Security Directory

The website's overall security posture is critically weak, with multiple severe vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Notably, the absence of HTTPS encryption is a critical issue affecting confidentiality and trust. The lack of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy further increases susceptibility to web-based attacks. Compliance with GDPR and NIS2 frameworks is severely lacking, with missing privacy policies, cookie consent mechanisms, and no documented security or incident response procedures. DNS and network configurations also present vulnerabilities, such as missing name servers and exposed services. While email security is relatively strong, the overall risk profile is dominated by critical deficiencies in encryption, policy, and governance. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business reputation.

M

Medicis Consult

medicis-consult.com

0

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is a fundamental vulnerability, affecting confidentiality, integrity, and trust with users and partners. Missing critical security headers, such as Strict-Transport-Security and Content-Security-Policy, leaves the site vulnerable to common web attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including a privacy policy and cookie consent, poses legal and reputational risks. Furthermore, the absence of an information security framework, incident response procedures, and security policy documentation suggests immature security governance. Exposure of high-risk services like FTP and insufficient DNS security controls further increase the attack surface. While email security scores relatively well, the overall environment requires urgent remediation to protect business assets, customer data, and maintain regulatory compliance. Immediate action is needed to mitigate these critical vulnerabilities and establish a robust security foundation.

I

Indosuez Wealth Management

ca-indosuez.fr

0

The website's overall security posture is critically weak and exposes the business to significant risks, particularly regarding data protection and regulatory compliance. The absence of HTTPS encryption is a critical vulnerability affecting GDPR, NIS2, and SSL/TLS compliance, jeopardizing user data confidentiality and trust. Key security headers are missing or poorly configured, increasing exposure to web-based attacks such as clickjacking and cross-site scripting. The lack of a cookie policy and consent mechanisms indicates non-compliance with GDPR, which could lead to legal penalties and reputational damage. Furthermore, the absence of essential NIS2 security policies, such as incident response and security documentation, suggests insufficient organizational security governance. DNS and email security configurations reveal gaps that could enable phishing or spoofing attacks. While network security posture is good, the overall lack of fundamental protections necessitates urgent remediation to safeguard the business and meet regulatory requirements.

M

MonacoTech

monacotech.mc

0

The website's overall security posture is currently inadequate, exposing the business to significant legal, reputational, and operational risks. Critical deficiencies include the complete lack of HTTPS encryption, which undermines data confidentiality and user trust. Compliance with GDPR and NIS2 regulations is severely lacking, notably with no privacy policy, cookie consent mechanisms, or security incident response procedures in place. The presence of high-risk services like FTP further increases the attack surface. While some security headers and email security configurations are reasonably implemented, foundational elements such as an information security framework and vulnerability disclosure policies are missing. These gaps could lead to data breaches, regulatory fines, and loss of customer confidence. Immediate remediation is essential to mitigate these risks and establish a secure, compliant environment. Without urgent action, the business may face substantial financial and reputational damage.

R

Rosengart

rosengart.mc

0

The website's security posture is currently poor, with multiple critical and high-severity issues posing significant risks to data confidentiality, integrity, and regulatory compliance. Most notably, the absence of HTTPS encryption critically exposes user data to interception and undermines trust. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, content injection, and cross-site scripting. The lack of GDPR compliance elements such as a privacy policy, cookie policy, and consent mechanisms exposes the business to legal penalties and reputational damage. Additionally, the absence of NIS2-related security frameworks, policies, and incident response plans indicates inadequate preparedness against cyber threats and regulatory requirements. While network security posture and DNS health show relative strength, other foundational security controls need urgent implementation. Overall, immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity and trust.

A

Attention Required! | Cloudflare

clubmonaco.com

0

The website exhibits a severely deficient security posture with multiple critical vulnerabilities that expose the business to significant risks. Notably, the absence of HTTPS encryption is a critical flaw, undermining data confidentiality and integrity, and violating both GDPR and NIS2 regulatory requirements. The lack of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy increases susceptibility to common web-based attacks, including MITM and XSS. GDPR compliance is severely lacking, with no privacy policy, cookie policy, or consent mechanism, which can result in substantial legal penalties and reputational damage. Organizational security maturity is low, reflected in missing incident response, security policies, and vulnerability disclosure processes, hampering effective risk management. Email security configurations are incomplete, risking phishing and spoofing attacks. While DNS and network security postures are relatively better, the overall security gaps present immediate and long-term business threats. Immediate remediation and adoption of a comprehensive security framework are critical to protect the business, comply with regulations, and maintain customer trust.

