Skip to main content

Is qwant.com a Scam? Security Check Results - Qwant Reviews

qwant.com favicon

Is qwant.com Safe? Security Analysis for Qwant

https://qwant.com

Check if qwant.com is a scam or legitimate. Free security scan and reviews.

TechnologyFrancemedium
ReactJavaScriptPhoenix frameworkPiwik PRO analyticsDidomi consent management
Analyzed 8/3/2025Completed 4:10:47 PM
65
Security Score
MEDIUM RISK

AI Summary

Qwant is a French-based privacy-focused search engine that positions itself as a trustworthy alternative to major search providers by emphasizing user privacy, no tracking, and no sale of personal data. It offers a suite of services including a general search engine, a child-safe version called Qwant Junior, and a cloud storage solution via a partner. The website is professionally designed, mobile-optimized, and supports multiple languages, reflecting a mature digital presence. Technically, it uses modern frameworks such as React and Phoenix, integrates Piwik PRO for privacy-respecting analytics, and employs Didomi for consent management. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response details are not publicly disclosed. WHOIS data is unavailable, likely due to privacy protection, which slightly impacts trust but is consistent with the company’s privacy ethos. Overall, Qwant demonstrates a high level of professionalism, privacy compliance, and technical maturity, making it a credible and secure service in the European market.

Detected Technologies

ReactJavaScriptPhoenix frameworkPiwik PRO analyticsDidomi consent management

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Qwant operates in the technology sector, specifically in privacy-centric internet search services. Its business model relies on contextual advertising without user tracking, supplemented by a loyalty program rewarding users for searches. The company targets privacy-conscious users, including families via Qwant Junior. Partnerships, such as with Shadow Drive for cloud storage, expand its ecosystem. The company maintains a consistent brand message focused on privacy and European hosting, which strengthens its market position as a trustworthy alternative to dominant search engines. The presence of multiple language options and apps indicates a medium-sized operation with ambitions for broad European reach.

Security Posture Analysis

Comprehensive Security Assessment

Qwant exhibits a mature security posture with HTTPS enforced site-wide, comprehensive security headers, and no detected vulnerabilities or exposed sensitive data. The site avoids tracking cookies and employs consent management tools, aligning with GDPR requirements. However, the absence of a publicly available security policy or incident response plan limits transparency. No vulnerability disclosure program or security.txt file was found, which could improve security communication. Overall, the security practices are strong but could benefit from enhanced public documentation and dedicated security contact channels.

Strategic Recommendations

Priority Actions for Security Improvement

1

Publish a dedicated security policy and incident response information on the website to improve transparency.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Qwant

Description:

Qwant is a French search engine that emphasizes user privacy by not storing search data or selling personal data. It is hosted in Europe and offers services including a general search engine, a junior version for children, and a cloud storage solution called Shadow Drive.

Key Services:
Search engineQwant Junior (child-safe search)Shadow Drive (cloud storage)Browser extensionMobile apps
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
ReactJavaScriptPhoenix frameworkPiwik PRO analyticsDidomi consent management
Frameworks:
Phoenix
Platforms:
WebiOSAndroid
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
90/100
Best Practices:
  • HTTPS enforced
  • No personal data retention
  • No tracking cookies
  • Consent management implemented
  • Secure forms with autocomplete off

Analytics & Tracking

Services:
Piwik PRO
Tracking Level:minimal
Privacy Compliance:good

Advertising & Marketing

Ad Networks:
Microsoft Advertising
Tracking Pixels:
Piwik PRO
Marketing Tools:
Didomi Consent Management
Transparency Level:good

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with no blocking or WAF challenges.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

65/100
Score

Weak X-Frame-Options configuration

LOW

Current value: "SAMEORIGIN, SAMEORIGIN"

Weak X-Content-Type-Options configuration

LOW

Current value: "nosniff, nosniff"

Weak X-XSS-Protection configuration

LOW

Current value: "0"

Weak Referrer-Policy configuration

LOW

Current value: "no-referrer, same-origin"

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

73/100
Score

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy85% confidence
Contact Information Found90% confidence
emailphone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

25/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

85/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 ip4:194.187.168.35 ip4:194.187.168.37 ip4:194.187.168.38 ip4:94.23.181.132 ip4:52.28.158.135 ip4:52.29.12.146 include:_spf.google.com -all
DNS Lookups:1/10
Policy:-all
DMARC Details
Policy:reject
Aggregate Reports:dmarc-report@qwant.com
MTA-STS Details

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

0/100
Score

Unable to retrieve SSL certificate

CRITICAL

Could not establish secure connection to retrieve certificate information

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

90/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

DNS Records

A Records:141.95.150.143, 141.94.211.182, 54.38.0.163
Name Servers:
gns21.cloudns.netDNS only
gns22.cloudns.netDNS only
gns23.cloudns.netDNS only
gns24.cloudns.netDNS only
MX Records:
1: smtp.google.com
SOA:Serial: 2025071002, TTL: 3600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:87ms

SPF Analysis

SPF Record:
v=spf1 ip4:194.187.168.35 ip4:194.187.168.37 ip4:194.187.168.38 ip4:94.23.181.132 ip4:52.28.158.135 ip4:52.29.12.146 include:_spf.google.com -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website leverages a modern tech stack including React for frontend and Phoenix framework for backend, ensuring a responsive and performant user experience. It integrates Piwik PRO for privacy-focused analytics and Didomi for consent management, reflecting compliance with privacy regulations. Hosting is European-based, supporting the company’s privacy claims. The site is well-optimized for mobile devices and accessibility, with proper SEO meta tags and Open Graph data. Performance is fast with preloading of critical assets. No CMS was detected, indicating a custom or proprietary platform. Overall, the technical infrastructure is robust, modern, and aligned with the company’s privacy and performance goals.
Analyze Another Website