Security Directory

The website demonstrates a generally strong security posture with no critical or high-risk vulnerabilities detected. SSL/TLS and network security modules are fully optimized, reflecting well on encrypted communications and infrastructure protection. However, medium-level issues in security headers, GDPR compliance, NIS2 compliance, email security (missing DKIM), and DNS health (lack of DNSSEC) present moderate risks that could impact data privacy, regulatory adherence, and phishing resilience. Low-level issues such as missing CAA records are minor but should be addressed to enhance certificate issuance control. Addressing these medium risks will improve overall trustworthiness, regulatory compliance, and reduce attack surface. Immediate remediation efforts focused on regulatory and email authentication will yield significant business benefits. Overall, the organization is positioned securely but must prioritize compliance and DNS/email improvements to mitigate potential threats and regulatory penalties.

C

Cabinet

studiocabinet.com

0

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity vulnerabilities that present significant business risks. Key weaknesses include missing essential security headers, lack of GDPR compliance elements such as privacy and cookie policies, and absence of fundamental information security frameworks aligned with NIS2 requirements. These gaps expose the business to legal liabilities, data privacy violations, and potential operational disruptions. While email security, DNS health, and network security scores are relatively strong, SSL/TLS configurations need improvement to prevent data interception. The lack of incident response and business continuity plans further increases organizational risk in the event of a breach. Immediate remediation on privacy compliance and security governance will protect brand reputation and reduce regulatory penalties. Overall, the website requires focused improvements in security policies, headers, and privacy practices to meet industry standards and regulatory demands.

H

Hermaion Capital

hermaioncapital.com

0

The website exhibits a concerning overall security posture with multiple critical and high-severity issues across key domains such as SSL/TLS, email authentication, network security, and compliance frameworks. Critical vulnerabilities like an invalid SSL certificate, exposed critical services (MySQL and FTP), and missing email authentication significantly increase the risk of data breaches, service disruption, and reputational damage. Furthermore, the absence of GDPR compliance elements such as privacy and cookie policies, along with lacking incident response and security documentation per NIS2 requirements, exposes the business to regulatory penalties and operational risks. Security headers are inadequately configured, reducing protection against common web-based attacks. While DNS health is relatively strong, other foundational controls like HSTS and DNSSEC are missing or misconfigured. Immediate remediation is necessary to strengthen trust with users, ensure regulatory compliance, and protect sensitive business information from cyber threats. Without swift action, the business faces elevated risk of exploitation, compliance fines, and loss of customer confidence.

O

Oxygen Aviation Ltd

oxygenaviation.com

0

The website exhibits significant security and compliance gaps, particularly in foundational security headers, GDPR adherence, and NIS2 regulatory requirements. Although there are no critical vulnerabilities, multiple high and medium severity issues expose the business to increased risk of data breaches, regulatory penalties, and reputational damage. Key weaknesses include missing essential HTTP security headers, absence of cookie policies and consent mechanisms, and lack of documented information security and incident response procedures. Additionally, outdated or expiring SSL certificates and exposed high-risk services like FTP further elevate the risk profile. While email security and DNS health show generally better scores, the overall security posture is weak, especially around compliance and network security frameworks. Immediate attention is needed to close these gaps to protect customer data, ensure regulatory compliance, and maintain business continuity. Proactive remediation will reduce attack surface and demonstrate commitment to cybersecurity best practices to stakeholders and regulators.

D

d’Amico Società di Navigazione S.p.A.

damicoship.com

0

The website demonstrates a generally solid technical security foundation with strong network security and good SSL/TLS and DNS configurations. However, significant compliance and governance gaps exist, particularly around GDPR and NIS2 regulatory requirements, which expose the organization to legal, reputational, and operational risks. Critical policies such as Privacy Policy, Cookie Policy, and incident response procedures are missing, undermining user trust and regulatory adherence. Email security has room for improvement, with missing DKIM and DMARC reporting that could increase risk of phishing or spoofing attacks. Security headers are mostly configured well but lack some best practices that could harden defenses. Overall, the site is technically secure but vulnerable in regulatory compliance and governance domains, necessitating urgent attention to avoid penalties and operational disruptions. Addressing these issues will enhance customer confidence and reduce exposure to cyber threats and regulatory fines.

The website demonstrates significant security gaps across multiple critical areas, including web security headers, GDPR compliance, and NIS2 regulatory adherence, resulting in an overall weak security posture. While network security is robust, key SSL/TLS configurations are outdated and vulnerable, increasing the risk of data interception and compromise. Absence of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy exposes the site to common web-based attacks like clickjacking and cross-site scripting. The lack of privacy policies, cookie consent mechanisms, and third-party privacy oversight creates substantial legal and reputational risks under GDPR requirements. Additionally, missing incident response, security policy documentation, and vulnerability disclosure procedures undermine the organization's ability to manage and respond to security incidents effectively. DNS security issues, notably the potential subdomain takeover and missing DNSSEC, further elevate risk exposure. Immediate improvements are necessary to protect customer data, maintain regulatory compliance, and safeguard business continuity.

