Security posture snapshot for April 2026 across 10372 monitored European websites.
55.5/100
Average score
48%
Email spoofable
81%
No DNSSEC
63%
Missing security headers
Security posture by industry — sorted by average score. Click an industry to see its detailed breakdown.
| Industry | Sites | Score | Unprotected | Spoofable | Insecure | Grade distribution |
|---|---|---|---|---|---|---|
| Media | 2105 |
|
77% | 52% | 2% |
C
D
F
|
| telecom | 338 |
|
59% | 47% | 15% |
C
D
F
|
| Pharma | 236 |
|
61% | 38% | 6% |
C
D
F
|
| real-estate | 301 |
|
66% | 48% | 5% |
C
D
|
| transport | 314 |
|
60% | 48% | 8% |
C
D
|
| Technology | 1793 |
|
65% | 52% | 2% |
C
D
|
| Automotive | 280 |
|
58% | 53% | 17% |
C
D
|
| Regulatory | 305 |
|
54% | 54% | 8% |
C
D
F
|
| education | 815 |
|
65% | 61% | 3% |
C
D
|
| healthcare | 427 |
|
65% | 52% | 5% |
C
D
|
| E-Commerce | 1749 |
|
60% | 37% | 1% |
C
D
|
| Government | 784 |
|
53% | 52% | 5% |
C
D
|
| energy | 236 |
|
52% | 39% | 7% |
C
D
|
| Banking | 447 |
|
45% | 27% | 12% |
B
C
D
|
| Insurance | 242 |
|
42% | 26% | 17% |
C
D
|
Sorted by average security score (lowest first). Column explanations: Unprotected = missing 3+ critical HTTP headers. Spoofable = no or weak DMARC. Insecure = no HTTPS redirect.
The most common security gaps across 10372 European websites — and the regulations they violate.
63%
Visitors are exposed to clickjacking, XSS, and content injection because critical HTTP headers are missing.
48%
Emails from these domains can be spoofed — invoices, password resets, anything. No DMARC enforcement.
81%
DNS responses are unsigned. Attackers can redirect visitors to fake sites without detection.
Run a free security scan — no account needed. See your score, grade, and how you compare to your industry.
Scan your website nowThis data is also available as JSON via the Benchmark API.