The website's overall security posture is severely deficient, with multiple critical vulnerabilities that expose the business to significant risks including data breaches, non-compliance penalties, and reputational damage. The absence of HTTPS encryption is a glaring issue impacting confidentiality and user trust. Key security headers are missing, increasing susceptibility to web-based attacks such as XSS and clickjacking. The lack of GDPR compliance elements like privacy policies and consent mechanisms exposes the company to regulatory fines and legal challenges. Additionally, there is no formal information security framework or incident response plan, which hinders the ability to manage and recover from security incidents effectively. While network security and some email/dns security aspects are relatively strong, they do not compensate for the critical gaps in web application security and regulatory adherence. Immediate remediation is necessary to protect customer data, maintain compliance, and uphold brand integrity. Without prompt action, the business faces escalating operational and legal risks.

F

Finaxy Group

finaxygroup.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and data integrity, impacting GDPR and NIS2 compliance. Key security headers are either missing or misconfigured, increasing the risk of cross-site scripting (XSS), clickjacking, and content injection attacks. The lack of privacy and cookie policies along with missing consent mechanisms exposes the company to legal penalties under data protection regulations. Furthermore, insufficient information security governance, including missing incident response and business continuity plans, indicates poor preparedness against cyber threats. While network security and email security show strengths, they are overshadowed by critical gaps in web security and compliance. Immediate remediation is required to protect sensitive customer data, maintain trust, and meet regulatory requirements. Without urgent action, the business is vulnerable to legal actions, data loss, and operational disruptions.

P

PrivateCompany

privatecompany.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption across the site is a critical vulnerability that undermines all data confidentiality and integrity, while missing essential security headers increases susceptibility to common web attacks like clickjacking, cross-site scripting, and content injection. Compliance gaps with GDPR and NIS2 regulations, such as lack of privacy policies, cookie consent mechanisms, and security documentation, further expose the organization to legal penalties and operational disruptions. Email authentication deficiencies heighten the risk of phishing and email spoofing, threatening customer trust and business communications. Although DNS security and network posture are relatively strong, these cannot compensate for the glaring deficiencies in core website security controls. Immediate remediation is necessary to safeguard sensitive user data, meet regulatory requirements, and maintain business continuity. Without addressing these critical issues, the organization faces heightened cyber risk and potential financial and reputational losses. A strategic, prioritized approach to security enhancements is imperative to restore trust and protect business assets.

F

FLOORENOV

floorenov.com

0

The website's overall security posture is currently poor, with critical weaknesses severely exposing the business to data breaches, regulatory violations, and operational risks. The absence of HTTPS encryption is a fundamental and critical flaw, undermining all data confidentiality and integrity and violating GDPR and NIS2 compliance requirements. Key security headers like Content-Security-Policy and X-Frame-Options are missing, increasing susceptibility to XSS and clickjacking attacks. GDPR compliance is notably deficient, lacking privacy and cookie policies as well as consent mechanisms, which risks significant legal penalties and reputational damage. The lack of an established information security framework, incident response, and business continuity plans further increases organizational risk exposure. Email authentication is critically weak, opening the door to phishing and spoofing threats. While network security and DNS configurations show strengths, they cannot compensate for core HTTPS and policy deficiencies. Immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity and trust.

O

OceanaGold

oceanagold.com

0

The website's overall security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all site visitors and transactions. Key security headers are either missing or weakly configured, increasing susceptibility to attacks such as clickjacking, cross-site scripting (XSS), and content injection. Compliance with GDPR and NIS2 regulations is notably lacking, particularly concerning cookie policies, consent mechanisms, and documented security frameworks, putting the business at risk of legal consequences. While the network security and DNS health are relatively strong, email security shows room for improvement, especially with DMARC enforcement. Immediate action is required to remediate critical and high-severity issues to protect customer data, maintain trust, and ensure regulatory compliance. Without prompt remediation, the organization faces heightened risks of cyber incidents and potential operational disruption.

The website's overall security posture is critically weak, with multiple high and critical severity issues identified, particularly the absence of HTTPS encryption, which exposes all data in transit to interception and undermines user trust. Key security headers are missing, increasing vulnerability to clickjacking, cross-site scripting, and content injection attacks. GDPR compliance is severely lacking, with missing privacy and cookie policies and no consent mechanisms, posing significant legal and reputational risks. The absence of an information security framework, incident response procedures, and security documentation further heighten operational risks and regulatory non-compliance. While email and network security show relatively better scores, critical gaps in core web security controls and encryption overshadow these strengths. Immediate remediation is essential to protect sensitive data, maintain customer trust, and comply with regulatory requirements. Without urgent action, the business risks data breaches, legal penalties, and damage to brand reputation. Prioritizing HTTPS implementation and policy documentation will deliver the highest impact on security and compliance posture.

