Skip to main content

Is zg.ch a Scam? Security Check Results - Kanton Zug Reviews

zg.ch favicon

Is zg.ch Safe? Security Analysis for Kanton Zug

https://zg.ch

Check if zg.ch is a scam or legitimate. Free security scan and reviews.

GovernmentSwitzerlandmedium
Matomo AnalyticsBootstrap (dropdowns, navs)CSS (zug_theme.min.css)JavaScript
Analyzed 10/4/2025Completed 5:13:44 AM
71
Security Score
MEDIUM RISK

AI Summary

The website zg.ch is the official online portal for the Canton of Zug, Switzerland, serving as a comprehensive resource for residents, businesses, and visitors. It provides extensive information on public services including education, health, economy, social services, mobility, environment, politics, and security. The site is well-structured with clear navigation and a professional design consistent with government standards. Technically, it employs modern web technologies such as Bootstrap and Matomo analytics, ensuring a responsive and moderately performant user experience. Security posture is adequate with HTTPS enforced and asynchronous script loading, but lacks explicit security headers and published security policies. Privacy compliance is limited due to the absence of visible privacy and cookie policies or consent mechanisms. Overall, the domain registration and WHOIS data confirm the site's legitimacy as a government entity, with no suspicious indicators detected.

Detected Technologies

Matomo AnalyticsBootstrap (dropdowns, navs)CSS (zug_theme.min.css)JavaScript

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Kanton Zug operates as a government entity providing essential public services and information to its constituents. Its market position is that of an authoritative source for canton-related administrative, social, and economic matters. The business model is non-commercial, focused on public administration and citizen engagement. The website targets a broad audience including residents, businesses, and visitors, offering services ranging from labor market information to environmental protection and public safety. The partnership ecosystem includes related government and ombudsman services, enhancing its service delivery. Growth indicators are not applicable given the governmental nature, but the site demonstrates digital maturity and comprehensive content coverage.

Security Posture Analysis

Comprehensive Security Assessment

The security maturity of the website is moderate. HTTPS is properly implemented, ensuring encrypted communications. However, the absence of key security headers such as Content-Security-Policy and Strict-Transport-Security reduces defense-in-depth. No vulnerability disclosure or incident response contacts are published, which limits transparency and readiness for security incidents. The use of Matomo analytics indicates some user tracking, but privacy controls are not evident. No exposed sensitive data or vulnerable libraries were detected in the provided content. Overall, the site follows basic security best practices but would benefit from enhanced policies and technical controls.

Strategic Recommendations

Priority Actions for Security Improvement

1

Publish a comprehensive privacy policy and cookie consent mechanism to improve GDPR compliance and user trust.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Kanton Zug

Description:

Mitten in Europa, im Herzen der Schweiz: Das ist der Kanton Zug. Er ist klein, aber gross in Vielfalt und Angebot. Perfekt für Bildung, Gesundheit, Wirtschaft, Finanzen, Innovation und Freizeit.

Key Services:
Information on economy and laborEducation system and schoolsHealth services and insuranceSocial servicesMobility and transportMigration and integrationPlanning and constructionEnvironment and naturePolitics and public administrationSecurity and emergency services
Content Quality:

good

Branding:

consistent

Technical Stack

Technologies:
Matomo AnalyticsBootstrap (dropdowns, navs)CSS (zug_theme.min.css)JavaScript
Frameworks:
Bootstrap
Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:
75/100
Best Practices:
  • HTTPS enabled
  • Use of async and defer on scripts

Analytics & Tracking

Services:
Matomo
Tracking Level:moderate
Privacy Compliance:poor

Advertising & Marketing

Tracking Pixels:
Matomo
Transparency Level:basic

Website Quality Assessment

Design Quality:good
User Experience:good
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:good
Trustworthiness:high

Key Observations

1

Official government website for Canton Zug, Switzerland

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

75/100
Score

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Missing Referrer-Policy header

LOW

Controls referrer information sent with requests

Missing Permissions-Policy header

MEDIUM

Controls browser features and APIs

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

53/100
Score

No Cookie Policy found

HIGH

GDPR requires clear information about cookie usage

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

Privacy policy may not be GDPR compliant

MEDIUM

Privacy policy lacks explicit GDPR compliance elements

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy0% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: transport, banking, health, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

83/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 mx mx:admin.ch mx:ag.ch ip4:193.134.26.182 ip4:193.134.12.19 ip6:2a10:8244:1000:1800::5002 ip6:2a10:8244:4:600::/64 ip4:159.144.81.1 ip4:159.144.81.2 ip4:193.134.14.50/32 include:spf.protection.outlook.com include:spf.privasphere.com -all
DNS Lookups:5/10
Policy:-all
MTA-STS Details
Mode:enforce
Max Age:120 days

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

100/100
Score

Partial SSL/TLS Assessment

LOW

Completed 2 of 4 security checks due to time constraints

Certificate Details

Subject:zg.ch
Issuer:SwissSign RSA TLS DV ICA 2022 - 1
Valid Until:3/28/2026 (175 days)
SANs:zg.ch

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

80/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

No DMARC Record

MEDIUM

DMARC policy not configured

DNS Records

A Records:151.101.130.132, 151.101.2.132, 151.101.242.132, 151.101.66.132, 151.101.194.132
AAAA Records:2a04:4e42::644, 2a04:4e42:600::644, 2a04:4e42:400::644, 2a04:4e42:200::644
Name Servers:
a.zg-ns.chDNS only
a.zg-ns.netDNS only
b.zg-ns.chDNS only
b.zg-ns.netDNS only
MX Records:
10: mail.zg.ch
20: mail2.zg.ch
SOA:Serial: 2025100337, TTL: 3600s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:120ms

SPF Analysis

SPF Record:
v=spf1 mx mx:admin.ch mx:ag.ch ip4:193.134.26.182 ip4:193.134.12.19 ip6:2a10:8244:1000:1800::5002 ip6:2a10:8244:4:600::/64 ip4:159.144.81.1 ip4:159.144.81.2 ip4:193.134.14.50/32 include:spf.protection.outlook.com include:spf.privasphere.com -all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website uses a modern frontend stack with Bootstrap for responsive design and Matomo for analytics. The CSS and JavaScript assets are minified and loaded asynchronously, contributing to moderate performance. The site is mobile optimized with good navigation clarity. No explicit CMS was detected, suggesting a custom or proprietary content management system. Hosting details are not disclosed. SEO is supported by proper meta tags and Open Graph data. Accessibility is basic but could be improved. No critical technical debt or risks were identified, but adding security headers and privacy features would strengthen the technical posture.
⭐ Verified Community Reviews

What others say about zg.ch

Share your experience to help others make informed decisions. We verify every review by email and publish it once our moderation team approves it.

Overall rating
Select a rating
4000 characters remaining

We’ll email you to confirm your review and keep your details private.

Community rating

out of 5

0 reviews published

Loading reviews…

How did we do?

Your feedback directly shapes our roadmap. Rate the quality of this report, leave an optional comment, and let us know if you want our security specialists to follow up.

Overall report quality
Select a rating
2000 characters remaining

We only use your feedback to improve Guard reports. Contact details are never shared.

Analyze Another Website