C

Chris Mortimer

christophermortimer.com

0

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that require immediate attention. Key gaps include missing essential security headers, lack of GDPR compliance artifacts such as privacy and cookie policies, and absence of robust information security governance aligned with NIS2 requirements. These deficiencies expose the business to legal risks, reputational damage, and increased susceptibility to web-based attacks like clickjacking and cross-site scripting. While network security and email security are relatively strong, foundational SSL/TLS configurations and DNS security settings need improvement to prevent data interception and domain spoofing. The lack of incident response and business continuity plans further increases organizational risk in case of a security breach. Overall, the website is vulnerable to both regulatory non-compliance and technical exploits that could impact customer trust and operational resilience. Immediate remediation of high-impact security policies and headers, along with GDPR and NIS2 compliance measures, is crucial to safeguard the business and its customers.

R

RichRelevance

richrelevance.com

0

The website demonstrates a moderate overall security posture with no critical issues but several high and medium severity vulnerabilities, particularly in compliance and security policy domains. Key gaps exist in GDPR compliance, notably missing cookie policy and consent mechanisms, exposing the business to regulatory and reputational risks. The absence of a formal information security framework, incident response procedures, and security policy documentation indicates immature organizational security governance, raising operational risk. Security headers and TLS configurations are partially implemented but require strengthening to prevent common web-based attacks. Email security mechanisms like DMARC and DKIM are incomplete, increasing phishing risks. DNS and network security are relatively strong, providing a solid foundation. Addressing these issues will improve regulatory compliance, reduce breach likelihood, and enhance customer trust.

A

Adminpanel

petroservices.de

0

The website's security posture is currently weak, with critical and high-risk issues spanning multiple domains including security headers, GDPR compliance, network security, and organizational security policies. Key deficiencies such as missing essential HTTP security headers and exposed critical services (MySQL, FTP) increase the risk of data breaches and unauthorized access. The absence of GDPR-required documentation and consent mechanisms puts the business at significant regulatory and reputational risk, especially for EU operations. Additionally, lacking a formal information security framework and incident response procedures undermines the organization's ability to manage and recover from security incidents effectively. While email security, SSL/TLS, and DNS health show moderate maturity, urgent improvements are needed in network and application security configurations. Without prompt remediation, these vulnerabilities expose the business to data loss, compliance fines, and customer trust erosion. Prioritized action is essential to safeguard sensitive data, maintain regulatory compliance, and protect business continuity.

F

Façonnable

faconnable.com

0

The website demonstrates a generally solid security posture with no critical vulnerabilities detected and strong scores in email and network security. However, significant gaps exist in compliance with GDPR and NIS2 regulations, particularly around cookie consent, incident response, and security contact information, which expose the business to legal and operational risks. Security headers are partially configured but lack important protections against common web attacks, potentially increasing exposure to client-side threats. Mixed content and DNS security weaknesses also undermine the integrity and confidentiality of user interactions. While SSL/TLS and network configurations are mostly robust, improvements are needed to fully secure data transmission. Addressing these issues will not only enhance security but also improve regulatory compliance and customer trust. Prioritizing GDPR and NIS2 compliance will mitigate legal risks and strengthen incident readiness. Overall, the site is secure but requires targeted improvements to protect business continuity and reputation effectively.

S

Stajvelo

stajvelo.com

0

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory penalties, and operational disruptions. While no critical vulnerabilities were detected, several high-severity issues, particularly missing key security headers and absence of essential security policies, indicate weak defense mechanisms. Compliance with GDPR and NIS2 regulations is notably insufficient, risking legal and reputational damage. Network security concerns, such as exposed high-risk services like FTP, further increase the attack surface. SSL/TLS and email security configurations are relatively strong but require minor improvements. Immediate attention to security governance, incident response, and user privacy controls is essential to protect customer data and ensure business continuity. Investing in these areas will reduce risk exposure and strengthen stakeholder trust. Overall, the business should treat these findings as urgent priorities to maintain regulatory compliance and operational resilience.

A

AMN Healthcare

amnhealthcare.com

0

The website demonstrates a generally strong security posture with no critical or high-level issues detected. Key strengths include a perfect SSL/TLS implementation and a robust network security posture, minimizing risks from transport layer attacks and network vulnerabilities. However, medium severity issues related to missing or misconfigured security headers, GDPR and NIS2 compliance gaps, and email security weaknesses such as non-enforcing DMARC policies pose notable risks. DNS health is also a concern due to the absence of DNSSEC and missing CAA records, which could expose the domain to DNS spoofing and unauthorized certificate issuance. Addressing these medium and low-level issues will improve regulatory compliance, protect user data, and strengthen defenses against phishing and DNS attacks. Overall, the site is secure but would benefit from targeted improvements in headers, email policies, and DNS configurations to mitigate potential exploitation vectors. Prioritizing these enhancements will align the website with best practices and regulatory requirements, reducing business risks and enhancing customer trust.

