Skip to main content

Is gerit.org a Scam? Security Check Results - Deutsche Forschungsgemeinschaft e.V. Reviews

gerit.org favicon

Is gerit.org Safe? Security Analysis for Deutsche Forschungsgemeinschaft e.V.

https://gerit.org

Check if gerit.org is a scam or legitimate. Free security scan and reviews.

EducationGermanylarge
React (react-autosuggest)Apache Lucene / Solr (search backend)Google Maps APICSS3JavaScript
Analyzed 9/5/2025Completed 7:03:26 PM
56
Security Score
MEDIUM RISK

AI Summary

GERiT is a comprehensive information portal operated by the Deutsche Forschungsgemeinschaft (DFG) in partnership with the German Academic Exchange Service (DAAD) and the German Rectors’ Conference (HRK). It provides detailed data on over 33,000 German research institutions, including profiles, job vacancies, doctoral program information, and links to DFG-funded projects. The portal targets students and researchers both within Germany and internationally, serving as an authoritative resource for academic and research-related information in Germany. Technically, the website employs modern web technologies including React for frontend components and Apache Lucene/Solr for search functionality. It integrates Google Maps API for geospatial data visualization and uses a cookie consent mechanism to comply with privacy regulations. The site is mobile-optimized and accessible, with good SEO practices and bilingual content in German and English. From a security perspective, the site uses HTTPS and has no visible critical vulnerabilities or exposed sensitive data. However, DNSSEC is not enabled and security headers are not explicitly detected, suggesting room for improvement. Privacy compliance is strong, with a comprehensive privacy policy and cookie consent banner. Contact information and legal imprint are clearly provided, enhancing trustworthiness. Overall, GERiT presents a professional, trustworthy, and well-maintained digital presence for German research institutions. Strategic recommendations include enabling DNSSEC, implementing security headers, and publishing a vulnerability disclosure policy to further strengthen security posture and transparency.

Detected Technologies

React (react-autosuggest)Apache Lucene / Solr (search backend)Google Maps APICSS3JavaScript

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

GERiT occupies a strong market position as the official German research institution directory, operated by the reputable DFG with partnerships from DAAD and HRK. Its business model is non-commercial, focusing on providing authoritative, up-to-date information to students and researchers. The portal supports international research marketing for Germany and facilitates access to academic job markets and doctoral programs. The partnership ecosystem includes major German academic organizations, enhancing credibility and reach. Growth indicators include monthly data updates and integration with multiple external authoritative data sources. The portal's comprehensive search and filter capabilities provide competitive advantages in usability and data granularity.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (3)

p*****@dfg.de
i*****@dfg.de
s*****@dfg.de

Phone Numbers (2)

+4922888**
+4922888*****

Physical Addresses (1)

Deutsche Forschungsgemeinschaft e.V., Kennedyallee 40, 53175 Bonn, Germany

Company Registration

Legal Name:

Deutsche Forschungsgemeinschaft e.V.

VAT Number:

DE122276357

Registration Number:

VR 2030 (Vereinsregister Bonn)

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a mature security posture with HTTPS enforced and no visible exposure of sensitive data. The use of a cookie consent banner aligns with GDPR requirements. However, the absence of DNSSEC and missing security headers such as Content-Security-Policy and X-Frame-Options indicate potential gaps. No explicit incident response or vulnerability disclosure information is published, which could limit responsiveness to security issues. Overall, the security maturity is good but could be enhanced by adopting additional best practices and transparency measures.

Strategic Recommendations

Priority Actions for Security Improvement

1

Enable DNSSEC on the domain to improve DNS security and prevent spoofing.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Deutsche Forschungsgemeinschaft e.V.

Description:

GERiT is an information portal on German research institutions provided by the Deutsche Forschungsgemeinschaft (DFG) in partnership with the German Academic Exchange Service (DAAD) and the German Rectors’ Conference (HRK). It offers an overview of approximately 33,000 research institutions in Germany, including profiles, job vacancies, doctoral regulations, and links to DFG-funded projects.

Key Services:
Research institution directorySearch by subject, location, institution typeLinks to job vacancies and doctoral opportunitiesInformation on DFG-funded projectsData download service
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
React (react-autosuggest)Apache Lucene / Solr (search backend)Google Maps APICSS3JavaScript
Frameworks:
React
Performance:

moderate

Mobile:

good

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enabled
  • No exposed sensitive data in HTML
  • Use of consent banner for cookies

Analytics & Tracking

Tracking Level:minimal
Privacy Compliance:good

Advertising & Marketing

Transparency Level:poor

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:excellent
Navigation Clarity:good
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is a comprehensive, bilingual (German/English) portal for German research institutions.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

15/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing X-Frame-Options header

HIGH

Prevents clickjacking attacks

Missing X-Content-Type-Options header

MEDIUM

Prevents MIME type sniffing

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

68/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

40/100
Score

No SPF record found

HIGH

SPF helps prevent email spoofing

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

No email authentication configured

CRITICAL

Domain is vulnerable to email spoofing

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

62/100
Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

OCSP Stapling Not Enabled

LOW

OCSP stapling improves performance and privacy

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 43 days

Mixed Content Detected

MEDIUM

2 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

60/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

No DMARC Record

MEDIUM

DMARC policy not configured

Domain Registration Details

Domain Age
7 years(mature)
Expiry Risk
low(204 days)
Protection Level
noneDNSSEC OFF
Suspicious Indicators Detected
  • No domain protection locks enabled

DNS Records

A Records:83.143.2.144
Name Servers:
dns-1.dfn.de
dns-2.dfn.de
dns-3.dfn.de
SOA:Serial: 2018032930, TTL: 3600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:89ms

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a modern React-based frontend with server-side search powered by Apache Lucene/Solr, indicating a robust and scalable technical infrastructure. Integration of Google Maps API enhances user experience for geographic searches. The site is mobile-optimized and accessible, with good SEO metadata and bilingual support. Hosting appears stable with DNS managed by the German Research Network (dfn.de). Performance is moderate, with potential for optimization. No CMS detected, suggesting a custom or proprietary content management approach. Overall, the technical stack is well-suited for the portal's informational and search functionalities, with opportunities for security and performance enhancements.
Analyze Another Website