security and DNS health are relatively strong, the overall risk profile is unacceptable for a business operating in regulated environments. Immediate remediation is necessary to protect customer data, maintain trust, and comply with legal obligations.

O

OptimaT

optimat.be

0

The website's security posture is currently at high risk, with multiple critical and high-severity issues that directly impact business operations and regulatory compliance. Notably, the absence of HTTPS encryption exposes sensitive data to interception, undermining user trust and violating legal requirements such as GDPR and NIS2. Missing key security headers (Strict-Transport-Security, X-Frame-Options, Content-Security-Policy) increases vulnerability to common web attacks. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses significant legal and reputational risks, especially for EU customers. Additionally, the organization lacks foundational information security frameworks, incident response procedures, and business continuity plans, indicating immature security governance. Although email security and network security show moderate to good standing, critical gaps in SSL/TLS and GDPR compliance drastically overshadow these positives. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and secure business operations. The overall security readiness score reflects urgent need for comprehensive security improvements and policy implementations.

The website’s overall security posture is currently weak and exposes the business to significant risks, especially regarding data protection and regulatory compliance. Critical vulnerabilities exist due to the absence of HTTPS encryption, which impacts user data confidentiality and violates GDPR and NIS2 requirements. The lack of essential privacy documentation, including a Privacy Policy, Cookie Policy, and consent mechanisms, further exacerbates compliance risks and may lead to legal penalties. Additionally, the absence of a formal information security framework, incident response, and business continuity plans indicates immature security governance. While network security and email security show relatively better scores, critical gaps in headers and DNS configurations remain. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and avoid regulatory fines. Without urgent action, the business faces heightened exposure to cyber threats, data breaches, and substantial reputational damage.

C

Capefront Energies

naurexgroup.com

0

The website exhibits a poor overall security posture with critical vulnerabilities significantly impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical failure, exposing user data to interception and undermining trust. Missing key security headers such as Content-Security-Policy and X-Frame-Options increase the risk of cross-site scripting and clickjacking attacks. GDPR compliance is insufficient due to the lack of a cookie consent banner and incomplete privacy policy, risking regulatory penalties and reputational damage. The site also lacks essential NIS2 mandate elements including security policies, incident response procedures, and a vulnerability disclosure policy, indicating immature cybersecurity governance. Email security gaps, notably the missing DMARC record, increase the risk of phishing and email spoofing attacks. DNS security is relatively strong but could be improved with DNSSEC and CAA record implementation. Overall, urgent remediation is needed to protect customer data, ensure regulatory compliance, and maintain business continuity.

A

Arrow Monaco

arrowyacht.com

0

The website's overall security posture is critically weak, with multiple high and critical risk findings that expose the business to significant threats. The absence of HTTPS encryption is the most severe issue, jeopardizing data confidentiality and integrity, and violating compliance standards such as GDPR and NIS2. Key HTTP security headers are missing or misconfigured, increasing the risk of web-based attacks like clickjacking and cross-site scripting. GDPR compliance is notably deficient, lacking fundamental privacy policies and consent mechanisms, which can lead to legal and reputational consequences. The lack of an established information security framework, incident response procedures, and business continuity planning indicates an immature security governance posture. Network exposure of high-risk services like FTP and SSH further increases the attack surface. While email security and DNS health show moderate strength, critical gaps in encryption and policy frameworks present urgent risks. Immediate remediation is essential to protect sensitive data, maintain customer trust, and ensure regulatory compliance.

A

ACCE International

acceintl.com

0

The website's security posture is currently poor, with multiple critical and high-severity issues significantly increasing risk exposure. The absence of HTTPS encryption critically undermines data confidentiality and trust, exposing users and the business to interception and man-in-the-middle attacks. Key security headers are missing, leaving the site vulnerable to clickjacking, content injection, and cross-site scripting attacks. GDPR compliance is severely lacking, notably the absence of cookie policies and consent mechanisms, risking regulatory penalties and reputational damage. The lack of documented security policies, incident response procedures, and information security frameworks indicates immature security governance. Additionally, exposure of high-risk services like FTP further elevates attack surface risk. While email security and DNS health are relatively strong, the overall environment requires urgent remediation to protect business assets, customer data, and maintain regulatory compliance.

