Skip to main content
All Industries

EU Industry Benchmark

E-Commerce

Anonymized security posture data for the e-commerce sector across the EU. Based on 4352 monitored sites.

53.6

Avg. Score /100

D

Avg. Grade

4352

Sites Tracked

+10.0

vs. EU Average

Critical findings in this industry

2119 of 4352 without HTTPS redirect

49.0%

3244 of 4352 with unencrypted email (no STARTTLS)

75.0%

2462 of 4352 without DMARC protection (spoofable)

57.0%

1882 of 4352 missing 3+ critical security headers

43.0%

3731 of 4352 without DNSSEC (vulnerable to DNS spoofing)

86.0%

3816 of 4352 without CAA records (unrestricted certificate issuance)

88.0%

4224 of 4352 without MTA-STS (email downgrade attacks possible)

97.0%

Grade Distribution

A
0 (0.0%)
B
200 (5.0%)
C
1148 (26.0%)
D
2523 (58.0%)
F
481 (11.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 54.4/100 (100 sites) Belgium: 56.1/100 (92 sites) Bulgaria: 54.5/100 (39 sites) Croatia: 50.9/100 (46 sites) Cyprus: 44.3/100 (14 sites) Czech Republic: 53.1/100 (102 sites) Denmark: 51.7/100 (97 sites) Estonia: 51.7/100 (29 sites) Finland: 55.6/100 (90 sites) France: 54.6/100 (383 sites) Germany: 55.1/100 (728 sites) Greece: 49.1/100 (249 sites) Hungary: 51.1/100 (152 sites) Ireland: 55.4/100 (67 sites) Italy: 52.0/100 (249 sites) Latvia: 47.8/100 (23 sites) Lithuania: 49.7/100 (38 sites) Luxembourg: 52.2/100 (44 sites) Netherlands: 54.6/100 (243 sites) Norway: 56.6/100 (86 sites) Poland: 50.9/100 (291 sites) Portugal: 54.3/100 (62 sites) Romania: 54.6/100 (72 sites) Slovakia: 54.1/100 (58 sites) Slovenia: 48.7/100 (29 sites) Spain: 54.3/100 (156 sites) Sweden: 55.7/100 (206 sites) Switzerland: 54.2/100 (260 sites) United Kingdom: 55.1/100 (306 sites)
Worse
Better

Score by Country

🇦🇹 Austria
54.4 100 🇧🇪 Belgium
56.1 92 🇧🇬 Bulgaria
54.5 39 🇭🇷 Croatia
50.9 46 🇨🇾 Cyprus
44.3 14 🇨🇿 Czech Republic
53.1 102 🇩🇰 Denmark
51.7 97 🇪🇪 Estonia
51.7 29 🇪🇺 European Union
54.2 25 🇫🇮 Finland
55.6 90 🇫🇷 France
54.6 383 🇩🇪 Germany
55.1 728 🇬🇷 Greece
49.1 249 🇭🇺 Hungary
51.1 152 🇮🇸 Iceland
51.3 9 🇮🇪 Ireland
55.4 67 🇮🇹 Italy
52.0 249 🇱🇻 Latvia
47.8 23 🇱🇮 Liechtenstein
47.3 3 🇱🇹 Lithuania
49.7 38 🇱🇺 Luxembourg
52.2 44 🇲🇹 Malta
49.8 4 🇳🇱 Netherlands
54.6 243 🇳🇴 Norway
56.6 86 🇵🇱 Poland
50.9 291 🇵🇹 Portugal
54.3 62 🇷🇴 Romania
54.6 72 🇸🇰 Slovakia
54.1 58 🇸🇮 Slovenia
48.7 29 🇪🇸 Spain
54.3 156 🇸🇪 Sweden
55.7 206 🇨🇭 Switzerland
54.2 260 🇬🇧 United Kingdom
55.1 306

Hosting & Data Residency

16%

EU-headquartered provider

84%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 1093 38.0%
Amazon Web Services (US) 670 23.3%
Akamai (US) 278 9.7%
Microsoft Azure (US) 252 8.8%
Fastly (US) 156 5.4%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.