Skip to main content

Is bergpunkt.ch a Scam? Security Check Results - Bergpunkt Reviews

bergpunkt.ch favicon

Is bergpunkt.ch Safe? Security Analysis for Bergpunkt

https://bergpunkt.ch

Check if bergpunkt.ch is a scam or legitimate. Free security scan and reviews.

OtherSwitzerlandsmall
Vue.jsNuxt.jsTailwind CSSGoogle reCAPTCHAGoogle Tag Manager+3 more
Analyzed 10/4/2025Completed 4:24:23 AM
66
Security Score
MEDIUM RISK

AI Summary

Bergpunkt is a Swiss-based company specializing in mountain sports education and guided tours, including mountaineering, climbing, ski touring, and snowshoeing. The website presents a professional and well-structured digital presence targeting outdoor enthusiasts interested in mountain activities. The technical infrastructure leverages modern web technologies such as Vue.js and Nuxt.js, with integrations for maps (Leaflet), rich text editing (TinyMCE), and anti-bot protection (Google reCAPTCHA). While the site is well-designed and mobile-optimized, it lacks some critical compliance elements such as a privacy policy and terms of service pages. Security posture is generally good with HTTPS and reCAPTCHA, but the absence of security headers and incident response information indicates room for improvement. Overall, the website is legitimate and trustworthy but would benefit from enhanced compliance and security transparency.

Detected Technologies

Vue.jsNuxt.jsTailwind CSSGoogle reCAPTCHAGoogle Tag ManagerLeaflet (maps)Swiper (carousel)TinyMCE (rich text editor)

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Bergpunkt operates in a niche market providing specialized mountain sports training and guided tours in Switzerland. Its business model focuses on experiential outdoor education, targeting mountaineers and climbers. The company appears to be small-sized with a focused service offering. The website does not reveal parent or subsidiary relationships, indicating an independent operation. The lack of visible certifications or trust badges suggests Bergpunkt relies on reputation and quality of service rather than formal accreditations. Marketing and analytics are implemented via Google Tag Manager, indicating a moderate level of digital maturity. The absence of direct contact details on the site may limit customer engagement and trust building.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (6)

i*****@bergpunkt.ch
d*****@bluewin.ch
c*****@hotmail.com
r*****@ik.me
m*****@bergpunkt.ch
+1 more emails found

Security Posture Analysis

Comprehensive Security Assessment

The website employs HTTPS and Google reCAPTCHA, which are positive security measures. However, no security headers such as Content Security Policy, HSTS, or X-Frame-Options were detected, which are recommended to mitigate common web vulnerabilities. There is no published security policy or incident response contact, which limits transparency and preparedness for security incidents. No vulnerabilities or exposed sensitive data were identified in the provided content. The site respects Do Not Track signals in Google Tag Manager, indicating some privacy consideration. Overall, the security posture is moderate but could be significantly improved by implementing standard security headers and publishing security-related policies.

Strategic Recommendations

Priority Actions for Security Improvement

1

Publish a comprehensive privacy policy and terms of service to improve compliance and user trust.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Bergpunkt

Description:

Bergpunkt offers tours and training in mountaineering, climbing, ski touring, and related mountain activities.

Key Services:
Mountaineering toursClimbing coursesSki touringSnowshoeingMountain training and education
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
Vue.jsNuxt.jsTailwind CSSGoogle reCAPTCHAGoogle Tag ManagerLeaflet (maps)Swiper (carousel)TinyMCE (rich text editor)
Frameworks:
Vue.jsNuxt.js
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enabled
  • Google reCAPTCHA implemented on forms
  • Google Tag Manager used with doNotTrack respect

Analytics & Tracking

Services:
Google Tag Manager
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:moderate

Key Observations

1

Website is professionally designed with a clear focus on mountain sports education.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

30/100
Score

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

73/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

75/100
Score

DMARC not enforcing

MEDIUM

DMARC policy is set to "none"

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:_spf.google.com include:amazonses.com redirect=spf.mail.hostpoint.ch ~all
DNS Lookups:2/10
Policy:~all
DKIM Selectors Found
Selector:google(1296-bit rsa)
DMARC Details
Policy:none
Aggregate Reports:info@bergpunkt.ch

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

72/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 76 days

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

80/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

DMARC Policy Set to None

LOW

DMARC is configured but not enforcing any policy

DNS Records

A Records:34.65.170.237
Name Servers:
ns.hostpoint.chDNS only
ns2.hostpoint.chDNS only
ns3.hostpoint.chDNS only
MX Records:
1: aspmx.l.google.com
5: alt1.aspmx.l.google.com
10: alt4.aspmx.l.google.com
10: alt3.aspmx.l.google.com
5: alt2.aspmx.l.google.com
SOA:Serial: 1759363200, TTL: 3600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:109ms

SPF Analysis

SPF Record:
v=spf1 include:_spf.google.com include:amazonses.com redirect=spf.mail.hostpoint.ch ~all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built using modern frontend frameworks Vue.js and Nuxt.js, styled with Tailwind CSS, and enhanced with various JavaScript libraries for maps, carousels, and rich text editing. Google reCAPTCHA is integrated for bot protection, and Google Tag Manager is used for analytics and marketing. The site appears mobile-optimized with responsive design. Performance is moderate, with multiple preloaded scripts indicating some optimization effort. No standard CMS was detected, suggesting a custom-built solution. The lack of detected hosting provider information limits infrastructure analysis. Overall, the technical implementation is solid but could benefit from performance tuning and enhanced security configurations.
⭐ Verified Community Reviews

What others say about bergpunkt.ch

Share your experience to help others make informed decisions. We verify every review by email and publish it once our moderation team approves it.

Overall rating
Select a rating
4000 characters remaining

We’ll email you to confirm your review and keep your details private.

Community rating

out of 5

0 reviews published

Loading reviews…

How did we do?

Your feedback directly shapes our roadmap. Rate the quality of this report, leave an optional comment, and let us know if you want our security specialists to follow up.

Overall report quality
Select a rating
2000 characters remaining

We only use your feedback to improve Guard reports. Contact details are never shared.

Analyze Another Website