The website exhibits a severely deficient security posture, particularly in critical areas such as encryption, data privacy compliance, and incident preparedness. The absence of HTTPS encryption poses an immediate and significant risk, exposing sensitive user data to interception and undermining customer trust. Critical GDPR compliance gaps—including missing privacy and cookie policies and lack of consent mechanisms—expose the business to regulatory penalties and reputational damage. Additionally, the lack of a formal information security framework and incident response procedures under NIS2 requirements indicates unpreparedness for cyber incidents, increasing operational risk. While network security and email security show moderate strength, key improvements are needed to align with industry standards and legal mandates. Overall, urgent remediation is required to protect customer data, comply with regulations, and safeguard business continuity. Immediate focus on encryption and privacy policies will significantly reduce risk and enhance stakeholder confidence.

N

NOVAX®PHARMA

novaxpharma.com

0

The website's overall security posture is poor, with critical vulnerabilities exposing it to significant risks including data interception, regulatory non-compliance, and potential breaches. The absence of HTTPS encryption is a critical failure that undermines all data confidentiality and integrity, making user data vulnerable to interception and tampering. Missing essential security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options increase the risk of web-based attacks like clickjacking, cross-site scripting, and content injection. Compliance with GDPR and NIS2 regulations is severely lacking, with missing privacy policies, cookie consent mechanisms, and documented security procedures, exposing the organization to potential legal penalties and reputational damage. The presence of high-risk exposed services like FTP further elevates the risk profile by offering attackers easy entry points. While email security scores well, other core security domains require urgent remediation. Immediate focus is needed on encryption, policy documentation, and service hardening to protect business operations and customer trust.

The website's security posture is currently poor, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical vulnerabilities such as the absence of HTTPS encryption and missing core security headers leave user data and communications unprotected. The lack of privacy policies and cookie consent mechanisms violates GDPR requirements, increasing legal exposure. Additionally, key information security controls and incident response procedures are missing, indicating immature cybersecurity governance. Exposure of high-risk services like FTP further increases attack surface and potential compromise. While email security and DNS health show some strengths, these are overshadowed by critical gaps in encryption and compliance. Immediate remediation is essential to safeguard customer trust, comply with regulations, and protect business continuity. Without urgent action, the organization risks severe financial and operational consequences from cyber incidents or regulatory penalties.

M

Michael Jensen

communicate-network-consult.net

0

The website's overall security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant cybersecurity risks and regulatory non-compliance. The absence of HTTPS encryption is a critical vulnerability that jeopardizes data confidentiality and undermines customer trust, directly impacting business reputation and compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking and cross-site scripting. There is a complete lack of fundamental privacy and security policies, including GDPR-mandated cookie and privacy policies, which could lead to legal penalties and loss of customer confidence. Exposure of critical services like MySQL and FTP without proper protections presents a high risk of data breaches. DNS and network configurations are suboptimal, with DNSSEC not enabled and insecure services exposed. Although email security is strong, the absence of incident response and business continuity plans leaves the organization vulnerable to prolonged downtime during security incidents. Immediate remediation is critical to protect both business operations and customer data integrity.

K

KONE Corporation

kone.com

0

The website's current security posture presents significant risks that could severely impact the business's reputation, compliance status, and operational integrity. Critical vulnerabilities such as the absence of HTTPS encryption expose user data to interception and undermine trust. High-severity gaps in GDPR compliance, including the lack of privacy and cookie policies and no cookie consent mechanism, put the organization at risk of regulatory penalties and legal challenges. Key NIS2-related deficiencies, such as missing information security frameworks, incident response plans, and security policy documentation, indicate a lack of maturity in cybersecurity governance. Although email and network security scores are strong, the overall security hygiene is compromised by missing critical security headers and DNS protections. Immediate remediation is necessary to safeguard customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will not only mitigate risks but also enhance customer confidence and reduce potential financial liabilities.

J

Just a moment...

3dconnexion.com

0

The website's overall security posture is currently weak, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory fines, and reputational damage. Most notably, the absence of HTTPS encryption is a severe flaw, undermining all data transmissions and violating GDPR and NIS2 compliance requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing the risk of man-in-the-middle attacks and cross-site scripting. GDPR compliance is poor due to missing privacy and cookie policies and the lack of a consent banner, risking legal penalties. The organization also lacks fundamental information security frameworks, policies, and incident response procedures, indicating immature security governance. However, email security and network security show relatively strong postures, which is a positive foundation to build upon. Immediate remediation is critical to prevent exploitation and align with regulatory mandates. Investing in HTTPS encryption and comprehensive security policies will deliver the highest immediate business value by reducing risk and improving customer trust.

