Skip to main content
All Industries

EU Industry Benchmark

E-Commerce

Anonymized security posture data for the e-commerce sector across the EU. Based on 4371 monitored sites.

41.9

Avg. Score /100

D

Avg. Grade

4371

Sites Tracked

+2.0

vs. EU Average

Critical findings in this industry

3941 of 4371 without HTTPS redirect

90.0%

4252 of 4371 with unencrypted email (no STARTTLS)

97.0%

4364 of 4371 without DMARC protection (spoofable)

100.0%

912 of 4371 missing 3+ critical security headers

21.0%

3741 of 4371 without DNSSEC (vulnerable to DNS spoofing)

86.0%

3831 of 4371 without CAA records (unrestricted certificate issuance)

88.0%

4232 of 4371 without MTA-STS (email downgrade attacks possible)

97.0%

Grade Distribution

A
0 (0.0%)
B
0 (0.0%)
C
148 (3.0%)
D
2506 (57.0%)
F
1717 (39.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Hosting & Data Residency

16%

EU-headquartered provider

84%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 1096 38.0%
Amazon Web Services (US) 672 23.3%
Akamai (US) 278 9.6%
Microsoft Azure (US) 253 8.8%
Fastly (US) 157 5.4%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.