M

Monaco Business Solutions (MBS)

mbs.mc

0

The website demonstrates a moderate overall security posture with no critical vulnerabilities but multiple high and medium risk issues that pose significant business and compliance risks. Key deficiencies include missing essential security headers, inadequate GDPR compliance due to absence of privacy policies and cookie consent mechanisms, and substantial gaps in NIS2 regulatory requirements such as lack of incident response plans and security documentation. Network security is impaired by exposure of high-risk services like FTP, increasing the attack surface. While email security, SSL/TLS, and DNS health scores are relatively strong, issues such as an expiring SSL certificate and mixed content could undermine user trust. The absence of a comprehensive information security framework and vulnerability disclosure process further expose the business to potential data breaches and regulatory penalties. Immediate remediation is necessary to strengthen legal compliance, protect customer data, and reduce operational risks associated with cyber threats.

A

ASCOMA

ascoma.com

0

The website's overall security posture reveals significant compliance and network security deficiencies that pose considerable business risks. While foundational elements like email security and SSL/TLS configurations score well, critical vulnerabilities exist such as exposure of a critical MySQL service and lack of incident response and security policy documentation. GDPR compliance is notably weak with missing cookie policies and consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of a structured information security framework and vulnerability disclosure policy further weakens the organization's resilience against cyber threats. Network security is compromised due to high-risk and critical services being exposed unnecessarily. Additionally, DNS and security headers require enhancements to improve defense-in-depth. Immediate remediation is essential to reduce attack surfaces, comply with regulations, and protect sensitive data, thereby safeguarding business continuity and customer trust.

A

AEG

aegworldwide.com

0

The website demonstrates a mixed security posture with no critical vulnerabilities but multiple high and medium risk issues, particularly in compliance and governance areas. Key deficiencies exist in GDPR compliance, including absence of cookie policies and consent mechanisms, raising potential legal and reputational risks. Security governance is also weak, lacking essential NIS2 framework elements such as security policies, incident response, and business continuity planning, which could impair incident management and regulatory adherence. Technical security controls like security headers and SSL/TLS configurations need improvement to reduce attack surfaces. DNS and network security are relatively strong, and email security is fully compliant. Overall, the site is vulnerable to regulatory penalties, data exposure, and operational risks if these gaps remain unaddressed. Immediate remediation is vital to strengthen defenses, ensure compliance, and protect business continuity.

M

MONACO INTERNATIONAL CONGRÉS & SÉMINAIRE

mics.mc

0

The website's overall security posture shows no critical vulnerabilities but exhibits multiple high and medium risk issues that pose significant risks to business operations and regulatory compliance. Key deficiencies include missing essential security headers, inadequate GDPR compliance especially around cookie policies, and a lack of formal security governance aligned with NIS2 requirements. The exposure of high-risk services such as FTP and missing incident response procedures further elevate the risk profile. While email security, SSL/TLS, and DNS health scores are relatively strong, shortcomings in security headers and network security could enable attacks like clickjacking, XSS, and data leakage. The absence of a security policy and vulnerability disclosure mechanism increases exposure to undetected threats and weakens stakeholder trust. Immediate remediation is essential to avoid regulatory penalties, data breaches, and reputational damage. Strengthening security governance and technical controls will enhance resilience and customer confidence.

S

Stratos Aero

stratos.aero

0

The website demonstrates significant security vulnerabilities across multiple domains, indicating an overall weak security posture that exposes the business to legal, operational, and reputational risks. Critical and high-severity issues, including exposed critical services like MySQL and FTP, lack of fundamental security headers, and missing GDPR compliance elements such as privacy and cookie policies, highlight urgent areas requiring attention. The absence of an incident response plan, security policies, and information security framework further exacerbates risk exposure. While email security and DNS health scores are relatively stronger, they are insufficient to compensate for network and compliance weaknesses. Immediate remediation is necessary to protect sensitive data, ensure regulatory compliance, and maintain customer trust. The company should prioritize closing critical service exposures and establishing governance frameworks to mitigate potential breaches and regulatory penalties. Overall, the current state could lead to data compromise, service disruption, and significant legal liabilities if not addressed promptly.

T

Tennant Metals

tennantmetals.com.au

0

The website demonstrates a moderate security posture with no critical vulnerabilities detected, but several high and medium-risk issues that could expose the business to significant risks. Key security headers are missing, such as Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy, increasing susceptibility to common web attacks like clickjacking and man-in-the-middle attacks. Compliance gaps related to GDPR and NIS2 frameworks highlight insufficient data protection policies, lack of incident response procedures, and absence of documented security policies, which could lead to regulatory penalties and operational disruptions. While SSL/TLS and DNS configurations are generally strong, the absence of HSTS and DNSSEC reduces communication security and trustworthiness. The company benefits from strong email and network security, but overall low scores in governance and security policy areas present material business risks. Immediate remediation is necessary to prevent data breaches, maintain customer trust, and ensure regulatory compliance. Addressing these weaknesses will enhance resilience, reduce liability, and safeguard the organization’s reputation.

