Castapp Logo
German English Spanish French Italian Dutch Portuguese (BR) Swedish
ImmuniWeb security test result for Castapp with top score A

Top Score A: Castapp Is the Most Secure Casting Platform in the Test

07. February 2026
Sebastian Kraft
Data & Insights

We had ourselves tested

In June 2025, we ran castapp.pro through the Website Security Test by ImmuniWeb – an independent, internationally recognized security audit based in Geneva, Switzerland. The test checks GDPR compliance, PCI DSS conformity, HTTP security headers, Content Security Policies, and the state of all software components in use.

The result: Castapp achieves the top score of A. Zero known security vulnerabilities.

Because we wanted to know where we stand, we ran the same test for four other casting platforms – all on the same day, under identical conditions.

The results compared

castapp.pro – Score A. No known security vulnerabilities, all protective measures active, server located in Germany.

actorsaccess.com – Score C. Outdated software with known vulnerabilities, no protection against automated data scraping.

spotlight.com – Score C. Known security vulnerabilities, important security settings missing.

de.stagepool.com – Score C. Twelve known security vulnerabilities, outdated components, the server openly reveals technical details that make attackers' work easier.

theapolis.de – Score F. The worst score in the comparison. Basic security measures are missing, cookies are unprotected, the server is largely openly configured. The mobile version also receives an F.

The full reports are publicly available: castapp.pro | actorsaccess.com | spotlight.com | de.stagepool.com | theapolis.de

Why this matters to us

Casting platforms hold sensitive data. Photos, videos, resumes, contact details, sometimes even health information or body measurements. This data belongs to the performers who provide it. And it deserves the same protection you'd expect from a banking app or a health portal.

The reality, unfortunately, looks different. Outdated software with known vulnerabilities, missing security headers, open HTTP methods – these aren't minor issues. They're invitations for attackers.

What we do differently

Castapp was built from the ground up on the principle of Privacy by Design. That means: data protection wasn't an afterthought, it was the starting point of every technical decision.

In practice, this means: No PDF resumes that can be downloaded and forwarded without control. No Dropbox links, no downloads. Instead, structured data processing, limited visibility, and full data control for users. Our server is in Frankfurt am Main, Germany – not in the US.

What the A score means

The A score isn't a marketing badge you can buy. It's the result of clean work on the technical foundation: up-to-date software components, correctly configured security headers, a well-thought-out Content Security Policy, encrypted cookies with the right flags, restricted HTTP methods.

We're proud of this result. Not because it proves we're perfect – no system is perfect. But because it shows that you can build an IT project in our industry to proper industry standards. That you can treat performer data with the same seriousness that other industries have long taken for granted.

And that should be the standard in the casting industry – not the exception.

0

Comments (0)

Log in to comment

No comments yet.