{
    "schema": "https://saferpage.de/schemas/technology-detection.v1",
    "generated_at": "2026-07-01T14:48:27+00:00",
    "domain": "gvb.ch",
    "available": true,
    "scan": {
        "id": "8ff0c51a-b704-4abc-9512-7e028a18c6a0",
        "checked_at": "2026-07-01 09:43:16.648416+02"
    },
    "summary": "gvb.ch: 14 sichtbare Technik-/Anbietersignale, 2 mit hoher Datenschutzrelevanz, 0 CMS-/Shop-Hinweis(e).",
    "metrics": {
        "technology_count": 14,
        "high_privacy_relevance_count": 2,
        "cms_or_shop_count": 0,
        "external_script_count": 3,
        "request_count": 58,
        "third_party_domain_count": 11,
        "infrastructure_finding_count": 0
    },
    "signals": {
        "server_header": "",
        "generator": "",
        "x_powered_by": "",
        "asset_hosts": [
            "gvba.b-cdn.net",
            "assets.adobedtm.com",
            "gvb.imgix.net",
            "www.googletagmanager.com",
            "gvb.ch"
        ],
        "external_scripts": [
            "https://gvba.b-cdn.net/assets/2.70.1-f1e39d1/js/webcomponents/gvb.js",
            "https://assets.adobedtm.com/ea38d5a67a31/1dff9399e0ea/launch-bdcddcbc03ab.min.js",
            "https://gvba.b-cdn.net/assets/2.70.1-f1e39d1/js/head.js"
        ],
        "tls_version": "TLSv1.3",
        "certificate_issuer": "GeoTrust TLS RSA CA G1",
        "renderer": "playwright-chromium"
    },
    "category_counts": {
        "Analytics/Werbung": 2,
        "Consent": 1,
        "Hosting/CDN": 3,
        "other": 5,
        "social_tracking": 2,
        "video_embed": 1
    },
    "technologies": [
        {
            "id": "google_analytics",
            "name": "Google Analytics",
            "category": "analytics",
            "category_label": "Analytics/Werbung",
            "confidence": "high",
            "risk_score": 80,
            "privacy_relevance": "hoch",
            "evidence": [
                "Signal: google-analytics.com"
            ],
            "source": "technology_analysis"
        },
        {
            "id": "google_tag_manager",
            "name": "Google Tag Manager",
            "category": "analytics",
            "category_label": "Analytics/Werbung",
            "confidence": "high",
            "risk_score": 80,
            "privacy_relevance": "hoch",
            "evidence": [
                "Signal: googletagmanager.com",
                "Script-Domain: googletagmanager.com"
            ],
            "source": "technology_analysis"
        },
        {
            "id": "cookiebot",
            "name": "Cookiebot",
            "category": "consent",
            "category_label": "Consent",
            "confidence": "high",
            "risk_score": 58,
            "privacy_relevance": "mittel",
            "evidence": [
                "Signal: cookiebot"
            ],
            "source": "technology_analysis"
        },
        {
            "id": "cloudflare",
            "name": "Cloudflare",
            "category": "hosting_cdn",
            "category_label": "Hosting/CDN",
            "confidence": "high",
            "risk_score": 42,
            "privacy_relevance": "niedrig",
            "evidence": [
                "Signal: cloudflare"
            ],
            "source": "technology_analysis"
        },
        {
            "id": "fastly",
            "name": "Fastly",
            "category": "hosting_cdn",
            "category_label": "Hosting/CDN",
            "confidence": "high",
            "risk_score": 42,
            "privacy_relevance": "niedrig",
            "evidence": [
                "Signal: x-served-by"
            ],
            "source": "technology_analysis"
        },
        {
            "id": "vercel",
            "name": "Vercel",
            "category": "hosting_cdn",
            "category_label": "Hosting/CDN",
            "confidence": "high",
            "risk_score": 42,
            "privacy_relevance": "niedrig",
            "evidence": [
                "Signal: vercel"
            ],
            "source": "technology_analysis"
        },
        {
            "id": "provider_gvba.b-cdn.net",
            "name": "gvba.b-cdn.net",
            "category": "other",
            "category_label": "other",
            "confidence": "browser",
            "risk_score": 42,
            "privacy_relevance": "niedrig",
            "evidence": [
                "gvba.b-cdn.net",
                "26 Request(s)"
            ],
            "source": "browser_analysis"
        },
        {
            "id": "provider_linkedin",
            "name": "LinkedIn",
            "category": "social_tracking",
            "category_label": "social_tracking",
