Skip to main content

Is ethz.ch a Scam? Security Check Results - ETH Zürich Reviews

ethz.ch favicon

Is ethz.ch Safe? Security Analysis for ETH Zürich

https://ethz.ch

Check if ethz.ch is a scam or legitimate. Free security scan and reviews.

EducationSwitzerlandenterprise
JavaScriptXMLHttpRequestGoogle Tag ManagerCookieLaw.org Consent SDKSwiper.js
Analyzed 9/7/2025Completed 7:00:55 AM
80
Security Score
LOW RISK

AI Summary

ETH Zürich is a prestigious Swiss university specializing in science, technology, engineering, and mathematics education and research. The website serves as the official digital presence, targeting students, researchers, and the academic community. It provides comprehensive information about the institution's offerings and maintains a consistent brand image. The site is multilingual, supporting German, English, French, and Italian languages, reflecting its international reach. Technically, the website is built on Adobe Experience Manager CMS, utilizing modern JavaScript libraries such as Swiper.js and Google Tag Manager for analytics and user tracking. The site is mobile-optimized and demonstrates good SEO and accessibility practices. Performance is moderate, with room for optimization. From a security perspective, the site enforces HTTPS with a valid SSL certificate and implements a cookie consent mechanism that defaults to denying ad and analytics storage, indicating privacy awareness. However, explicit privacy policies, terms of service, security policies, and incident response contacts are not found, representing areas for improvement. No vulnerabilities or exposed sensitive data were detected. Overall, ETH Zürich's website is a professional, trustworthy, and secure platform that effectively supports its educational mission. Strategic enhancements in privacy compliance documentation and security transparency would further strengthen its posture.

Detected Technologies

JavaScriptXMLHttpRequestGoogle Tag ManagerCookieLaw.org Consent SDKSwiper.js

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

ETH Zürich holds a top position in the European and global higher education landscape, focusing on STEM disciplines. Its business model is that of a public university, funded and operated to provide education and conduct research. The website reflects this by targeting academic audiences and the public. The institution benefits from strong brand recognition and trust signals inherent to its status. The use of Google Tag Manager and cookie consent tools indicates an awareness of digital marketing and compliance requirements. The absence of commercial advertising or affiliate programs aligns with its non-commercial educational mission. The site’s multilingual support and structured navigation suggest a mature digital strategy aimed at broad accessibility and user engagement.

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a solid security foundation with HTTPS enforcement and a cookie consent mechanism that restricts tracking by default. The lack of explicit security headers in the provided data suggests an opportunity to enhance protection against common web attacks. No security policies, incident response contacts, or vulnerability disclosure mechanisms are publicly available, which could limit transparency and responsiveness to security incidents. No signs of vulnerabilities or exposed sensitive information were found in the HTML content. Overall, the security posture is good but could be improved by publishing security-related documentation and implementing additional HTTP security headers.

Strategic Recommendations

Priority Actions for Security Improvement

1

Publish a comprehensive privacy policy and terms of service accessible from the homepage.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

ETH Zürich

Description:

ETH Zürich is a leading science, technology, engineering and mathematics university in Switzerland, providing education, research and innovation.

Key Services:
Higher educationResearchInnovationPublic information
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
JavaScriptXMLHttpRequestGoogle Tag ManagerCookieLaw.org Consent SDKSwiper.js
Performance:

moderate

Mobile:

good

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
85/100
Best Practices:
  • HTTPS enforced
  • Cookie consent with denied ad and analytics storage by default
  • No exposed sensitive data in HTML

Analytics & Tracking

Services:
Google Tag Manager
Tracking Level:moderate
Privacy Compliance:basic

Advertising & Marketing

Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:good
Navigation Clarity:good
Professionalism:good
Trustworthiness:high

Key Observations

1

Website uses HTTPS with valid SSL certificate.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

70/100
Score

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

88/100
Score

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy85% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

47/100
Score

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

85/100
Score

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:_id.ethz.ch -all
DNS Lookups:1/10
Policy:-all
DKIM Selectors Found
Selector:selector1(1416-bit rsa)

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

90/100
Score

Mixed Content Detected

MEDIUM

1 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:ethz.ch
Issuer:DigiCert Global G2 TLS RSA SHA256 2020 CA1
Valid Until:8/23/2026 (350 days)
SANs:ethz.ch, www.ethz.ch

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

80/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

No DMARC Record

MEDIUM

DMARC policy not configured

DNS Records

A Records:129.132.19.216
AAAA Records:2001:67c:10ec:254::216
Name Servers:
ns1.ethz.chDNS only
ns2.ethz.chDNS only
ns2.switch.chDNS only
MX Records:
0: ethz-ch.mail.protection.outlook.com
SOA:Serial: 283052, TTL: 300s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:86ms

SPF Analysis

SPF Record:
v=spf1 include:_id.ethz.ch -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on Adobe Experience Manager CMS, leveraging modern JavaScript libraries including Swiper.js for UI components and Google Tag Manager for analytics. It uses asynchronous script loading and XMLHttpRequest for dynamic content fetching, indicating a modern and interactive design. The site is responsive and optimized for mobile devices, with good SEO metadata including Open Graph tags for social sharing. Performance is moderate, with potential for further optimization. Accessibility features appear to be implemented, supporting a broad user base. The technical infrastructure supports a professional and scalable digital presence suitable for a large educational institution.
Analyze Another Website