Skip to main content
All Industries

EU Industry Benchmark

Adult

Anonymized security posture data for the adult sector across the EU. Based on 327 monitored sites.

43.7

Avg. Score /100

D

Avg. Grade

327

Sites Tracked

+1.0

vs. EU Average

Critical findings in this industry

221 of 327 without HTTPS redirect

68.0%

303 of 327 with unencrypted email (no STARTTLS)

93.0%

320 of 327 without DMARC protection (spoofable)

98.0%

119 of 327 missing 3+ critical security headers

36.0%

272 of 327 without DNSSEC (vulnerable to DNS spoofing)

83.0%

295 of 327 without CAA records (unrestricted certificate issuance)

90.0%

322 of 327 without MTA-STS (email downgrade attacks possible)

98.0%

Grade Distribution

A
0 (0.0%)
B
1 (0.0%)
C
20 (6.0%)
D
194 (59.0%)
F
112 (34.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 45.7/100 (6 sites) Belgium: 46.4/100 (8 sites) Bulgaria: 36.7/100 (3 sites) Croatia: 45.0/100 (6 sites) Cyprus: 45.4/100 (8 sites) Czech Republic: 42.8/100 (28 sites) Denmark: 43.1/100 (9 sites) Estonia: 42.1/100 (15 sites) Finland: 44.5/100 (12 sites) France: 41.1/100 (21 sites) Germany: 45.1/100 (27 sites) Greece: 40.8/100 (11 sites) Hungary: 43.3/100 (14 sites) Ireland: 46.7/100 (6 sites) Italy: 40.3/100 (14 sites) Latvia: 34.8/100 (6 sites) Lithuania: 51.2/100 (4 sites) Luxembourg: 38.5/100 (12 sites) Netherlands: 48.5/100 (22 sites) Norway: 44.2/100 (9 sites) Poland: 44.6/100 (16 sites) Portugal: 41.6/100 (5 sites) Romania: 36.9/100 (8 sites) Slovakia: 46.2/100 (5 sites) Slovenia: 45.4/100 (7 sites) Spain: 41.6/100 (14 sites) Sweden: 50.9/100 (10 sites) Switzerland: 41.4/100 (8 sites) United Kingdom: 46.0/100 (6 sites)
Worse
Better

Score by Country

🇦🇹 Austria
45.7 6 🇧🇪 Belgium
46.4 8 🇧🇬 Bulgaria
36.7 3 🇭🇷 Croatia
45.0 6 🇨🇾 Cyprus
45.4 8 🇨🇿 Czech Republic
42.8 28 🇩🇰 Denmark
43.1 9 🇪🇪 Estonia
42.1 15 🇫🇮 Finland
44.5 12 🇫🇷 France
41.1 21 🇩🇪 Germany
45.1 27 🇬🇷 Greece
40.8 11 🇭🇺 Hungary
43.3 14 🇮🇸 Iceland
56.2 4 🇮🇪 Ireland
46.7 6 🇮🇹 Italy
40.3 14 🇱🇻 Latvia
34.8 6 🇱🇮 Liechtenstein
44.0 3 🇱🇹 Lithuania
51.2 4 🇱🇺 Luxembourg
38.5 12 🇳🇱 Netherlands
48.5 22 🇳🇴 Norway
44.2 9 🇵🇱 Poland
44.6 16 🇵🇹 Portugal
41.6 5 🇷🇴 Romania
36.9 8 🇸🇰 Slovakia
46.2 5 🇸🇮 Slovenia
45.4 7 🇪🇸 Spain
41.6 14 🇸🇪 Sweden
50.9 10 🇨🇭 Switzerland
41.4 8 🇬🇧 United Kingdom
46.0 6

Hosting & Data Residency

29%

EU-headquartered provider

71%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 118 60.5%
Hetzner (DE) 18 9.2%
Amazon Web Services (US) 18 9.2%
Google Cloud (US) 9 4.6%
OVHcloud (FR) 9 4.6%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.