Skip to main content

Is smartsurvey.co.uk a Scam? Security Check Results - SmartSurvey Reviews

smartsurvey.co.uk favicon

Is smartsurvey.co.uk Safe? Security Analysis for SmartSurvey

https://smartsurvey.co.uk

Check if smartsurvey.co.uk is a scam or legitimate. Free security scan and reviews.

TechnologyUnited Kingdomenterprise
Google AnalyticsGoogle Tag ManagerFacebook PixelLinkedIn Insight TagjQuery 3.5.1+3 more
Analyzed 9/7/2025Completed 8:43:02 AM
66
Security Score
MEDIUM RISK

AI Summary

SmartSurvey is a UK-based enterprise providing advanced online survey software and feedback solutions. Positioned as the UK's leading feedback platform, it serves a broad range of customers including enterprises, public sector organizations, and non-profits. The company offers a comprehensive suite of services including survey creation, AI-powered text and sentiment analysis, dashboards, integrations, and managed services. Their business model is SaaS-based with tiered subscription plans catering to various customer needs. The website reflects a mature digital presence with excellent content quality, clear navigation, and strong branding consistency. Technically, the website leverages modern web technologies such as Webflow CMS, Google Analytics, Facebook Pixel, and LinkedIn Insight Tag, ensuring robust analytics and marketing capabilities. The site is mobile-optimized and performs well, with good accessibility and SEO practices. Security posture is strong, with HTTPS enforced, ISO27001 certification, and compliance with GDPR, HIPAA, and CCPA. Cookie consent mechanisms and privacy policies are comprehensive, supporting privacy compliance. No blocking or WAF challenges were detected, allowing full content access and analysis. The WHOIS lookup failed due to querying the subdomain rather than the registered domain, but this does not detract from the legitimacy of the business as evidenced by the website content and trust signals. Overall, SmartSurvey demonstrates a high level of professionalism, security, and compliance suitable for enterprise customers. Strategic recommendations include enhancing security header visibility, publishing an incident response contact, and adding a vulnerability disclosure policy to further strengthen trust and security posture.

Detected Technologies

Google AnalyticsGoogle Tag ManagerFacebook PixelLinkedIn Insight TagjQuery 3.5.1GSAP animation libraryWebflow CMS and hostingCookiefirst consent management

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

SmartSurvey holds a strong market position in the UK as a leading survey and feedback platform, trusted by over 600,000 customers including government and major brands. Its competitive advantages include AI-powered analysis, enterprise-grade security, and a comprehensive feature set tailored for various industries and functions. The SaaS subscription model with multiple plans allows scalability and affordability. The company targets business customers needing reliable, secure, and compliant survey solutions. Growth indicators include multi-award recognition and a broad partner ecosystem. The website content and structure reflect a mature and well-resourced organization with a clear focus on customer success and data-driven decision making.

Extracted Contact Information

Marketing Intelligence Data

Phone Numbers (1)

+4401684******

Physical Addresses (1)

Basepoint Business Centre, Oakfield Close, Tewkesbury, GL20 8SD, United Kingdom

Security Posture Analysis

Comprehensive Security Assessment

The website and company demonstrate a mature security posture with ISO27001 certification, FSQS accreditation, and compliance with GDPR, HIPAA, and CCPA. HTTPS is enforced site-wide, and cookie consent mechanisms are implemented. No exposed sensitive data or vulnerable libraries were detected. However, explicit security headers like Content-Security-Policy and X-Frame-Options were not visibly confirmed and should be verified. Incident response contact information and vulnerability disclosure policies are not publicly found, representing areas for improvement. Overall, the security culture appears strong with a focus on UK data hosting and enterprise-grade protections.

Strategic Recommendations

Priority Actions for Security Improvement

1

Verify and explicitly implement security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

SmartSurvey

Description:

SmartSurvey is a UK-based provider of digital survey solutions. Our customers trust our user-friendly yet advanced online survey software to gather the information they need to make smart decisions. All our solutions are GDPR compliant, built for enterprise but affordable for everyone and are backed with exceptional support and secure UK data storage.

Key Services:
Online survey softwareEnterprise survey solutionsConsumer panelsManaged servicesAI-powered text and sentiment analysisDashboards and reportingIntegrations and API
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
Google AnalyticsGoogle Tag ManagerFacebook PixelLinkedIn Insight TagjQuery 3.5.1GSAP animation libraryWebflow CMS and hostingCookiefirst consent management
Frameworks:
Webflow CMS
Platforms:
Webflow hosting
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
90/100
Best Practices:
  • HTTPS enforced
  • Cookie consent banner with granular controls
  • ISO27001 certified
  • GDPR, HIPAA, CCPA compliance stated
  • No exposed sensitive data in HTML
  • Use of security-focused third party scripts