            "confidence": "browser",
            "risk_score": 35,
            "privacy_relevance": "niedrig",
            "evidence": [
                "px4.ads.linkedin.com",
                "1 Request(s)"
            ],
            "source": "browser_analysis"
        },
        {
            "id": "provider_meta_facebook",
            "name": "Meta/Facebook",
            "category": "social_tracking",
            "category_label": "social_tracking",
            "confidence": "browser",
            "risk_score": 35,
            "privacy_relevance": "niedrig",
            "evidence": [
                "facebook.com",
                "1 Request(s)"
            ],
            "source": "browser_analysis"
        },
        {
            "id": "provider_youtube",
            "name": "YouTube",
            "category": "video_embed",
            "category_label": "video_embed",
            "confidence": "browser",
            "risk_score": 35,
            "privacy_relevance": "niedrig",
            "evidence": [
                "youtube.com",
                "2 Request(s)"
            ],
            "source": "browser_analysis"
        },
        {
            "id": "provider_assets.adobedtm.com",
            "name": "assets.adobedtm.com",
            "category": "other",
            "category_label": "other",
            "confidence": "browser",
            "risk_score": 35,
            "privacy_relevance": "niedrig",
            "evidence": [
                "assets.adobedtm.com",
                "6 Request(s)"
            ],
            "source": "browser_analysis"
        },
        {
            "id": "provider_gvb.imgix.net",
            "name": "gvb.imgix.net",
            "category": "other",
            "category_label": "other",
            "confidence": "browser",
            "risk_score": 35,
            "privacy_relevance": "niedrig",
            "evidence": [
                "gvb.imgix.net",
                "10 Request(s)"
            ],
            "source": "browser_analysis"
        },
        {
            "id": "provider_gvb.tt.omtrdc.net",
            "name": "gvb.tt.omtrdc.net",
            "category": "other",
            "category_label": "other",
            "confidence": "browser",
            "risk_score": 35,
            "privacy_relevance": "niedrig",
            "evidence": [
                "gvb.tt.omtrdc.net",
                "1 Request(s)"
            ],
            "source": "browser_analysis"
        },
        {
            "id": "provider_smetrics.gvb.ch",
            "name": "smetrics.gvb.ch",
            "category": "other",
            "category_label": "other",
            "confidence": "browser",
            "risk_score": 35,
            "privacy_relevance": "niedrig",
            "evidence": [
                "smetrics.gvb.ch",
                "1 Request(s)"
            ],
            "source": "browser_analysis"
        }
    ],
    "operator_actions": [
        {
            "id": "action_google_analytics",
            "technology": "Google Analytics",
            "priority": "hoch",
            "owner": "Marketing/IT/Datenschutz",
            "action": "Tracking-, Werbe- und Tag-Manager-Dienste bis zur aktiven Einwilligung blockieren und in Consent, Datenschutzhinweis und Anbieterregister erklären.",
            "guide_url": "https://saferpage.de/consent/gvb.ch"
        },
        {
            "id": "action_google_tag_manager",
            "technology": "Google Tag Manager",
            "priority": "hoch",
            "owner": "Marketing/IT/Datenschutz",
            "action": "Tracking-, Werbe- und Tag-Manager-Dienste bis zur aktiven Einwilligung blockieren und in Consent, Datenschutzhinweis und Anbieterregister erklären.",
            "guide_url": "https://saferpage.de/consent/gvb.ch"
        },
        {
            "id": "action_cookiebot",
            "technology": "Cookiebot",
            "priority": "mittel",
            "owner": "Website-Betrieb/Datenschutz",
            "action": "Techniksignal fachlich einordnen, Zweck, Anbieter, Datenarten und notwendige Nachweise ergänzen.",
            "guide_url": "https://saferpage.de/guides/datenschutz-webseiten-pruefkatalog"
        },
        {
            "id": "action_cloudflare",
            "technology": "Cloudflare",
            "priority": "mittel",
            "owner": "IT/Security/Vendor Owner",
            "action": "Hosting/CDN, TLS, E-Mail-Schutz, Security-Header, CAA/DMARC und Anbieterrolle mit AVV/DPA/TOM-Nachweis prüfen.",
            "guide_url": "https://saferpage.de/anbieter/gvb.ch"
        },
        {
            "id": "action_fastly",
            "technology": "Fastly",
            "priority": "mittel",