I

IFA Paris

ifaparis.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory fines, and reputational damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all data-in-transit security and violating GDPR and NIS2 requirements. Key security controls such as Content-Security-Policy and cookie management are missing, increasing the risk of cross-site scripting and privacy violations. Compliance with GDPR and NIS2 frameworks is severely lacking, with no cookie policy, consent mechanisms, or documented security and incident response policies in place. While email security and DNS health show relative strength, critical gaps in foundational network and transport layer security remain. Immediate remediation is needed to protect customer data, meet regulatory obligations, and maintain business continuity. Without urgent action, the organization faces heightened risks of cyberattacks, legal penalties, and loss of customer trust. The current security controls score poorly overall, with especially low marks in GDPR and NIS2 compliance modules, reflecting a need for a comprehensive security and compliance program.

A

ADOM

africasie.mc

0

The website’s current security posture is critically weak, exposing the business to significant risks from data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is a fundamental flaw that jeopardizes all data in transit, violating GDPR and NIS2 requirements and undermining user trust. Essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy are missing, leaving the site vulnerable to common web attacks like clickjacking and cross-site scripting. GDPR compliance is severely lacking, with no privacy policy or cookie consent mechanisms, increasing legal exposure. The lack of a formal information security framework, incident response, and business continuity plans further weakens the organization's resilience to cyber incidents. While network security and email security show some strengths, critical gaps in encryption and policy documentation overshadow these positives. Immediate remediation is vital to protect sensitive data, meet legal obligations, and maintain customer confidence. Without urgent action, the business risks costly breaches and regulatory fines that could impact operations and brand reputation.

E

Engineering Search Firm

esf.careers

0

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and missing key security headers leave user data vulnerable to interception and attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including privacy policies and cookie consent mechanisms, further increases legal exposure. Additionally, there is a severe deficiency in adherence to NIS2 requirements, with no security frameworks, incident response plans, or security policies documented. While network security and email security show relatively strong scores, foundational SSL/TLS protections and DNS security features like DNSSEC are inadequate or missing. Immediate remediation is essential to protect sensitive customer information, comply with regulations, and maintain trust. Without swift action, the business risks financial penalties and operational disruptions.

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruption. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and integrity of data in transit. Missing core security headers and email authentication mechanisms increase the risk of phishing, clickjacking, and cross-site scripting attacks. GDPR compliance is severely lacking, with no cookie policies or consent mechanisms, risking regulatory penalties. The lack of an information security framework, incident response procedures, and business continuity planning indicates poor organizational preparedness against cyber incidents. Additionally, the exposure of high-risk services like FTP and SSH without adequate controls further increases attack surface. While DNS health is relatively better, critical gaps remain that could facilitate DNS spoofing or interception. Immediate remediation is essential to protect customer data, maintain trust, and meet legal obligations.

F

FlyPrivate

flyprivate.com

0

The website’s current security posture exhibits significant vulnerabilities that expose the business to substantial risks, particularly due to the absence of HTTPS encryption which is flagged as critical across multiple compliance frameworks including GDPR, NIS2, and SSL/TLS standards. Key security controls such as Content-Security-Policy and X-Frame-Options headers are missing, increasing the risk of web-based attacks like clickjacking and cross-site scripting. Compliance with GDPR is severely lacking, with no cookie policy or consent mechanism in place, potentially exposing the business to regulatory fines and reputational damage. Additionally, the absence of documented security policies, incident response procedures, and vulnerability disclosure mechanisms under NIS2 requirements indicates immature information security governance. While email and network security are strong points, foundational gaps in encryption and security headers undermine overall defenses. The DNS configuration is moderately healthy but could be improved with DNSSEC and CAA records. Immediate remediation is needed to protect customer data, ensure regulatory compliance, and safeguard business continuity. Without prompt action, the business faces operational disruptions, legal penalties, and loss of customer trust.

B

BW Offshore

bwoffshore.com

0

The website exhibits a severely weak security posture with multiple critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes all data exchanges to interception. There is a substantial lack of essential security policies and controls, including GDPR compliance mechanisms such as privacy and cookie policies, as well as NIS2 framework adherence, which increases legal and operational risks. Numerous high-risk network services are openly exposed, significantly raising the risk of unauthorized access and data breaches. Security header configurations are insufficient, missing critical protections like Content-Security-Policy, increasing susceptibility to web-based attacks. While email security scores well, the overall infrastructure shows critical gaps in encryption, policy documentation, and incident response readiness. This situation poses immediate threats to data confidentiality, regulatory compliance, and business continuity. Immediate remediation is necessary to protect customer data, maintain trust, and comply with legal obligations. Without rapid action, the organization faces potential data breaches, regulatory fines, and reputational damage.