K

KeeSystem

keesystem.com

0

The website's overall security posture is critically weak, exposing it to significant risks including data breaches, regulatory penalties, and service disruptions. The absence of HTTPS encryption is a fundamental flaw, compromising data confidentiality and user trust. Key security headers are missing or misconfigured, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking legal consequences and reputational damage. Network security is inadequate with critical services like MySQL and FTP exposed publicly, heightening the risk of unauthorized access. Incident response and information security frameworks are either absent or insufficient, limiting the organization’s ability to detect and respond to threats. Email security measures such as DMARC and DKIM are partially implemented but need strengthening to prevent phishing and spoofing. Immediate remediation is essential to safeguard business operations, comply with regulations, and maintain customer trust.

The website's security posture is currently weak and exposes the business to significant risks, primarily due to the lack of HTTPS encryption and critical security headers. Absence of HTTPS not only undermines data confidentiality and integrity but also violates GDPR and NIS2 compliance requirements, risking legal penalties and loss of customer trust. Key security controls such as Content-Security-Policy and X-Frame-Options headers are missing, increasing vulnerability to cross-site scripting and clickjacking attacks. The website also lacks essential GDPR compliance elements including a cookie policy and consent mechanisms, exposing the business to regulatory fines. Incident response, information security frameworks, and security policy documentation are absent, which can hamper timely detection and mitigation of security incidents. While email security and network security have relatively strong scores, foundational web security and compliance gaps are critical and require immediate attention. Improving these areas will protect customer data, enhance trust, and reduce potential financial and reputational damage.

R

RMConsulting

rmconsulting.be

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Most notably, the absence of HTTPS encryption is a severe vulnerability affecting data confidentiality and integrity, violating GDPR and NIS2 compliance requirements. Key security headers are missing, increasing the risk of cross-site scripting (XSS) and clickjacking attacks. The lack of security policies, incident response plans, and business continuity strategies demonstrates immature cybersecurity governance. GDPR compliance is insufficient, notably missing a cookie consent banner and proper privacy documentation, which could lead to legal penalties. Exposed high-risk services like FTP increase the attack surface. While email security and DNS health are relatively strong, they do not compensate for foundational weaknesses. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and meet regulatory obligations.

B

Bentley Systems

legion.com

0

The website's security posture is currently weak and exposes the business to significant risks, notably due to lack of HTTPS encryption, absence of key GDPR compliance elements, and deficient information security governance. Critical vulnerabilities, including no HTTPS, missing privacy and cookie policies, and absence of incident response procedures, pose threats to data confidentiality, regulatory compliance, and customer trust. While network security and email security configurations are strong, foundational protections such as security headers and DNS configurations require improvement. The lack of GDPR-related policies and consent mechanisms increases legal and reputational risks, particularly in data privacy jurisdictions. Additionally, missing security framework documentation and vulnerability disclosure policies hinder the organization’s ability to manage and respond to cyber incidents effectively. Overall, urgent remediation is needed to protect sensitive information, meet compliance obligations, and safeguard business continuity. Immediate attention to encryption, policy development, and security controls will significantly reduce risk exposure.

S

Stéphane-Alexandre Dani

art-dani.com

0

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputation damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all data confidentiality and integrity guarantees. Key security headers like Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options are missing, increasing the risk of web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements including Privacy Policy, Cookie Policy, and consent mechanisms places the company at risk for legal penalties and customer trust erosion. Additionally, the absence of foundational NIS2 security governance documents such as incident response and security policies further weakens organizational readiness against cyber threats. While network security and DNS health show relatively strong posture, critical gaps in SSL/TLS and email security remain. Immediate action is required to remediate these high and critical issues to protect customer data, comply with regulations, and maintain business continuity.

F

FITT

interplast.mc

0

The website's security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Notably, the absence of HTTPS encryption is a critical vulnerability that jeopardizes all data in transit and severely undermines user trust. Key security headers are largely missing, increasing the risk of cross-site scripting, clickjacking, and content injection attacks. Additionally, the lack of GDPR compliance elements such as privacy policies and cookie consent exposes the business to potential legal penalties. The absence of a formal information security framework, incident response procedures, and security policies indicates immature security governance. Email security mechanisms like DMARC and DKIM are weak or missing, raising the risk of phishing and email spoofing. While DNS and network security show some strengths, critical gaps remain, such as the exposure of SSH services. Immediate remediation is required to protect sensitive data, comply with regulations, and maintain customer trust.

I

InfraOpS

infraops.fr

0

The website's security posture is critically weak, exposing the business to significant risk both technically and legally. The absence of HTTPS encryption and critical security headers like Strict-Transport-Security and Content-Security-Policy leaves user data vulnerable to interception and attacks such as man-in-the-middle and clickjacking. Moreover, the lack of GDPR compliance measures including privacy and cookie policies, as well as consent mechanisms, exposes the business to regulatory penalties, especially given the EU presence. The missing NIS2 security framework and incident response plans indicate inadequate preparedness for cyber incidents, increasing downtime and reputational damage risks. Email security weaknesses, such as missing DMARC and DKIM records, heighten the risk of email spoofing and phishing attacks targeting customers and partners. DNS health is moderate but could be improved with DNSSEC to prevent DNS attacks. Although network security posture is strong, this does not compensate for the critical gaps in web security and compliance. Immediate remediation is essential to protect customer trust, ensure regulatory compliance, and safeguard business continuity.