G

Gemsport

safesoccergoal.com

0

The website demonstrates significant security gaps, particularly in foundational security controls such as missing critical HTTP security headers and inadequate SSL/TLS configurations. Compliance with GDPR and NIS2 regulations is notably insufficient, with absent privacy and cookie policies, no incident response or security policy documentation, and lack of business continuity planning, exposing the organization to regulatory and reputational risks. Although no critical vulnerabilities were identified, the presence of high-risk services like an exposed FTP server significantly increases the attack surface. The email security posture is strong, indicating well-implemented email protections. Overall, the website's security maturity is low, with urgent need for policy development, technical hardening, and compliance measures to mitigate potential data breaches, legal penalties, and operational disruptions. Addressing these issues promptly will enhance customer trust, reduce liability, and improve resilience against cyber threats. The current state leaves the business vulnerable to data exposure, phishing, and service interruptions, which could have severe financial and reputational impacts if exploited.

H

Halliburton Company

halliburton.com

0

The website demonstrates a strong foundational security posture with no critical or high-level issues detected. Core areas such as email security, SSL/TLS configuration, and overall network security are well-implemented, scoring 100/100. However, medium-level concerns around security headers, GDPR compliance, NIS2 regulation adherence, and DNS security require immediate attention to mitigate potential risks. The absence of DNSSEC and incomplete DNS configurations like missing CAA records leave the domain vulnerable to DNS spoofing and unauthorized certificate issuance. Addressing these gaps will improve regulatory compliance and enhance trustworthiness with customers and partners. Overall, while the infrastructure is solid, prioritizing these medium-level issues will reduce exposure to emerging threats and regulatory penalties. Continued monitoring and remediation will help maintain a resilient security posture aligned with evolving standards.

A

Aether Ltd

aether-uk.com

0

The website exhibits a moderate to weak overall security posture, with no critical vulnerabilities but several high and medium-risk issues that could expose the organization to data breaches, regulatory non-compliance, and operational disruptions. Major gaps exist in security header configurations, GDPR compliance, and adherence to NIS2 cybersecurity framework requirements. The absence of essential headers like Strict-Transport-Security and Content-Security-Policy increases the risk of man-in-the-middle and cross-site scripting attacks. GDPR-related deficiencies, including missing cookie policies and consent mechanisms, expose the business to potential legal penalties and reputational damage. The lack of documented security policies, incident response plans, and business continuity strategies severely undermines the organization’s preparedness against cyber incidents. SSL/TLS, email security, and DNS health show relatively strong scores, providing a solid foundation for encrypted communications and domain integrity. Immediate remediation of high-impact vulnerabilities combined with establishing governance frameworks will significantly enhance security resilience and regulatory compliance. Ongoing monitoring and periodic reassessments are recommended to maintain and improve security posture over time.

M

MMCI

mmci.mc

0

The website demonstrates a generally secure SSL/TLS implementation but exhibits significant weaknesses in security headers, privacy compliance, and organizational security policies. The absence of critical HTTP security headers such as Strict-Transport-Security and Content-Security-Policy increases exposure to common web-based attacks like man-in-the-middle and cross-site scripting. GDPR compliance gaps, including missing privacy policies and cookie consent mechanisms, pose potential legal and reputational risks. The lack of documented information security frameworks, incident response plans, and vulnerability disclosure processes indicates a low maturity in cybersecurity governance, heightening the risk of prolonged breaches. Additionally, exposure of high-risk services such as FTP significantly elevates the attack surface. While email and DNS security are relatively strong, enabling DNSSEC and DKIM would further mitigate phishing and spoofing risks. Immediate remediation is crucial to protect customer data, maintain regulatory compliance, and sustain business trust.

The website demonstrates a moderate overall security posture with no critical issues identified, but several high and medium-risk concerns require immediate attention. Notably, missing essential security headers and lack of a privacy and cookie policy expose the business to data protection non-compliance risks, especially under GDPR. The absence of a documented information security framework, incident response procedures, and security policies significantly increases operational risk and can hinder regulatory compliance, particularly under NIS2 requirements. SSL/TLS configurations show weaknesses that could compromise data confidentiality and integrity. DNS health and network security are relatively strong, indicating a solid foundation. However, improvements in security headers and GDPR compliance are urgent to protect customer data and avoid legal penalties. Addressing these gaps will enhance the company’s security resilience, customer trust, and compliance posture. Immediate remediation is critical to mitigate potential data breaches and reputational damage.

M

MTN CI

mtn.ci

0

The website exhibits significant security weaknesses, particularly in foundational areas such as security headers, GDPR compliance, and NIS2 regulatory adherence. While no critical vulnerabilities were found, numerous high-severity issues indicate a substantial risk to both data protection and regulatory compliance, exposing the business to potential legal and reputational damage. The lack of essential security headers and policies increases susceptibility to web-based attacks, while missing privacy and cookie policies risk non-compliance with data protection laws. Email security measures are partially implemented but require improvements to prevent spoofing. SSL/TLS configurations are suboptimal, with weak keys and imminent certificate expiry, threatening secure communications. DNS and network security are relatively strong but cannot compensate for the other systemic weaknesses. Immediate remediation is necessary to safeguard customer data, maintain trust, and align with regulatory requirements.

