EU Industry Benchmark
E-Commerce
Anonymized security posture data for the e-commerce sector across the EU. Based on 4371 monitored sites.
41.9
Avg. Score /100
D
Avg. Grade
4371
Sites Tracked
+2.0
vs. EU Average
Critical findings in this industry
3941 of 4371 without HTTPS redirect
4252 of 4371 with unencrypted email (no STARTTLS)
4364 of 4371 without DMARC protection (spoofable)
912 of 4371 missing 3+ critical security headers
3741 of 4371 without DNSSEC (vulnerable to DNS spoofing)
3831 of 4371 without CAA records (unrestricted certificate issuance)
4232 of 4371 without MTA-STS (email downgrade attacks possible)
Grade Distribution
Security across Europe
Average security score by country — hover for details, click to explore.
/100 · sites
Score by Country
Hosting & Data Residency
16%
EU-headquartered provider
84%
Non-EU provider (CLOUD Act / Schrems II)
Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49
All data is anonymized. No individual sites are identified. Statistics updated weekly.