EU Industry Benchmark

Fashion

Anonymized security posture data for the fashion sector across the EU. Based on 268 monitored sites.

52.8

Avg. Score /100

D

Avg. Grade

268

Sites Tracked

-1.0

vs. EU Average

Critical findings in this industry

20 of 268 without HTTPS redirect

7.0%

9 of 268 with unencrypted email (no STARTTLS)

3.0%

29 of 268 without DMARC protection (spoofable)

11.0%

143 of 268 missing 3+ critical security headers

53.0%

73 of 268 without DNSSEC (vulnerable to DNS spoofing)

27.0%

73 of 268 without CAA records (unrestricted certificate issuance)

27.0%

78 of 268 without MTA-STS (email downgrade attacks possible)

29.0%

Grade Distribution

A

0 (0.0%)

B

16 (6.0%)

C

82 (31.0%)

D

126 (47.0%)

F

44 (16.0%)

Score by Country

🇦🇹 Austria

47.2 4 🇧🇪 Belgium

51.6 7 🇧🇬 Bulgaria

83.0 1 🇭🇷 Croatia

57.0 1 🇨🇿 Czech Republic

38.2 4 🇩🇰 Denmark

52.9 9 🇪🇪 Estonia

53.0 2 🇫🇮 Finland

39.6 5 🇫🇷 France

50.2 27 🇩🇪 Germany

51.8 30 🇬🇷 Greece

56.0 3 🇭🇺 Hungary

46.0 4 🇮🇪 Ireland

39.7 3 🇮🇹 Italy

49.5 36 🇱🇻 Latvia

54.5 2 🇱🇹 Lithuania

70.0 1 🇳🇱 Netherlands

49.3 11 🇳🇴 Norway

60.0 8 🇵🇱 Poland

61.4 7 🇵🇹 Portugal

61.3 6 🇷🇴 Romania

60.3 3 🇸🇰 Slovakia

53.3 3 🇸🇮 Slovenia

53.3 3 🇪🇸 Spain

55.5 8 🇸🇪 Sweden

52.9 23 🇨🇭 Switzerland

64.3 3 🇬🇧 United Kingdom

Hosting & Data Residency

11%

EU-headquartered provider

89%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 64 30.8%

Akamai (US) 54 26.0%

Amazon Web Services (US) 48 23.1%

Fastly (US) 16 7.7%

Microsoft Azure (US) 9 4.3%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

All data is anonymized. No individual sites are identified. Statistics updated weekly.