The website demonstrates a generally strong security posture in network security and SSL/TLS implementations, reflecting good foundational practices. However, significant gaps exist in email authentication, with a critical issue of no email authentication configured and missing DKIM records, exposing the business to email spoofing and phishing risks. Security headers are not adequately implemented, increasing vulnerability to common web attacks. Compliance-related checks for GDPR and NIS2 have failed, which could lead to regulatory penalties and impact business reputation. DNS security is moderate, with DNSSEC not enabled, increasing risks of DNS spoofing or cache poisoning attacks. Low-risk issues such as missing CAA records should be addressed to further harden DNS configurations. Overall, while core infrastructure is solid, key security and compliance controls require immediate attention to mitigate risks and protect business assets and trust.

The website demonstrates a generally strong security posture with no critical or high-severity issues detected. Core security areas such as email security, SSL/TLS configurations, and overall network security are well implemented, scoring a perfect 100. However, medium-level issues related to missing or misconfigured security headers, GDPR compliance, NIS2 adherence, and disabled DNSSEC indicate gaps that could expose the business to compliance risks and potential targeted attacks. The absence of DNSSEC and CAA records slightly lowers DNS health, which while not immediately critical, could affect domain integrity and trust. Addressing these medium and low-level issues will enhance regulatory compliance, protect customer data, and strengthen defense against DNS-related threats. Proactively resolving these gaps will also reduce potential reputational and financial risks. Overall, the site is secure but requires focused improvements in headers, regulatory compliance, and DNS configurations to reach a robust security standard.

The website’s security posture shows significant weaknesses, particularly in key HTTP security headers and compliance with GDPR and NIS2 regulations. Critical and high-severity issues such as lack of email authentication, missing incident response and security policy documentation, and absent privacy and cookie policies expose the business to regulatory penalties, brand damage, and increased cyber risk. While network security and TLS configurations are relatively strong, foundational controls like Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options headers are missing, increasing susceptibility to common web attacks. The absence of GDPR-required elements like a privacy policy and cookie consent banner further elevates compliance risks. Email security is critically deficient without authentication mechanisms, risking phishing and domain spoofing. Overall, the company must urgently address governance, policy documentation, and web security controls to reduce exposure and meet regulatory standards. Without swift remediation, the business faces operational disruptions, legal liabilities, and reputational harm.

The website's overall security posture is currently weak, with significant deficiencies in foundational security controls and GDPR compliance, exposing the business to regulatory, reputational, and cyber risks. Critical and high-severity issues dominate, particularly missing key security headers, inadequate privacy policies, and lack of documented information security frameworks and incident response plans. GDPR compliance gaps, including absence of cookie policies and consent mechanisms, place the organization at risk of legal penalties and loss of customer trust, especially as it operates in the EU. Furthermore, weaknesses in SSL/TLS configurations and missing NIS2 directive implementations indicate vulnerabilities to data interception and operational disruptions. While email security, DNS health, and network security show relatively strong scores, they do not compensate for core infrastructure and compliance shortcomings. Immediate remediation is essential to safeguard sensitive data, maintain regulatory adherence, and uphold brand integrity. Prioritizing these gaps will reduce the likelihood of breaches, fines, and business interruptions.

D

digitalillusion.com

digitalillusion.com

0

The website's overall security posture is currently weak, with critical and high-severity issues posing significant risks to both operational integrity and regulatory compliance. Key security headers are missing, exposing the site to common web-based attacks such as clickjacking, content injection, and cross-site scripting. The absence of GDPR-related documentation and consent mechanisms presents substantial legal and reputational risks, especially regarding user privacy and compliance. Vital NIS2 framework elements, including security policies and incident response plans, are not in place, increasing vulnerability to cyber incidents and regulatory penalties. Email authentication is critically lacking, which can lead to phishing risks and domain spoofing, impacting customer trust. SSL/TLS configurations are outdated and weak, threatening data confidentiality and integrity during transit. While network security and DNS health are relatively strong, they do not compensate for foundational security and compliance gaps. Immediate remediation is necessary to protect customer data, ensure compliance, and maintain business continuity.

M

Monachem Specialities LLP

monachem.com

0

The website demonstrates significant security and compliance gaps that expose the business to data breaches, regulatory penalties, and reputational damage. While network security and SSL/TLS configurations are relatively strong, foundational security headers are largely missing, increasing risks of client-side attacks such as clickjacking and cross-site scripting. GDPR compliance is notably deficient, lacking essential privacy policies and consent mechanisms, which could lead to legal and financial consequences. The absence of an information security framework, incident response plans, and security documentation reflects poor organizational preparedness for cyber incidents. Email security measures are partially implemented but require improvements to prevent phishing and spoofing threats. DNS security is moderate but can be enhanced to protect domain integrity. Overall, the website’s current posture demands urgent remediation of critical governance and technical controls to safeguard business operations and customer trust.