E

Endeavour Mining plc

endeavourmining.com

0

The website exhibits significant security and compliance deficiencies that pose substantial business and legal risks. The absence of HTTPS encryption is a critical vulnerability, exposing all data transmissions to interception and undermining user trust, while also violating GDPR and NIS2 regulations. Lack of foundational GDPR compliance elements such as Privacy Policy, Cookie Policy, and Consent Banner further exposes the organization to regulatory penalties and reputational damage. Security governance is weak, with no documented security policies, incident response plans, or vulnerability disclosure processes, compromising the organization's ability to manage and respond to threats effectively. Email security is moderate but requires enhancements to prevent phishing and spoofing attacks. While network security posture is strong, other security controls like HTTP security headers and DNS configurations show room for improvement. Immediate remediation is necessary to safeguard sensitive data, comply with legal requirements, and maintain customer confidence. Addressing these issues will substantially reduce risk exposure and support sustainable business operations.

The website's overall security posture presents significant concerns that could impact business operations and customer trust. The absence of HTTPS encryption is a critical vulnerability, exposing data in transit to interception and manipulation. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, absence of DKIM records for email security, and missing DNSSEC protection indicate gaps in regulatory adherence and attack surface hardening. Although the network security posture is strong, the DNS configuration lacks certain protective measures like CAA records. These weaknesses collectively increase the risk of data breaches, regulatory penalties, and reputational damage. Immediate remediation is necessary to safeguard sensitive information and maintain compliance. Addressing these issues will enhance customer confidence, reduce exposure to cyber threats, and support regulatory requirements.

T

TC Stratégie Financière (TCSF)

tcsf.mc

0

The website’s overall security posture is critically weak, with multiple fundamental issues exposing the business to significant risks. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality, integrity, and trust, impacting compliance with GDPR and NIS2 regulations. Key security headers are missing or misconfigured, increasing the risk of web-based attacks such as clickjacking and cross-site scripting. Additionally, the lack of privacy and cookie policies, along with no cookie consent mechanism, exposes the business to regulatory fines and reputational damage under data protection laws. The absence of formal information security frameworks, incident response plans, and business continuity procedures further increases operational risk. While email security and network security show relatively better scores, the critical gaps in foundational web and regulatory compliance controls must be urgently addressed. Immediate remediation of HTTPS, security policies, and compliance documentation is essential to reduce legal and security risks. Overall, the business should prioritize establishing a robust security baseline aligned with regulatory mandates to protect customers and organizational assets.

The website's overall security posture is concerning due to the presence of a critical vulnerability: the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, absence of DKIM records for email, and disabled DNSSEC further increase the risk of data breaches, regulatory penalties, and email spoofing. Although network security is strong, these gaps significantly undermine trust and may lead to reputational damage and legal consequences. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and secure communication channels. Addressing these issues will strengthen the security framework and help safeguard business operations against escalating cyber threats. Without prompt action, the organization remains vulnerable to data interception, phishing, and regulatory fines. Investing in security improvements will improve stakeholder confidence and reduce potential financial and operational risks.

The website's overall security posture is critically weak, with multiple critical and high-severity issues threatening both data confidentiality and regulatory compliance. The absence of HTTPS encryption is a severe vulnerability exposing user data to interception and undermining trust. Missing critical security headers like Strict-Transport-Security and Content-Security-Policy increase the risk of web-based attacks such as clickjacking and cross-site scripting. Non-compliance with GDPR due to missing privacy and cookie policies, along with no consent mechanisms, poses significant legal and reputational risks. The lack of documented information security frameworks, incident response plans, and security policies further exposes the business to operational and regulatory risks under NIS2 requirements. While network security and email security show some strengths, these are overshadowed by foundational weaknesses in transport security and governance. Immediate remediation is necessary to protect customer data, meet legal obligations, and maintain business continuity. Failure to act could lead to data breaches, regulatory fines, and loss of customer trust.

G

GrowUp Consulting

growup-hr.com

0

The website demonstrates significant security deficiencies, particularly a complete lack of HTTPS encryption, which poses critical risks to data confidentiality and user trust. Missing essential security headers such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy increase vulnerability to common web attacks including clickjacking and cross-site scripting. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the business to regulatory non-compliance and potential legal penalties under GDPR. Furthermore, critical gaps in security governance, including missing information security frameworks, incident response procedures, and security policy documentation, indicate immature cybersecurity management. While email security and network security posture are strong, the overall security posture is weak, making the business susceptible to data breaches, reputational damage, and compliance violations. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and safeguard business continuity. Prioritizing HTTPS implementation and establishing a comprehensive security and privacy framework will significantly enhance risk mitigation. DNS security and some network controls are adequate but insufficient to compensate for the critical issues identified.