The website exhibits a severely compromised security posture with multiple critical vulnerabilities that expose it to significant risks, including data breaches, service disruption, and regulatory penalties. The absence of HTTPS encryption is a critical flaw impacting data confidentiality and user trust. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, MIME sniffing, and cross-site scripting. Compliance gaps with GDPR and NIS2 frameworks pose legal and operational risks, especially due to missing privacy policies and incident response procedures. Exposure of critical backend services like MySQL and PostgreSQL to the internet further elevates the risk of unauthorized access and data theft. Although email security and DNS health show relatively better scores, these strengths are overshadowed by critical network and application layer weaknesses. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and avoid regulatory sanctions. Overall, urgent investment in security infrastructure and governance is required to stabilize the environment and reduce business risk.

E

Eurimpex MDD

eurimpexmdd.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting data confidentiality and integrity, highlighted as a critical issue across multiple frameworks (GDPR, NIS2, SSL/TLS). Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing the risk of cross-site scripting and clickjacking attacks. There is a complete lack of privacy and cookie policies, which not only undermines user trust but also violates GDPR requirements, potentially resulting in heavy fines. The security governance framework is also deficient, with no documented incident response, security policies, or vulnerability disclosure processes, leaving the business ill-prepared for cyber incidents. Email security is partially implemented but lacks essential authentication mechanisms, increasing the risk of phishing and spoofing. DNS and network security are relatively stronger areas but cannot compensate for the critical gaps elsewhere. Immediate remediation is required to protect customer data, ensure compliance, and safeguard business continuity.

4

403 Forbidden

carredor-monaco.com

0

The website's current security posture is critically weak, exposing the business to significant operational, compliance, and reputational risks. The absence of HTTPS encryption is a critical vulnerability affecting data confidentiality and trust, violating GDPR and NIS2 mandates. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, XSS, and content injection. The lack of privacy and cookie policies, along with missing consent mechanisms, puts the business at risk of regulatory penalties under data protection laws. There is no formal information security framework, incident response, or business continuity planning, which impairs the organization's ability to effectively manage and recover from cyber incidents. While network security and email security show some strengths, the overall environment lacks foundational protections. Immediate remediation is needed to secure communications, comply with legal requirements, and establish governance around cybersecurity. Failure to address these issues promptly could lead to data breaches, legal fines, loss of customer trust, and business disruption.

A

AFRY

afconsult.com

0

The website's overall security posture is currently inadequate, exposing the business to significant risks related to data protection, regulatory compliance, and potential cyberattacks. The absence of HTTPS encryption is a critical vulnerability that compromises data confidentiality and integrity, severely undermining user trust and legal compliance, especially under GDPR and NIS2 frameworks. Key regulatory compliance gaps include missing privacy and cookie policies and the lack of a cookie consent mechanism, which can lead to legal penalties and reputational damage. Security governance is weak, with no documented information security or incident response policies, indicating poor preparedness for cyber incidents. While some foundational network security controls are in place, critical header configurations and missing Content-Security-Policy headers leave the website susceptible to common web attacks. DNS health is moderately good but can be improved by enabling DNSSEC to prevent DNS spoofing. Email security measures are strong, indicating some security awareness. Immediate remediation is essential to protect customer data, maintain trust, and comply with regulatory mandates.

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Key deficiencies include the absence of HTTPS encryption, missing essential security headers, and exposed critical network services such as MySQL, FTP, and RDP, which are prime targets for attackers. GDPR compliance is severely lacking due to missing privacy and cookie policies, as well as the absence of a cookie consent mechanism, risking legal penalties and reputational damage. The lack of a formal information security framework, incident response plans, and business continuity procedures further exacerbates vulnerability to cyber incidents and operational outages. While email security and DNS health show relatively better scores, critical gaps in SSL/TLS and network security overshadow these strengths. Immediate remediation is imperative to safeguard sensitive data, ensure compliance with regulations like GDPR and NIS2, and maintain customer trust. Without urgent action, the business faces increased likelihood of cyberattacks, regulatory fines, and erosion of stakeholder confidence.