            "owner": "IT/Security/Vendor Owner",
            "action": "Hosting/CDN, TLS, E-Mail-Schutz, Security-Header, CAA/DMARC und Anbieterrolle mit AVV/DPA/TOM-Nachweis prüfen.",
            "guide_url": "https://saferpage.de/anbieter/gvb.ch"
        },
        {
            "id": "action_vercel",
            "technology": "Vercel",
            "priority": "mittel",
            "owner": "IT/Security/Vendor Owner",
            "action": "Hosting/CDN, TLS, E-Mail-Schutz, Security-Header, CAA/DMARC und Anbieterrolle mit AVV/DPA/TOM-Nachweis prüfen.",
            "guide_url": "https://saferpage.de/anbieter/gvb.ch"
        },
        {
            "id": "action_provider_gvba.b-cdn.net",
            "technology": "gvba.b-cdn.net",
            "priority": "mittel",
            "owner": "Website-Betrieb/Datenschutz",
            "action": "Techniksignal fachlich einordnen, Zweck, Anbieter, Datenarten und notwendige Nachweise ergänzen.",
            "guide_url": "https://saferpage.de/guides/datenschutz-webseiten-pruefkatalog"
        },
        {
            "id": "action_provider_linkedin",
            "technology": "LinkedIn",
            "priority": "mittel",
            "owner": "Website-Betrieb/Datenschutz",
            "action": "Techniksignal fachlich einordnen, Zweck, Anbieter, Datenarten und notwendige Nachweise ergänzen.",
            "guide_url": "https://saferpage.de/guides/datenschutz-webseiten-pruefkatalog"
        },
        {
            "id": "action_provider_meta_facebook",
            "technology": "Meta/Facebook",
            "priority": "mittel",
            "owner": "Website-Betrieb/Datenschutz",
            "action": "Techniksignal fachlich einordnen, Zweck, Anbieter, Datenarten und notwendige Nachweise ergänzen.",
            "guide_url": "https://saferpage.de/guides/datenschutz-webseiten-pruefkatalog"
        },
        {
            "id": "action_provider_youtube",
            "technology": "YouTube",
            "priority": "mittel",
            "owner": "Website-Betrieb/Datenschutz",
            "action": "Techniksignal fachlich einordnen, Zweck, Anbieter, Datenarten und notwendige Nachweise ergänzen.",
            "guide_url": "https://saferpage.de/guides/datenschutz-webseiten-pruefkatalog"
        }
    ],
    "cms_playbooks": [
        {
            "id": "generic",
            "platform": "Allgemeines Website-Deployment",
            "summary": "Im passiven Check wurde kein eindeutiges CMS erkannt. Trotzdem sollten Betreiber Release, Consent, Drittanbieter, Security-Header und Nachweise wie bei einem CMS-Update behandeln.",
            "steps": [
                "Deployment-Quelle, Hosting/CDN, externe Skripte, Consent-Tool und wichtige Templates inventarisieren.",
                "Alle nicht notwendigen Drittanbieter vor Einwilligung blockieren und Anbieterzwecke dokumentieren.",
                "Security-Header, HTTPS/HSTS, Referrer-Policy, CSP und Cookie-Attribute prüfen.",
                "Nach Änderungen Re-Scan, Screenshot, JSON/CSV und Fix-Guides ablegen."
            ],
            "acceptance": [
                "Release-Änderung ist nachvollziehbar.",
                "Drittanbieter-/Cookie-Abgleich ist aktualisiert.",
                "Re-Scan und Nachweise sind verlinkt."
            ],
            "owner": "Webbetrieb/IT/Datenschutz",
            "guide_url": "https://saferpage.de/guides/cms-plugin-patchstand-nachweisen",
            "rescan_url": "https://saferpage.de/?url=gvb.ch"
        }
    ],
    "infrastructure": {
        "risk_level": "low",
        "positive_signals": [
            "Mehrere IP-Adressen gefunden: Hinweis auf redundante Infrastruktur oder CDN.",
            "Moderne TLS-Version aktiv: TLSv1.3.",
            "HSTS ist aktiv.",
            "DMARC ist für die Domain vorhanden.",
            "CAA-Records begrenzen Zertifikatsaussteller."
        ],
        "findings": []
    },
    "links": {
        "technology_center": "https://saferpage.de/technik/gvb.ch",
        "json": "https://saferpage.de/technik/gvb.ch/export",
        "csv": "https://saferpage.de/technik/gvb.ch/export-csv",
        "markdown": "https://saferpage.de/technik/gvb.ch/stack-md",
        "report": "https://saferpage.de/gvb.ch",
        "vendors": "https://saferpage.de/anbieter/gvb.ch",
        "consent": "https://saferpage.de/consent/gvb.ch",
        "findings": "https://saferpage.de/befunde/gvb.ch",
        "evidence": "https://saferpage.de/nachweise/gvb.ch"
    },
    "disclaimer": "Technik-Erkennung ist passiv: SaferPage wertet sichtbare Header, HTML-, Script-, Asset- und Browserkontakte aus. Nicht sichtbare Servertechnik, interne Plugins und Logins werden nicht behauptet."
}
