Skip to main content
All Industries

EU Industry Benchmark

Food & Delivery

Anonymized security posture data for the food & delivery sector across the EU. Based on 222 monitored sites.

53.2

Avg. Score /100

D

Avg. Grade

222

Sites Tracked

-1.0

vs. EU Average

Critical findings in this industry

21 of 222 without HTTPS redirect

9.0%

15 of 222 with unencrypted email (no STARTTLS)

7.0%

34 of 222 without DMARC protection (spoofable)

15.0%

142 of 222 missing 3+ critical security headers

64.0%

65 of 222 without DNSSEC (vulnerable to DNS spoofing)

29.0%

66 of 222 without CAA records (unrestricted certificate issuance)

30.0%

69 of 222 without MTA-STS (email downgrade attacks possible)

31.0%

Grade Distribution

A
2 (1.0%)
B
29 (13.0%)
C
55 (25.0%)
D
84 (38.0%)
F
52 (23.0%)

Score by Country

🇧🇪 Belgien
64.5 4 🇧🇬 Bulgarien
64.3 3 🇩🇪 Deutschland
49.1 30 🇩🇰 Dänemark
49.8 6 🇪🇪 Estland
73.5 2 🇫🇮 Finnland
47.0 6 🇫🇷 Frankreich
48.0 24 🇬🇷 Griechenland
65.6 5 🇮🇪 Irland
52.9 8 🇮🇹 Italien
32.8 6 🇭🇷 Kroatien
58.3 3 🇱🇻 Lettland
63.5 4 🇱🇹 Litauen
57.8 5 🇳🇱 Niederlande
54.6 11 🇳🇴 Norwegen
52.3 6 🇵🇱 Polen
39.0 7 🇵🇹 Portugal
60.0 4 🇷🇴 Rumänien
54.7 7 🇸🇪 Schweden
55.0 9 🇨🇭 Schweiz
55.6 7 🇸🇰 Slowakei
69.2 4 🇸🇮 Slowenien
55.7 3 🇪🇸 Spanien
48.0 10 🇨🇿 Tschechien
57.0 8 US
71.0 1 🇭🇺 Ungarn
53.6 5 🇬🇧 Vereinigtes Königreich
59.0 20 🇨🇾 Zypern
43.0 1 🇦🇹 Österreich
54.2 13

Hosting & Data Residency

13%

EU-headquartered provider

87%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 64 36.0%
Amazon Web Services (US) 52 29.2%
Akamai (US) 15 8.4%
Microsoft Azure (US) 13 7.3%
Google Cloud (US) 11 6.2%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.