B

Best Western Plus Casino Royale Hotel

casinoroyalehotel.com

0

The website's overall security posture is critically weak, with multiple high and critical severity issues posing significant risks to business operations and compliance. The absence of HTTPS encryption represents an immediate threat to data confidentiality and integrity, undermining user trust and exposing sensitive information to interception. Key security headers are missing, leaving the site vulnerable to common web attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. GDPR compliance is severely lacking, increasing regulatory and legal risks due to missing cookie policies, consent mechanisms, and privacy safeguards. The lack of an established information security framework, incident response procedures, and business continuity plans further exacerbates operational risks under the NIS2 directive. While network security and email security show some strengths, critical gaps in SSL/TLS implementation and DNS security reduce overall trustworthiness. Urgent remediation is required to protect user data, ensure regulatory compliance, and maintain business continuity in the face of evolving cyber threats.

E

Engeco Engenharia e Construção LTDA

engeco.com.br

0

The website's overall security posture is critically weak, with multiple high and critical severity issues spanning encryption, compliance, and network exposure. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a fundamental risk. Key security headers that protect against common web attacks are missing, increasing vulnerability to clickjacking, MIME sniffing, and cross-site scripting. Compliance deficiencies, particularly with GDPR and NIS2 regulations, pose significant legal and reputational risks due to missing privacy policies, cookie consent, and documented security policies. Network services such as FTP and MySQL are exposed without adequate controls, presenting easy attack vectors for unauthorized access. While email security and DNS health show relatively better scores, critical gaps in vulnerability disclosure, incident response, and business continuity planning further weaken organizational resilience. Immediate attention is required to establish a secure baseline, ensure regulatory compliance, and protect customer data to maintain trust and avoid costly breaches.

F

Fastway Global Ltd

fastway.org

0

The website's overall security posture is critically weak, with multiple serious vulnerabilities exposing the business to significant risks, including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is the most severe issue, exposing communications to interception and violating GDPR and NIS2 regulations. Critical security headers are missing, increasing susceptibility to various web attacks such as clickjacking, XSS, and content injection. The lack of GDPR compliance elements, including cookie policies and consent mechanisms, presents a high legal and reputational risk. Network security is compromised by exposing high-risk services like FTP and SSH without adequate controls. Additionally, the absence of documented information security frameworks, incident response, and business continuity plans reflects poor organizational preparedness. While email and DNS configurations show moderate strength, they are insufficient to compensate for the critical gaps. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity.

N

Namebay

namebay.com

0

The website's security posture is currently inadequate, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Additionally, missing GDPR compliance elements such as privacy and cookie policies, along with a lack of consent mechanisms, expose the business to legal penalties and customer trust erosion. Security governance is weak, with no documented incident response, security policies, or vulnerability disclosure processes, increasing the risk of unmanaged security incidents. Security headers are partially implemented but lack essential protections against common web attacks. Network-level controls are strong, but this does not offset the critical application-layer and compliance deficiencies. Immediate remediation is required to safeguard customer data and meet regulatory requirements. Without prompt action, the business faces heightened operational and legal risks.

P

perseusmirrors.com

perseusmirrors.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe vulnerability, compromising all data transmission and violating GDPR and NIS2 requirements. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and data leakage. The lack of GDPR compliance elements like privacy and cookie policies, as well as consent mechanisms, further exposes the company to legal penalties. Email security is insufficient due to missing SPF, DKIM, and overall email authentication, heightening the risk of phishing and spoofing attacks. Organizational security governance is inadequate, with no documented security or incident response policies, which undermines preparedness for cybersecurity incidents. DNS and network security show relatively better maturity but are insufficient to mitigate the critical gaps elsewhere. Immediate remediation is required to protect sensitive data, ensure regulatory compliance, and safeguard customer trust.

The website's overall security posture is critically weak, with multiple critical and high-severity issues identified. Most notably, the absence of HTTPS encryption exposes all data transfers to interception and manipulation, severely undermining user trust and regulatory compliance. The lack of essential security headers and privacy policies increases vulnerability to attacks such as clickjacking, cross-site scripting, and data leakage. Compliance with GDPR and NIS2 is significantly deficient, risking substantial legal and financial penalties. While email and network security aspects show relative strength, foundational security controls are missing or poorly implemented. This leaves the organization exposed to cyber threats, reputational damage, and operational disruption. Immediate remediation is vital to protect customer data, maintain business continuity, and meet regulatory requirements. Without rapid improvements, the business faces increased risk from cyber incidents and compliance failures.

I

Icon Connect

iconconnect.com

0

The website's overall security posture is critically weak, with significant gaps in foundational security controls and compliance requirements. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining user trust. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. Compliance with GDPR is poor, lacking a cookie policy, consent mechanisms, and sufficient privacy disclosures, exposing the business to regulatory penalties. The NIS2 directive requirements are largely unmet, with no documented security frameworks, incident response plans, or business continuity strategies. While email security and network posture are relatively strong, these do not compensate for the critical web and compliance deficiencies. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain customer confidence. Without urgent action, the business faces heightened cyber risk, legal exposure, and reputational damage.

