Security posture snapshot for November 2025 across 985 monitored European websites.
57.9/100
Average score
52%
Email spoofable
78%
No DNSSEC
56%
Missing security headers
Security posture by industry — sorted by average score. Click an industry to see its detailed breakdown.
| Industry | Sites | Score | Unprotected | Spoofable | Insecure | Grade distribution |
|---|---|---|---|---|---|---|
| Pharma | 39 |
|
54% | 87% | 13% |
C
D
F
|
| Automotive | 19 |
|
58% | 68% | 21% |
B
C
D
F
|
| Banking | 120 |
|
53% | 56% | 28% |
C
D
F
|
| Media | 140 |
|
71% | 66% | 11% |
C
D
|
| E-Commerce | 175 |
|
59% | 61% | 25% |
C
D
F
|
| Government | 95 |
|
48% | 61% | 19% |
C
D
F
|
| Insurance | 42 |
|
43% | 45% | 24% |
B
C
D
F
|
| Technology | 265 |
|
52% | 37% | 14% |
B
C
D
|
| Regulatory | 90 |
|
51% | 28% | 13% |
B
C
D
|
Sorted by average security score (lowest first). Column explanations: Unprotected = missing 3+ critical HTTP headers. Spoofable = no or weak DMARC. Insecure = no HTTPS redirect.
The most common security gaps across 985 European websites — and the regulations they violate.
56%
Visitors are exposed to clickjacking, XSS, and content injection because critical HTTP headers are missing.
52%
Emails from these domains can be spoofed — invoices, password resets, anything. No DMARC enforcement.
78%
DNS responses are unsigned. Attackers can redirect visitors to fake sites without detection.
Run a free security scan — no account needed. See your score, grade, and how you compare to your industry.
Scan your website nowThis data is also available as JSON via the Benchmark API.