The website's overall security posture exhibits significant vulnerabilities that could expose the business to substantial risks. The absence of HTTPS encryption is a critical flaw, jeopardizing data confidentiality and user trust. Several medium-level issues, including missing security headers, inadequate GDPR compliance, lack of DNSSEC, and missing DKIM records, further increase exposure to data breaches and regulatory penalties. While the network security posture is strong, foundational web security controls need urgent attention to protect sensitive data and maintain compliance. Addressing these issues promptly will enhance customer confidence and reduce the risk of cyberattacks and legal repercussions. The current lack of key security protocols may also negatively impact SEO rankings and brand reputation. Immediate remediation of the critical SSL/TLS deficiency should be prioritized, followed by strengthening email and DNS security measures. Ensuring compliance with GDPR and NIS2 directives will safeguard against regulatory fines and improve overall security governance.

S

Sonepar

sonepar.com

0

The website's overall security posture is currently inadequate, with critical vulnerabilities posing significant risks to business operations and regulatory compliance. The absence of HTTPS encryption, highlighted as a critical issue across multiple modules, severely compromises data confidentiality and user trust. GDPR compliance is notably poor, with no cookie policy or consent mechanism in place, exposing the organization to legal and financial penalties. Security governance is weak, lacking essential frameworks, policies, and incident response procedures, which undermines the ability to manage and respond to cyber threats effectively. While email security and network security show relatively strong performance, foundational web security controls such as security headers are only moderately implemented. The combination of missing critical headers and weak DNS security measures further increases exposure to attacks like data leakage and DNS spoofing. Immediate remediation is essential to protect sensitive customer data, maintain regulatory compliance, and safeguard the company’s reputation.

The website's security posture is concerning, primarily due to the absence of HTTPS encryption, which critically exposes all data transmissions to interception and manipulation. Several medium-severity issues, including failures in implementing key security headers, GDPR and NIS2 compliance gaps, and missing DNS security features, indicate an elevated risk of data breaches and regulatory non-compliance. Email security measures are partially implemented but lack critical components like DKIM and DMARC reporting, increasing susceptibility to spoofing and phishing attacks. Network security is moderately strong but exposing SSH services publicly can be an entry point for attackers. Overall, the site is vulnerable to both external cyber threats and legal/regulatory repercussions, necessitating immediate remedial action to protect business operations and customer trust.

E

Elkho Group

elkho-group.com

0

The website's overall security posture is critically weak, with multiple high and critical severity issues identified across core security domains. The absence of HTTPS encryption is the most severe vulnerability, exposing all communications to interception and undermining GDPR compliance. Missing key security headers such as Strict-Transport-Security and Content-Security-Policy further increase the risk of web-based attacks like man-in-the-middle, clickjacking, and cross-site scripting. The lack of GDPR-mandated elements like a cookie policy and consent banner exposes the business to regulatory penalties and reputational damage. Additionally, there is a significant deficiency in compliance with the NIS2 directive, with no documented security policies, incident response, or information security framework in place. While email security and DNS health show some strengths, critical gaps remain, including DMARC enforcement and DNSSEC configuration. Immediate remediation is essential to protect sensitive customer data, ensure regulatory compliance, and maintain customer trust. Without prompt action, the business faces increased risk of data breaches, legal sanctions, and operational disruption.

The website exhibits a critically weak security posture with multiple high-risk vulnerabilities that expose the business to significant operational, legal, and reputational risks. The absence of HTTPS encryption is a fundamental flaw impacting data confidentiality and trust, particularly given the handling of EU users without adequate GDPR compliance. Critical gaps in security headers leave the site vulnerable to attacks such as clickjacking, cross-site scripting, and content injection. The lack of privacy and cookie policies, along with missing consent mechanisms, further exacerbates regulatory non-compliance risks. Additionally, the absence of documented security policies, incident response, and business continuity planning indicates immature cybersecurity governance. While network security and DNS health show relatively better scores, these strengths do not compensate for the critical weaknesses in application-layer security and compliance. Immediate remediation is essential to protect customer data, ensure legal compliance, and maintain business continuity. Without addressing these issues promptly, the organization risks data breaches, regulatory fines, and loss of customer trust.