M

Monaco Mediax

tvfestival.com

0

The website’s security posture is currently poor, with multiple critical and high-risk vulnerabilities that expose the business to significant cyber threats and compliance violations. The absence of HTTPS encryption is a critical and immediate risk, compromising data confidentiality and integrity, and violating GDPR and NIS2 regulatory requirements. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of privacy and cookie policies, as well as the absence of a cookie consent banner, places the business at risk of GDPR non-compliance and potential legal penalties. Additionally, the organization has not implemented essential information security frameworks, policies, or incident response procedures, weakening its ability to manage and recover from security incidents. Although email security and network security postures are relatively strong, gaps in DNS security and policy documentation remain. Immediate remediation is necessary to protect customer data, maintain trust, and comply with regulatory mandates, thereby safeguarding the business’s reputation and operational continuity.

F

Fabi AS

fabi.no

0

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk. The absence of HTTPS encryption is a critical failure, undermining data confidentiality and user trust, and violating key regulatory requirements such as GDPR and NIS2. There is a lack of foundational security policies and procedures, including incident response, security framework, and vulnerability disclosure, which impairs the organization's ability to detect and respond to threats. Privacy compliance is inadequate, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Security headers are poorly implemented, increasing exposure to common web attacks like clickjacking and cross-site scripting. Email security is incomplete, lacking enforcement of DMARC and missing DKIM records, increasing the risk of phishing and domain spoofing. DNS security is moderately strong but can be improved. Network security posture is good, indicating some positive controls in place. Immediate remediation is essential to protect sensitive data, comply with regulations, and maintain customer trust.

H

HP

design4rent.com

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruption. The absence of HTTPS encryption is a critical vulnerability that compromises data confidentiality and integrity, potentially leading to customer trust erosion and legal penalties. Key security headers are missing, increasing susceptibility to common web attacks such as cross-site scripting and clickjacking. The lack of GDPR compliance elements, including privacy policies and cookie consent, presents severe regulatory risks with potential fines. There is no evidence of a security framework, incident response plan, or vulnerability disclosure process, indicating immature security governance. The exposure of high-risk services like FTP further elevates the threat profile. Although email security scores well, foundational network and application security controls require urgent improvement to protect business assets and customer data effectively. Overall, immediate remediation is essential to safeguard both operational continuity and reputation.

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is the most severe vulnerability, risking data interception and undermining customer trust. Missing fundamental security headers further exposes the platform to common web attacks such as clickjacking, cross-site scripting, and content injection. Non-compliance with GDPR, especially lacking cookie policies and consent mechanisms, increases legal and financial liabilities. The exposure of critical services like MySQL and FTP without adequate protections heightens the risk of unauthorized access and data loss. Additionally, the lack of documented security policies, incident response plans, and business continuity strategies indicates poor preparedness for cyber incidents. While email security scores well, network security and governance frameworks are significantly lacking, undermining overall resilience. Immediate remediation is essential to protect business reputation, customer data, and ensure regulatory compliance.

I

International Superyacht Society

superyachtsociety.org

0

The website’s security posture is currently inadequate and exposes the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and integrity of user data, severely undermining trust and violating GDPR and NIS2 requirements. Key security headers that mitigate common web attacks are largely missing, leaving the site vulnerable to clickjacking, content injection, and cross-site scripting exploits. Additionally, the lack of privacy and cookie policies, along with no cookie consent mechanism, poses serious compliance risks with GDPR regulations, potentially leading to legal penalties. The organization also lacks essential security governance components such as incident response procedures, security policies, and business continuity plans, which are vital for operational resilience. While some areas like DNS health and network security show moderate strength, critical gaps in email authentication and SSL/TLS further increase exposure to phishing and man-in-the-middle attacks. Immediate remediation is necessary to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Without swift action, the business risks financial loss, legal consequences, and damage to brand reputation.

The website's security posture is critically insufficient, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting confidentiality and trust. Key security headers that protect against common web attacks are missing, increasing the risk of cross-site scripting and content injection. Compliance with GDPR and NIS2 regulations is lacking, with no privacy policies, cookie consent mechanisms, or incident response procedures documented. Email security and DNS health show moderate maturity but require improvements to prevent spoofing and domain hijacking. Although network security appears strong, it cannot compensate for critical deficiencies in application-layer and regulatory security controls. Immediate remediation is essential to protect customer data, ensure legal compliance, and maintain business continuity.

The website's overall security posture is critically weak, with multiple high and critical severity issues that expose the business to significant data breaches, regulatory non-compliance, and operational risks. The absence of HTTPS encryption is a critical vulnerability that jeopardizes data confidentiality and integrity, directly violating GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to common web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of privacy and cookie policies, along with no cookie consent mechanism, further amplifies compliance risks and potential legal penalties. Organizational security governance is insufficient, with no documented security or incident response policies, which could delay or complicate breach mitigation. Email security and network security are relatively strong, but they cannot compensate for the critical web and compliance vulnerabilities. Immediate remediation is essential to protect customer data, maintain trust, and avoid regulatory fines. Overall, the site requires urgent security improvements and governance enhancements to meet industry best practices and legal mandates.