Analytics & Tracking

Services:
Google AnalyticsFacebook PixelLinkedIn Insight Tag
Tracking Level:moderate
Privacy Compliance:good

Advertising & Marketing

Tracking Pixels:
Facebook PixelLinkedIn Insight Tag
Marketing Tools:
Cookiefirst Consent Management
Transparency Level:good

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content and no blocking detected

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

75/100
Score

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Weak Referrer-Policy configuration

LOW

Current value: "no-referrer-when-downgrade"

Sensitive data may be cached

LOW

Cache-Control header should include "no-store" for sensitive pages

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

65/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

47/100
Score

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

80/100
Score

DMARC Partial Enforcement

LOW

DMARC only applies to 1% of messages

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:spf.protection.outlook.com include:spf.ssmx.net include:spf.mailjet.com include:5735651.spf03.hubspotemail.net ip4:185.189.237.244 ip4:195.238.174.66 -all
DNS Lookups:4/10
Policy:-all
DKIM Selectors Found
Selector:selector1(1296-bit rsa)
Selector:mail(1296-bit rsa)
DMARC Details
Policy:reject(1% enforcement)
Aggregate Reports:blhyvtaq@ag.eu.dmarcadvisor.com
Forensic Reports:blhyvtaq@fr.eu.dmarcadvisor.com

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

100/100
Score

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:*.smartsurvey.co.uk
Issuer:GoGetSSL RSA DV CA
Valid Until:1/6/2026 (121 days)
SANs:*.smartsurvey.co.uk, smartsurvey.co.uk

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

75/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

Domain Registration Details

Domain Age
15 years(mature)
Expiry Risk
none(2670 days)
Protection Level
noneDNSSEC ON
Suspicious Indicators Detected
  • No domain protection locks enabled

DNS Records

A Records:172.65.201.249
AAAA Records:2606:4700:90:0:6671:f8e6:24d3:6484
Name Servers:
igor.ns.cloudflare.comDNS only
rose.ns.cloudflare.comDNS only
MX Records:
0: smartsurvey-co-uk.mail.protection.outlook.com
SOA:Serial: 2381793477, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:46ms

SPF Analysis

SPF Record:
v=spf1 include:spf.protection.outlook.com include:spf.ssmx.net include:spf.mailjet.com include:5735651.spf03.hubspotemail.net ip4:185.189.237.244 ip4:195.238.174.66 -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

0/100
Score

High-Risk Service Exposed: FTP

HIGH

Port 21 (FTP) is publicly accessible - FTP - Often unencrypted file transfer

Service Exposed: SSH

MEDIUM

Port 22 (SSH) is publicly accessible - SSH - Secure but can be brute-forced

Critical Service Exposed: Telnet

CRITICAL

Port 23 (Telnet) is publicly accessible - Telnet - Unencrypted remote access

High-Risk Service Exposed: RPC

HIGH

Port 135 (RPC) is publicly accessible - RPC - Windows RPC endpoint

High-Risk Service Exposed: NetBIOS

HIGH

Port 139 (NetBIOS) is publicly accessible - NetBIOS - Windows file sharing

Critical Service Exposed: SMB

CRITICAL

Port 445 (SMB) is publicly accessible - SMB - Windows file sharing, high risk

Critical Service Exposed: MSSQL

CRITICAL

Port 1433 (MSSQL) is publicly accessible - MSSQL - Database server

Critical Service Exposed: Oracle

CRITICAL

Port 1521 (Oracle) is publicly accessible - Oracle - Database server

Critical Service Exposed: MySQL

CRITICAL

Port 3306 (MySQL) is publicly accessible - MySQL - Database server

Critical Service Exposed: RDP

CRITICAL

Port 3389 (RDP) is publicly accessible - RDP - Remote Desktop, prime ransomware target

Critical Service Exposed: PostgreSQL

CRITICAL

Port 5432 (PostgreSQL) is publicly accessible - PostgreSQL - Database server

Critical Service Exposed: Redis

CRITICAL

Port 6379 (Redis) is publicly accessible - Redis - In-memory database

High-Risk Service Exposed: Elasticsearch

HIGH

Port 9200 (Elasticsearch) is publicly accessible - Elasticsearch - Search engine

Critical Service Exposed: MongoDB

CRITICAL

Port 27017 (MongoDB) is publicly accessible - MongoDB - NoSQL database

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on the Webflow CMS platform, utilizing modern JavaScript libraries including jQuery and GSAP for animations. It integrates multiple analytics and marketing tools such as Google Analytics, Google Tag Manager, Facebook Pixel, and LinkedIn Insight Tag. The site is well-optimized for performance and mobile responsiveness, with good SEO and accessibility features. Hosting appears to be via Webflow's managed infrastructure, likely backed by AWS. The technical implementation reflects a modern, scalable, and maintainable architecture suitable for enterprise-grade SaaS offerings.
Analyze Another Website