K

KK Superyachts

kk-superyachts.com

0

The website exhibits a generally strong network security posture and solid email security and SSL/TLS configurations, reflecting well on foundational security practices. However, critical gaps exist in compliance with GDPR and NIS2 regulatory frameworks, which pose significant legal and reputational risks. Notably, the absence of privacy and cookie policies, along with missing cookie consent mechanisms, undermines user trust and exposes the business to regulatory penalties. The lack of an established information security framework, security policy documentation, and incident response procedures indicates insufficient organizational readiness for managing cyber incidents. Missing key HTTP security headers like Content-Security-Policy further increases the risk of client-side attacks. While some medium and low-level issues exist, the high-severity compliance and governance deficiencies should be prioritized to safeguard business continuity and legal compliance. Addressing these gaps will not only enhance security but also improve customer confidence and regulatory standing.

V

VINCI Construction

vinci-construction.com

0

The website demonstrates a generally strong security posture in areas such as network security, email security, SSL/TLS configuration, and security headers, with no critical vulnerabilities detected. However, significant gaps exist in regulatory compliance and governance, particularly regarding GDPR and NIS2 frameworks. The absence of a cookie policy and consent mechanism exposes the business to legal and reputational risks under privacy regulations. Additionally, missing security and incident response policies, as well as inadequate vulnerability disclosure and business continuity planning, increase operational risks and could impair effective response to security incidents. While technical controls like SSL/TLS and DNS health are solid, governance and compliance weaknesses represent the highest business impact threats. Addressing these gaps is essential to mitigate regulatory penalties, ensure customer trust, and maintain operational resilience. Prioritizing compliance documentation and incident management processes will strengthen the overall security posture and support business continuity.

P

Promar

promar-offshore.com

0

The website demonstrates a moderate security posture with no critical vulnerabilities but multiple high and medium-risk issues that can expose the business to significant risks. Key deficiencies exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity regulations, signaling potential legal, reputational, and operational risks. The absence of privacy and cookie policies, along with missing consent mechanisms, may lead to non-compliance with data protection laws, risking fines and loss of customer trust. Security policy documentation, incident response procedures, and business continuity plans are notably lacking, reducing preparedness for cyber incidents. SSL/TLS certificate renewal is urgent to avoid service disruption and trust erosion. While email and network security are strong, improvements are needed in DNS and transport security configurations. Addressing these gaps will enhance the website’s resilience, ensure regulatory compliance, and protect business continuity and customer confidence.

C

Crans Montana Forum

cmf.ch

0

The website security assessment reveals a concerning overall security posture, particularly in key areas such as security headers, GDPR compliance, and SSL/TLS configurations. No critical vulnerabilities were found, but multiple high and medium severity issues expose the business to risks including data breaches, regulatory non-compliance, and reputational damage. The absence of important HTTP security headers like Strict-Transport-Security and Content-Security-Policy increases susceptibility to man-in-the-middle attacks and cross-site scripting. GDPR-related deficiencies, including missing privacy and cookie policies and lack of user consent mechanisms, present significant legal and compliance risks. SSL/TLS weaknesses, including weak key lengths and soon-to-expire certificates, threaten the integrity and confidentiality of data in transit. While network security and DNS health scores are relatively strong, gaps in email security and incident response readiness further elevate risk. Immediate remediation efforts should focus on closing these gaps to safeguard customer trust and ensure regulatory adherence.

The website’s overall security posture is stable with no critical or high-risk issues detected. Key areas such as SSL/TLS and network security are strong, scoring 100/100, indicating robust encryption and network defenses. However, there are medium-level concerns primarily around missing security headers, incomplete GDPR and NIS2 compliance checks, and email security gaps such as the absence of DKIM records. DNS health is adequate but could be strengthened by enabling DNSSEC and configuring CAA records. These medium-level issues present moderate risk, potentially exposing the business to regulatory non-compliance, email spoofing, and DNS-related attacks. Addressing these will improve security resilience and reduce potential reputational and operational impacts. Overall, the organization is well-positioned but should prioritize compliance and email authentication improvements to mitigate medium-risk vulnerabilities.

S

Sii Polska

sii.pl

0

The website’s overall security posture reveals significant deficiencies in privacy compliance and foundational security policies, particularly relating to GDPR and NIS2 regulations. Critical risks stem from the lack of essential privacy policies and consent mechanisms, exposing the business to regulatory penalties and reputational damage in the EU market. Security headers and SSL/TLS configurations are suboptimal, increasing vulnerability to common web attacks and data interception. The absence of an information security framework, incident response procedures, and business continuity plans indicates immature organizational security governance. While network security and email security are strong, critical gaps in policy documentation and vulnerability management undermine resilience. Immediate remediation is necessary to align with legal requirements and strengthen defense-in-depth strategies. Addressing these areas will reduce compliance risks and protect customer trust. Failure to act promptly could lead to data breaches, legal consequences, and operational disruptions.