The website's security posture is currently poor and exposes the business to significant risks, including data breaches, regulatory non-compliance, and operational disruptions. Critical vulnerabilities such as the complete lack of HTTPS encryption and exposure of critical services like MySQL and FTP pose immediate threats to data confidentiality and integrity. Missing key security headers and policies increase the likelihood of web-based attacks such as clickjacking, content injection, and cross-site scripting. Additionally, the absence of GDPR compliance elements like privacy policies and cookie consent can lead to regulatory penalties and damage to brand reputation. The lack of defined information security frameworks, incident response, and business continuity planning further exacerbates the organization's exposure to cyber threats and slows recovery from incidents. Email security and DNS configurations are moderately strong but require improvements to align with best practices. Overall, urgent remediation is required across infrastructure, compliance, and web application security to protect business assets and customer trust.

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, undermining data confidentiality and integrity across all communications. Multiple missing security headers further increase vulnerability to common web attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of GDPR compliance components such as privacy policies, cookie policies, and consent mechanisms exposes the business to legal penalties and erodes customer trust. Additionally, there is no evidence of adherence to the NIS2 cybersecurity directive, with critical gaps in incident response, security policies, and business continuity planning. Email security is insufficient, lacking proper authentication configurations which increase the risk of phishing and spoofing attacks. Although network security and DNS health are relatively strong, these alone do not mitigate the critical weaknesses present. Immediate remediation is required to protect sensitive customer data, maintain regulatory compliance, and safeguard the company’s brand reputation.

S

Sophia Business Angels

sophiabusinessangels.com

0

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability impacting user data confidentiality and trust. Key security headers are missing, increasing exposure to common web attacks such as clickjacking, cross-site scripting (XSS), and content injection. The site also lacks essential GDPR compliance elements like privacy policies and cookie consent, risking substantial legal penalties. Organizational security governance under NIS2 directives is severely lacking with no incident response, security policies, or information security framework in place. While email security and DNS health show moderate strengths, they are insufficient to mitigate the broader critical deficiencies. Immediate remediation is required to protect customer data, meet regulatory requirements, and maintain business continuity. Without urgent improvements, the business faces heightened risk of cyber incidents and regulatory sanctions.

M

Merkle

merkleinc.com

0

The website exhibits a poor overall security posture with critical vulnerabilities that expose it to significant risks. The absence of HTTPS encryption is the most alarming issue, affecting GDPR compliance, NIS2 regulations, and user data confidentiality. Key security headers are missing, increasing susceptibility to common web attacks such as cross-site scripting and data leakage. The lack of essential GDPR components, including a cookie consent banner and compliant privacy policy, poses legal and reputational risks. Organizational security maturity is low, with no documented security policies, incident response plans, or vulnerability disclosure processes, indicating weak governance. Email security is moderate but requires improvements to prevent phishing and spoofing attacks. DNS security is relatively strong, while network security demonstrates a good posture. Immediate remediation is needed to protect sensitive data, comply with regulations, and maintain customer trust.

The website's overall security posture is critically weak, with multiple high and critical severity issues identified across core security domains. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing the risk of common web attacks such as clickjacking, cross-site scripting, and MIME-sniffing. Compliance with privacy regulations is inadequate, lacking essential policies and consent mechanisms, which could lead to legal repercussions and loss of customer trust. The organization also lacks fundamental information security governance, including incident response, security policies, and vulnerability disclosure, increasing exposure to breaches and operational disruptions. While network security and email security are relatively stronger, DNS and SSL/TLS configurations are incomplete. Immediate remediation is vital to protect customer data, maintain regulatory compliance, and preserve brand reputation.

D

Dubai Tell Limited, Geneva Tell SA, Algiers Tell Markets SPA

tell.group

0

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability that compromises all data transmissions, severely impacting user trust and violating GDPR and NIS2 requirements. Missing essential security headers further increase susceptibility to common web attacks such as clickjacking, XSS, and content injection. Lack of privacy and cookie policies, as well as the absence of consent mechanisms, place the business at high risk of legal penalties under data protection regulations. Critical services like MySQL and FTP are publicly exposed, providing easy attack vectors for threat actors. Additionally, there is a notable deficit in security governance, including lack of incident response, security policies, and information security frameworks, which undermines the organization's ability to manage and mitigate risks effectively. While email and DNS security show some strengths, these are overshadowed by critical gaps in network and application security. Immediate action is required to address these issues to protect business assets, customer data, and maintain regulatory compliance.