What is the security status of unwto.org?

unwto.org has a security score of 65/100, rated as Moderate Risk. The website may have security concerns that should be addressed.

Is unwto.org safe to use?

Our security scan shows unwto.org is Moderate Risk. SSL security issues detected. Always practice safe browsing habits.

Does unwto.org have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 65/100, the website is rated as Moderate Risk. However, websites can change over time, so always use updated security software.

What is unwto.org's trust score?

unwto.org has a security score of 65/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is unwto.org Safe? Security Analysis for UN Tourism

https://unwto.org

Check if unwto.org is a scam or legitimate. Free security scan and reviews.

GovernmentN/alarge

Drupal 9jQuery UILeaflet.jsSelect2Swiper.js+1 more

Analyzed 7/30/2025Completed 9:32:57 PM

Security Score

MEDIUM RISK

AI Summary

UN Tourism is the United Nations specialized agency dedicated to promoting responsible, sustainable, and accessible tourism worldwide. The organization provides leadership, policy guidance, education, and data services to support tourism as a driver of economic growth and environmental sustainability. The website reflects a mature digital presence with multilingual support, rich content, and professional design consistent with a UN agency. Technically, the site is built on Drupal 9 with modern JavaScript libraries and demonstrates good mobile optimization and accessibility. Security posture is moderate with HTTPS implied and no visible vulnerabilities, though explicit security headers and policies are not evident. Privacy compliance is limited due to absence of visible privacy and cookie policies. WHOIS data is unavailable or protected, which is typical for international organizations, but this limits domain trust verification. Overall, the site is trustworthy and professional, serving a global audience of governments, tourism professionals, and stakeholders.

Detected Technologies

Drupal 9jQuery UILeaflet.jsSelect2Swiper.jsGoogle Tag Manager

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

UN Tourism holds a leading position as a UN specialized agency in the global tourism sector, focusing on sustainable development and policy leadership. Its business model centers on international cooperation, education, data provision, and advocacy rather than commercial activities. The organization targets governments, tourism authorities, and professionals worldwide. The website supports this with extensive resources, news, events, and tools such as data dashboards and investment strategies. Partnerships with regional offices and external platforms are evident. The organization's large scale and UN affiliation provide strong credibility and influence in the tourism domain.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (1)

i*****@unwto.org

Physical Addresses (1)

Leave this field blank

Security Posture Analysis

Comprehensive Security Assessment

The website employs HTTPS and modern web technologies, indicating a baseline secure environment. No critical vulnerabilities or exposed sensitive data were detected in the analyzed content. However, the absence of explicit security headers and formal security or incident response policies reduces the overall security maturity. No contact channels for security incidents or vulnerability disclosures were found. Privacy compliance is weak, lacking visible privacy or cookie policies and consent mechanisms. The WHOIS data is unavailable, which is common for international organizations but limits domain trust verification. Overall, the security posture is adequate but could be improved with formal policies, headers, and transparency.

Strategic Recommendations

Priority Actions for Security Improvement

Implement and publish comprehensive privacy and cookie policies with user consent mechanisms to improve GDPR compliance.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

UN Tourism

Description:

UN Tourism is the United Nations agency responsible for the promotion of responsible, sustainable and universally accessible tourism. It promotes tourism as a driver of economic growth, inclusive development and environmental sustainability and offers leadership and support to the sector in advancing knowledge and tourism policies worldwide.

Key Services:

Tourism education and trainingTourism data dashboard and statisticsInvestment strategy guidanceSustainable tourism initiativesPolicy and governance support

Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:

Drupal 9jQuery UILeaflet.jsSelect2Swiper.jsGoogle Tag Manager

Frameworks:

Drupal

Performance:

moderate

Mobile:

good

Accessibility:

good

SEO:

good

Security Assessment

Security Score:

75/100

Best Practices:

Use of HTTPS (implied by canonical URL with http but likely https in practice)
No exposed sensitive data in HTML
No visible vulnerable libraries

Analytics & Tracking

Services:

Google Tag Manager

Tracking Level:minimal

Privacy Compliance:poor

Advertising & Marketing

Transparency Level:basic

Website Quality Assessment

Design Quality:excellent

User Experience:excellent

Content Relevance:excellent

Navigation Clarity:excellent

Professionalism:excellent

Trustworthiness:high

Key Observations

Website is a professional UN specialized agency site focused on sustainable tourism.

