Skip to main content
All Industries

EU Industry Benchmark

Travel

Anonymized security posture data for the travel sector across the EU. Based on 227 monitored sites.

52.0

Avg. Score /100

D

Avg. Grade

227

Sites Tracked

-2.0

vs. EU Average

Critical findings in this industry

17 of 227 without HTTPS redirect

7.0%

7 of 227 with unencrypted email (no STARTTLS)

3.0%

24 of 227 without DMARC protection (spoofable)

11.0%

144 of 227 missing 3+ critical security headers

63.0%

41 of 227 without DNSSEC (vulnerable to DNS spoofing)

18.0%

46 of 227 without CAA records (unrestricted certificate issuance)

20.0%

49 of 227 without MTA-STS (email downgrade attacks possible)

22.0%

Grade Distribution

A
2 (1.0%)
B
33 (15.0%)
C
42 (19.0%)
D
85 (37.0%)
F
65 (29.0%)

Score by Country

🇦🇹 Austria
64.7 6 🇧🇪 Belgio
54.8 5 🇧🇬 Bulgaria
37.8 4 🇨🇿 Cechia
44.7 7 🇨🇾 Cipro
12.0 2 🇭🇷 Croazia
41.0 3 🇩🇰 Danimarca
57.3 11 🇪🇪 Estonia
54.7 3 🇫🇮 Finlandia
56.0 1 🇫🇷 Francia
48.3 19 🇩🇪 Germania
53.8 28 🇬🇷 Grecia
41.2 5 HK
30.0 1 🇮🇪 Irlanda
66.7 6 🇮🇸 Islanda
52.5 2 🇮🇹 Italia
38.0 6 🇱🇻 Lettonia
48.0 2 🇱🇹 Lituania
51.5 4 🇱🇺 Lussemburgo
49.5 2 🇲🇹 Malta
41.5 2 🇳🇴 Norvegia
51.9 7 🇳🇱 Paesi Bassi
63.7 9 🇵🇱 Polonia
43.0 7 🇵🇹 Portogallo
54.5 2 RS
59.0 1 🇬🇧 Regno Unito
57.8 22 🇷🇴 Romania
32.2 4 SG
66.0 1 🇸🇰 Slovacchia
40.8 5 🇸🇮 Slovenia
46.3 3 🇪🇸 Spagna
48.2 13 🇸🇪 Svezia
59.0 11 🇨🇭 Svizzera
53.5 6 TR
79.0 1 US
64.0 9 🇭🇺 Ungheria
47.7 7

Hosting & Data Residency

14%

EU-headquartered provider

86%

Non-EU provider (CLOUD Act / Schrems II)

Amazon Web Services (US) 49 31.4%
Cloudflare (US) 37 23.7%
Google Cloud (US) 17 10.9%
Microsoft Azure (US) 12 7.7%
Akamai (US) 12 7.7%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.