T

Temmes Management Services

temmes.com

0

The website demonstrates a moderate security posture with no critical issues identified, but it has several high and medium priority vulnerabilities that could expose the business to significant risks. Major gaps exist in security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements, indicating weaknesses in both technical controls and governance. Missing key headers like Content-Security-Policy and X-Frame-Options increase the risk of cross-site scripting and clickjacking attacks. GDPR deficiencies, including lack of a cookie consent banner and incomplete privacy policies, may result in regulatory penalties and reputational damage. The absence of documented security policies, incident response procedures, and vulnerability disclosure mechanisms under NIS2 requirements exposes the organization to operational and compliance risks. SSL/TLS configurations need timely renewal and enabling HSTS for improved transport security. Although network security and email security scores are relatively strong, improvements in DNS security and email authentication mechanisms are advisable. Overall, addressing these issues will improve the website's defense posture, compliance standing, and trustworthiness with customers and regulators.

The website demonstrates a generally solid security posture with no critical or high severity issues detected. Core protections like SSL/TLS and network security are robust, scoring 100/100, ensuring encrypted communication and solid perimeter defenses. However, medium-level gaps in security headers, GDPR and NIS2 compliance, email authentication, and DNS security indicate areas needing improvement to mitigate risks such as data breaches, regulatory penalties, and phishing attacks. The absence of DKIM and DNSSEC reduces trustworthiness of email communications and DNS resolution, potentially exposing the business to spoofing and man-in-the-middle threats. GDPR and NIS2 compliance failures suggest potential legal and operational vulnerabilities, especially for organizations operating within or interacting with the EU. Addressing these medium issues will enhance overall resilience and regulatory alignment. Low-level issues like complex SPF and missing CAA records should be resolved to further harden the environment. Overall, the site is secure but requires focused remediation to close moderate gaps and ensure regulatory compliance.

E

Edeis

edeis.com

0

The website demonstrates a mixed security posture with no critical issues but several high and medium severity findings that pose significant business risks. Notably, GDPR compliance is poor, with no privacy or cookie policies and missing consent mechanisms, risking regulatory penalties and reputational damage. The absence of an established information security framework, incident response, and security policies under NIS2 requirements indicates a lack of organizational readiness to handle cybersecurity threats. Security headers are inadequately configured, increasing exposure to web-based attacks. Although email security and network security show strong scores, expiring SSL certificates and missing DNSSEC undermine trust and data integrity. Immediate attention is needed to address compliance gaps and foundational security controls to safeguard customer data and business continuity. Proactive remediation will reduce liability and enhance stakeholder confidence in the company’s cybersecurity commitment.

R

Roshan

roshan.af

0

The website demonstrates a moderate security posture with no critical vulnerabilities detected; however, multiple high and medium severity issues significantly increase its risk profile. Key deficiencies include missing essential security headers, absence of GDPR compliance mechanisms such as privacy and cookie policies, and lack of comprehensive information security governance aligned with NIS2 directives. These gaps expose the business to legal, reputational, and operational risks, including potential data breaches and regulatory penalties. While email security and underlying SSL/TLS configurations are relatively strong, foundational controls like HSTS and DNSSEC are not fully implemented. The presence of an exposed SSH service further amplifies attack surfaces if not properly managed. Immediate attention to governance policies, regulatory compliance, and core web security headers is critical to safeguard customer trust and ensure business continuity. Overall, the assessment underscores a need for a holistic security strategy integrating technical controls and policy frameworks.

S

SAFINCO

safinco.com

0

The website's overall security posture reveals significant gaps, particularly in governance, privacy compliance, and essential security headers, exposing the business to regulatory risks and potential cyber threats. While there are no critical vulnerabilities, the presence of 11 high and 9 medium severity issues highlights urgent areas for remediation. Notably, missing privacy policies and consent mechanisms put the organization at risk of GDPR non-compliance, which could lead to costly fines and reputational damage. The absence of a formal information security framework, incident response procedures, and security policies under NIS2 requirements further exposes the business to operational disruptions and regulatory scrutiny. Security headers are inadequately configured, increasing exposure to web-based attacks like clickjacking and cross-site scripting. Additionally, the exposure of an FTP service represents a high-risk attack vector that could enable unauthorized access or data leakage. Overall, this assessment underscores the need for immediate governance improvements, privacy compliance actions, and technical hardening to safeguard the business and its customers.

The website exhibits a severely deficient security posture, with critical vulnerabilities that expose it to significant risk, including the absence of HTTPS encryption, which compromises data confidentiality and trust. Multiple missing security headers weaken defenses against common web attacks such as clickjacking, cross-site scripting, and content sniffing. GDPR compliance is notably lacking due to the absence of a privacy policy, cookie consent mechanisms, and transparent third-party data handling, exposing the business to regulatory penalties. The NIS2-related findings reveal a lack of foundational security governance, including no information security framework, incident response plans, or business continuity strategies, which jeopardizes operational resilience. While email and DNS security show moderate maturity, critical network security risks remain, such as the exposure of high-risk services like FTP. The cumulative effect of these issues poses significant risks to data integrity, customer trust, regulatory compliance, and business continuity. Immediate remediation is essential to mitigate potential breaches, legal consequences, and reputational damage.

The website's security posture is currently weak with multiple critical and high-severity issues that expose the business to significant risks. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and compliance with GDPR and NIS2 regulations. Missing key security headers such as Strict-Transport-Security and Content-Security-Policy leave the site vulnerable to man-in-the-middle attacks and content injection. GDPR compliance is poor, lacking basic cookie policies and consent mechanisms, which can lead to legal penalties and reputational damage. The lack of a formal information security framework, incident response procedures, and security policies indicates immature security governance. While network security and DNS health show some strengths, critical gaps in email security and vulnerability management remain. Overall, immediate remediation is required to protect customer data, ensure regulatory compliance, and maintain stakeholder trust. Failure to act promptly could result in data breaches, legal consequences, and loss of business credibility.

A

AntCo

antco.com

0

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation. There are multiple critical and high-severity issues related to missing essential security headers and inadequate GDPR compliance, including the absence of a privacy policy and cookie consent, which pose legal and reputational risks. The failure to implement key NIS2 directives such as security frameworks, incident response, and business continuity planning further exposes the business to regulatory non-compliance and operational vulnerabilities. While email and network security are strong, foundational web security controls and DNS health require urgent improvement. The lack of HTTPS also negatively affects SSL/TLS and overall trustworthiness in browsers and search rankings. Immediate remediation is essential to safeguard sensitive data, maintain customer trust, and meet regulatory requirements. Without prompt action, the business risks data breaches, legal penalties, and significant damage to its brand reputation.

C

Colibri

cmf.mc

0

The website's overall security posture reveals significant gaps, particularly in compliance, email security, and foundational security policies. Critical and high-severity issues, such as the absence of email authentication and missing key security headers, expose the business to increased risk of data breaches, phishing, and regulatory penalties. GDPR compliance is notably weak, lacking essential elements like a cookie policy and consent mechanisms, which could lead to legal ramifications and loss of customer trust. The NIS2 framework-related deficiencies highlight an immature security governance structure, increasing vulnerability to cyber incidents and impacting business resilience. While network security and DNS health show relative strength, critical SSL/TLS issues such as a self-signed certificate undermine secure communications. Immediate remediation of these vulnerabilities is crucial to protect sensitive data, meet regulatory requirements, and maintain customer confidence. Addressing these issues will also improve the organization's overall risk management and incident response capabilities.

S

Skanska

skanska.com

0

The website's overall security posture is strong in technical controls such as email security, SSL/TLS, and network security, indicating well-implemented foundational cybersecurity measures. However, significant gaps exist in regulatory compliance and governance, particularly around GDPR and NIS2 requirements, placing the business at risk of legal penalties and reputational damage. The absence of a privacy policy, cookie policy, and consent mechanisms exposes the company to non-compliance with data protection regulations. Additionally, missing information security frameworks, security policies, and incident response procedures highlight a lack of formalized security governance, increasing vulnerability to cyber incidents and reducing incident management effectiveness. Medium severity issues, such as missing security headers and lack of DNSSEC, suggest opportunities for improving technical defenses. Overall, while technical controls are solid, the company must urgently address compliance and governance deficiencies to reduce legal and operational risks. Proactive remediation will enhance customer trust and support long-term business resilience.

This website has 4 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

S

Syselio

syselio.com

0

The website's overall security posture reveals significant gaps, particularly in foundational security controls and regulatory compliance. While no critical vulnerabilities were found, there are multiple high-severity issues related to missing essential HTTP security headers, lack of GDPR compliance elements, and absence of formal security policies, posing considerable risks to data protection and legal adherence. The presence of a high-risk exposed service (RDP) further elevates the threat landscape, increasing the likelihood of unauthorized access. Email security and DNS health are comparatively stronger but still have areas for improvement. SSL/TLS configurations require attention due to expiring certificates and mixed content issues. The lack of incident response and business continuity planning indicates unpreparedness for potential cyber incidents. Overall, these vulnerabilities could lead to data breaches, regulatory penalties, and reputational damage, underscoring the urgent need for remediation and governance enhancements.

The website monacomediax.com currently exhibits a critical security vulnerability due to the lack of HTTPS encryption, exposing all data transmissions to interception and manipulation. Additionally, several medium-level issues related to security headers, GDPR compliance, email security, and DNS configuration pose risks to data privacy and regulatory compliance, indicating an overall weak security posture requiring immediate remediation.

The website http://dotta.mc currently exhibits a high-risk security posture primarily due to the lack of HTTPS encryption and exposure of insecure services, which puts sensitive data and business operations at significant risk. Several medium and high severity issues related to compliance (GDPR, NIS2), email security, and DNS configuration further increase the attack surface and regulatory exposure. Immediate remediation is essential to protect customer trust, meet compliance obligations, and safeguard business continuity.