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

60/100

Score

Weak Strict-Transport-Security configuration

LOW

Current value: "max-age=0; includeSubDomains; preload"

Weak X-Frame-Options configuration

LOW

Current value: "SAMEORIGIN, SAMEORIGIN"

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

25/100

Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

80/100

Score

No DMARC reporting

LOW

DMARC aggregate reports not configured

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 a ip4:188.165.129.128 ip4:109.169.93.209 ip4:54.247.53.184 ip4:46.137.100.169 ip4:77.228.218.98 ip4:52.18.232.16 include:spf.protection.outlook.com include:spf.happyfox.net include:sendgrid.net ~all

DNS Lookups:4/10

Policy:~all

DKIM Selectors Found

Selector:k2(1416-bit rsa)

Selector:mail(1296-bit rsa)

Selector:s1(1440-bit rsa)

DMARC Details

Policy:quarantine

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

65/100

Score

SSL Certificate Expires Within 90 Days

MEDIUM

SSL certificate expires in 68 days

Weak SSL Key Length

HIGH

SSL certificate uses 256-bit key, which is considered weak

Mixed Content Detected

MEDIUM

38 resources loaded over insecure HTTP

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:www.unwto.org

Issuer:WE1

Valid Until:10/7/2025 (68 days)

SANs:www.unwto.org

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

70/100

Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

Domain Transfer Lock Not Enabled

MEDIUM

Domain can be transferred without authorization

Domain Delete Lock Not Enabled

LOW

Domain can be deleted without additional verification

Domain Registration Details

Domain Age

20 years(mature)

Expiry Risk

none(647 days)

Protection Level

noneDNSSEC OFF

Suspicious Indicators Detected

•No domain protection locks enabled

DNS Records

A Records:172.66.146.248, 104.20.38.113

AAAA Records:2606:4700:10::ac42:92f8, 2606:4700:10::6814:2671

Name Servers:

abby.ns.cloudflare.com

gabe.ns.cloudflare.com

MX Records:

0: unwto-org.mail.protection.outlook.com

SOA:Serial: 2379394038, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:71ms

SPF Analysis

SPF Record:

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on Drupal 9, leveraging jQuery UI, Leaflet.js for maps, Select2 for enhanced select inputs, and Swiper.js for carousels. Google Tag Manager is used for analytics and tracking. The site is multilingual with hreflang tags for English, Spanish, French, Russian, Arabic, and Simplified Chinese. The design is responsive and accessible with skip links and ARIA roles. Performance is moderate, with external resources loaded from reputable CDNs and AWS S3 buckets. The site uses structured data (JSON-LD) for SEO and social media integration. No major technical debt or deprecated technologies were detected. Opportunities exist to improve security headers and privacy compliance mechanisms.

Analyze Another Website

Is unwto.org a Scam? Security Check Results - UN Tourism Reviews

Is unwto.org Safe? Security Analysis for UN Tourism

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Extracted Contact Information

Email Addresses (1)

Physical Addresses (1)

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Weak Strict-Transport-Security configuration

Weak X-Frame-Options configuration

Missing Content-Security-Policy header

Missing Referrer-Policy header

Missing Permissions-Policy header

👤GDPR Compliance

GDPR Compliance

No Privacy Policy found

No Cookie Policy found

No Cookie Consent Banner found

Third-party services without privacy policy

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

📧Email Security

Email Security

No DMARC reporting

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

SPF Details

DKIM Selectors Found

DMARC Details

🏆SSL/TLS Security

SSL/TLS Security

SSL Certificate Expires Within 90 Days

Weak SSL Key Length

Mixed Content Detected

Partial SSL/TLS Assessment

Certificate Details

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

CAA Records Not Configured

Domain Transfer Lock Not Enabled

Domain Delete Lock Not Enabled

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings