Check DNS, Urls + Redirects, Certificates and Content of your Website

...

skip EDNS-Check

skip Content-Check

check links

Misconfiguration - http-status 400 - 499

Checked:
15.06.2025 12:17:34

Older results

M - 14.02.2025 20:41:30

M - 04.02.2025 16:22:03

M - 10.02.2024 11:20:50

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
lift-api.vfsglobal.com	CNAME	lift-api.vfsglobal.com.cdn.cloudflare.net	yes	1	0
	A	104.18.37.49 Toronto/Ontario/Canada (CA) - Cloudflare, Inc. No Hostname found	yes
	A	172.64.150.207 Toronto/Ontario/Canada (CA) - Cloudflare, Inc. No Hostname found	yes
	AAAA	2606:4700:4400::6812:2531 San Francisco/California/United States (US) - Cloudflare, Inc.	yes
	AAAA	2606:4700:4400::ac40:96cf San Francisco/California/United States (US) - Cloudflare, Inc.	yes
www.lift-api.vfsglobal.com		Name Error	yes	1	0
*.vfsglobal.com	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes
*.lift-api.vfsglobal.com	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 53148, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.07.2025, 00:00:00 +, Signature-Inception: 10.06.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 28.06.2025, 05:00:00 +, Signature-Inception: 15.06.2025, 04:00:00 +, KeyTag 53148, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 53148 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 40097, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 26.06.2025, 14:02:35 +, Signature-Inception: 11.06.2025, 13:57:35 +, KeyTag 19718, Signer-Name: com


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: vfsglobal.com
vfsglobal.com	2 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 63625, DigestType 2 and Digest Kj0hxPuzxCtXFyc3fOp3KZJRlKzVwoZ/o0rJoRHzDPk=


	DS with Algorithm 13, KeyTag 58274, DigestType 2 and Digest lIHGH4+OYz42uqiDo37DwMMGY1w4p90P26TI0pd26tE=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner vfsglobal.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 19.06.2025, 02:02:36 +, Signature-Inception: 12.06.2025, 00:52:36 +, KeyTag 40097, Signer-Name: com


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 40097 used to validate the DS RRSet in the parent zone


	4 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 11046, Flags 256


	Public Key with Algorithm 13, KeyTag 19077, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 21681, Flags 256


	Public Key with Algorithm 13, KeyTag 58274, Flags 257 (SEP = Secure Entry Point)


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner vfsglobal.com., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 25.06.2025, 14:31:27 +, Signature-Inception: 10.06.2025, 14:31:27 +, KeyTag 58274, Signer-Name: vfsglobal.com


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 58274 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 58274, DigestType 2 and Digest "lIHGH4+OYz42uqiDo37DwMMGY1w4p90P26TI0pd26tE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: lift-api.vfsglobal.com
lift-api.vfsglobal.com	0 DS RR in the parent zone found


	RRSIG Type 5 validates the CNAME - Result: lift-api.vfsglobal.com.cdn.cloudflare.net Validated: RRSIG-Owner lift-api.vfsglobal.com., Algorithm: 13, 3 Labels, original TTL: 600 sec, Signature-expiration: 25.06.2025, 14:31:27 +, Signature-Inception: 10.06.2025, 14:31:27 +, KeyTag 21681, Signer-Name: vfsglobal.com

Zone: www.lift-api.vfsglobal.com
www.lift-api.vfsglobal.com	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "lift-api.vfsglobal.com" and the NextOwner "lift-api-uat.vfsglobal.com". So the parent zone confirmes the non-existence of a DS RR. Bitmap: CNAME, RRSIG, NSEC


	DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "lidprotest.vfsglobal.com" and the NextOwner "lift.vfsglobal.com". So the parent zone confirmes the non-existence of a DS RR. Bitmap: A, RRSIG, NSEC

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 53148, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.07.2025, 00:00:00 +, Signature-Inception: 10.06.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: net
net	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 28.06.2025, 05:00:00 +, Signature-Inception: 15.06.2025, 04:00:00 +, KeyTag 53148, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 53148 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 37331, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 45412, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner net., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 26.06.2025, 14:10:35 +, Signature-Inception: 11.06.2025, 14:05:35 +, KeyTag 37331, Signer-Name: net


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 37331 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest "LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: cloudflare.net
cloudflare.net	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest kPcQoQfaUe14El0wpocEzzwDCK/QG/zXBX1L0Dtixos=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner cloudflare.net., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 22.06.2025, 03:02:55 +, Signature-Inception: 15.06.2025, 01:52:55 +, KeyTag 45412, Signer-Name: net


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 45412 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 34505, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner cloudflare.net., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 27.07.2025, 08:03:59 +, Signature-Inception: 27.05.2025, 08:03:59 +, KeyTag 2371, Signer-Name: cloudflare.net


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "kPcQoQfaUe14El0wpocEzzwDCK/QG/zXBX1L0Dtixos=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: cdn.cloudflare.net
cdn.cloudflare.net	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "cdn.cloudflare.net" and the NextOwner "\000.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR. Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA


	0 DNSKEY RR found




Zone: com.cdn.cloudflare.net
com.cdn.cloudflare.net	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "com.cdn.cloudflare.net" and the NextOwner "\000.com.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR. Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA


	0 DNSKEY RR found




Zone: vfsglobal.com.cdn.cloudflare.net
vfsglobal.com.cdn.cloudflare.net	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "vfsglobal.com.cdn.cloudflare.net" and the NextOwner "\000.vfsglobal.com.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR. Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA


	0 DNSKEY RR found




Zone: lift-api.vfsglobal.com.cdn.cloudflare.net
lift-api.vfsglobal.com.cdn.cloudflare.net	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "lift-api.vfsglobal.com.cdn.cloudflare.net" and the NextOwner "\000.lift-api.vfsglobal.com.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR. Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA


	0 DNSKEY RR found





	RRSIG Type 1 validates the A - Result: 104.18.37.49 172.64.150.207 Validated: RRSIG-Owner lift-api.vfsglobal.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 300 sec, Signature-expiration: 16.06.2025, 11:18:46 +, Signature-Inception: 14.06.2025, 09:18:46 +, KeyTag 34505, Signer-Name: cloudflare.net


	RRSIG Type 28 validates the AAAA - Result: 2606:4700:4400:0000:0000:0000:6812:2531 2606:4700:4400:0000:0000:0000:AC40:96CF Validated: RRSIG-Owner lift-api.vfsglobal.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 300 sec, Signature-expiration: 16.06.2025, 11:18:46 +, Signature-Inception: 14.06.2025, 09:18:46 +, KeyTag 34505, Signer-Name: cloudflare.net


	CNAME-Query sends a valid NSEC RR as result with the query name "lift-api.vfsglobal.com.cdn.cloudflare.net" equal the NSEC-owner "lift-api.vfsglobal.com.cdn.cloudflare.net" and the NextOwner "\000.lift-api.vfsglobal.com.cdn.cloudflare.net". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner lift-api.vfsglobal.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 1800 sec, Signature-expiration: 16.06.2025, 11:18:46 +, Signature-Inception: 14.06.2025, 09:18:46 +, KeyTag 34505, Signer-Name: cloudflare.net


	Status: Good. NoData-Proof required and found.


	TXT-Query sends a valid NSEC RR as result with the query name "lift-api.vfsglobal.com.cdn.cloudflare.net" equal the NSEC-owner "lift-api.vfsglobal.com.cdn.cloudflare.net" and the NextOwner "\000.lift-api.vfsglobal.com.cdn.cloudflare.net". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner lift-api.vfsglobal.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 1800 sec, Signature-expiration: 16.06.2025, 11:18:47 +, Signature-Inception: 14.06.2025, 09:18:47 +, KeyTag 34505, Signer-Name: cloudflare.net


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.lift-api.vfsglobal.com.cdn.cloudflare.net) sends a valid NSEC RR as result with the query name "_443._tcp.lift-api.vfsglobal.com.cdn.cloudflare.net" equal the NSEC-owner "_443._tcp.lift-api.vfsglobal.com.cdn.cloudflare.net" and the NextOwner "\000._443._tcp.lift-api.vfsglobal.com.cdn.cloudflare.net". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner _443._tcp.lift-api.vfsglobal.com.cdn.cloudflare.net., Algorithm: 13, 8 Labels, original TTL: 1800 sec, Signature-expiration: 16.06.2025, 11:18:47 +, Signature-Inception: 14.06.2025, 09:18:47 +, KeyTag 34505, Signer-Name: cloudflare.net


	Status: Good. NoData-Proof required and found.


	CAA-Query sends a valid NSEC RR as result with the query name "lift-api.vfsglobal.com.cdn.cloudflare.net" equal the NSEC-owner "lift-api.vfsglobal.com.cdn.cloudflare.net" and the NextOwner "\000.lift-api.vfsglobal.com.cdn.cloudflare.net". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner lift-api.vfsglobal.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 1800 sec, Signature-expiration: 16.06.2025, 11:18:47 +, Signature-Inception: 14.06.2025, 09:18:47 +, KeyTag 34505, Signer-Name: cloudflare.net


	Status: Good. NoData-Proof required and found.

3. Name Servers

Domain	Nameserver	NS-IP
www.lift-api.vfsglobal.com	• pdns09.domaincontrol.com
vfsglobal.com	• pdns09.domaincontrol.com / hex:0D 70 30 31	97.74.110.54 Tempe/Arizona/United States (US) - Host Europe GmbH	•
	•	2603:5:21e2::36 New York/United States (US) - Host Europe GmbH	•
	• pdns10.domaincontrol.com / hex:0D 70 32 34	173.201.78.54 Tempe/Arizona/United States (US) - Host Europe GmbH	•
	•	2603:5:22e2::36 New York/United States (US) - Host Europe GmbH	•
com	• a.gtld-servers.net / nnn1-par6		•
	• b.gtld-servers.net / nnn1-eltxl1		•
	• c.gtld-servers.net / nnn1-par6		•
	• d.gtld-servers.net / nnn1-par6		•
	• e.gtld-servers.net / nnn1-par6		•
	• f.gtld-servers.net / nnn1-defra-4		•
	• g.gtld-servers.net / nnn1-defra-4		•
	• h.gtld-servers.net / nnn1-defra-4		•
	• i.gtld-servers.net / nnn1-defra-4		•
	• j.gtld-servers.net / nnn1-frmrs-2		•
	• k.gtld-servers.net / nnn1-frmrs-2		•
	• l.gtld-servers.net / nnn1-frmrs-2		•
	• m.gtld-servers.net / nnn1-frmrs-2		•

lift-api.vfsglobal.com.cdn.cloudflare.net	• ns1.cloudflare.net / 67m87	173.245.59.31 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::adf5:3b1f San Francisco/California/United States (US) - CLOUDFLARE	•
vfsglobal.com.cdn.cloudflare.net	• ns1.cloudflare.net / 67m63	173.245.59.31 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::adf5:3b1f San Francisco/California/United States (US) - CLOUDFLARE	•
com.cdn.cloudflare.net	• ns1.cloudflare.net / 67m96	173.245.59.31 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::adf5:3b1f San Francisco/California/United States (US) - CLOUDFLARE	•
cdn.cloudflare.net	• ns1.cloudflare.net / 67m60	173.245.59.31 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::adf5:3b1f San Francisco/California/United States (US) - CLOUDFLARE	•
cloudflare.net	• ns1.cloudflare.net / 67m104	173.245.59.31 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::adf5:3b1f San Francisco/California/United States (US) - CLOUDFLARE	•
	• ns2.cloudflare.net / 67m84	198.41.222.131 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::c629:de83 San Francisco/California/United States (US) - CLOUDFLARE	•
	• ns3.cloudflare.net / 67m79	198.41.222.31 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::c629:de1f San Francisco/California/United States (US) - CLOUDFLARE	•
	• ns4.cloudflare.net / 67m109	198.41.223.131 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::c629:df83 San Francisco/California/United States (US) - CLOUDFLARE	•
	• ns5.cloudflare.net / 67m106	198.41.223.31 Toronto/Ontario/Canada (CA) - Cloudflare, Inc.	•
	•	2400:cb00:2049:1::c629:df1f San Francisco/California/United States (US) - CLOUDFLARE	•
net	• a.gtld-servers.net / nnn1-par6		•
	• b.gtld-servers.net / nnn1-eltxl1		•
	• c.gtld-servers.net / nnn1-par6		•
	• d.gtld-servers.net / nnn1-par6		•
	• e.gtld-servers.net / nnn1-par6		•
	• f.gtld-servers.net / nnn1-defra-4		•
	• g.gtld-servers.net / nnn1-defra-4		•
	• h.gtld-servers.net / nnn1-defra-4		•
	• i.gtld-servers.net / nnn1-defra-4		•
	• j.gtld-servers.net / nnn1-frmrs-2		•
	• k.gtld-servers.net / nnn1-frmrs-2		•
	• l.gtld-servers.net / nnn1-frmrs-2		•
	• m.gtld-servers.net / nnn1-frmrs-2		•

4. SOA-Entries

Domain:	com
Zone-Name:	com
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1749982628
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	900
num Entries:	7

Domain:	com
Zone-Name:	com
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1749982648
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	900
num Entries:	6

Domain:	vfsglobal.com
Zone-Name:	vfsglobal.com
Primary:	pdns09.domaincontrol.com
Mail:	dns.jomax.net
Serial:	2025061000
Refresh:	28800
Retry:	7200
Expire:	604800
TTL:	86400
num Entries:	4

Domain:	www.lift-api.vfsglobal.com
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1


Domain:	net
Zone-Name:	net
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1749982648
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	900
num Entries:	3

Domain:	net
Zone-Name:	net
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1749982658
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	900
num Entries:	10

Domain:	cloudflare.net
Zone-Name:	cloudflare.net
Primary:	ns1.cloudflare.net
Mail:	dns.cloudflare.com
Serial:	2375029846
Refresh:	10000
Retry:	2400
Expire:	604800
TTL:	1800
num Entries:	10

Domain:	cdn.cloudflare.net
Zone-Name:	cloudflare.net
Primary:	ns1.cloudflare.net
Mail:	dns.cloudflare.com
Serial:	2375029846
Refresh:	10000
Retry:	2400
Expire:	604800
TTL:	1800
num Entries:	2

Domain:	com.cdn.cloudflare.net
Zone-Name:	cloudflare.net
Primary:	ns1.cloudflare.net
Mail:	dns.cloudflare.com
Serial:	2375029846
Refresh:	10000
Retry:	2400
Expire:	604800
TTL:	1800
num Entries:	2

Domain:	vfsglobal.com.cdn.cloudflare.net
Zone-Name:	cloudflare.net
Primary:	ns1.cloudflare.net
Mail:	dns.cloudflare.com
Serial:	2375029846
Refresh:	10000
Retry:	2400
Expire:	604800
TTL:	1800
num Entries:	2

Domain:	lift-api.vfsglobal.com.cdn.cloudflare.net
Zone-Name:	cloudflare.net
Primary:	ns1.cloudflare.net
Mail:	dns.cloudflare.com
Serial:	2375029846
Refresh:	10000
Retry:	2400
Expire:	604800
TTL:	1800
num Entries:	2

5. Screenshots

Startaddress: https://lift-api.vfsglobal.com/, address used: https://lift-api.vfsglobal.com/, Screenshot created 2025-06-15 12:21:19 +00:0

Mobil (412px x 732px)

1077 milliseconds

Screenshot mobile - https://lift-api.vfsglobal.com/

Mobil + Landscape (732px x 412px)

1103 milliseconds

Screenshot mobile landscape - https://lift-api.vfsglobal.com/

Screen (1280px x 1680px)

1172 milliseconds

Screenshot Desktop - https://lift-api.vfsglobal.com/

Mobile- and other Chrome-Checks

	width	height
visual Viewport	396	732
content Size	396	1065

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://lift-api.vfsglobal.com/ 104.18.37.49 gzip used - 2095 / 5453 - 61.58 %	403	Html is minified: 190.60 %	0.140
Forbidden
Date: Sun, 15 Jun 2025 10:20:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=K85CNrmuw4og.Dixm7pfV8BhSsf_Id3ni_0lBBVi_Ws-1749982801-1.0.1.1-8HHIUezhoXtbg3F7b.g72ew_vghB1w9huz8mvNA_dMPKI1x3mYPW1NInmkYNOa8EljmV90aYSgTuZ6aa7pFVpjKHtHuWCfi2Z5xI.b0BqfA; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2F%2BrTFFjVuw%2BYshU8tA%2FSNtto3nzrrh78ZNDlblVsTEd5ldPYIlDtKysDZikVbS2O64R8LGlCEl9hb%2FxWWOt8kWGsDvxTWivAyNNXH1ywcjn8lHinajFa0wuTyJFbq6d5yttPEyw92E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 9501551cca914504-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
Content-Length: 2095

• http://lift-api.vfsglobal.com/ 172.64.150.207 gzip used - 2094 / 5453 - 61.60 %	403	Html is minified: 190.60 %	0.047
Forbidden
Date: Sun, 15 Jun 2025 10:20:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=T2mpJSq39dFOyIDOox0ZJsTTcAohPNZW4sBtVrJs4X0-1749982801-1.0.1.1-obnHLxVOBiUtRcumO4TxPdVH_uSArGBTX1Gzk5LuwsLw4Oe4.JF7EYboUv8p_erytn871RtfWIyJiSttEds9JSbcLMwF95yT8iyf4f0mdaw; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AR8unJszR5JSJ4%2FhYaO6%2B49lfojs0KIP%2FL%2FpIbWiNdvrGvMMeROtRC9xQZMHy6SsXkbrcNjm6qXuV5n4lVYn3wfKyaiyXQ%2BaxQiDs4oiLEzmFwfxaogcNV1GgMTSWcjozaacI1mLis0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 9501551def41e533-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
Content-Length: 2094

• http://lift-api.vfsglobal.com/ 2606:4700:4400::6812:2531 gzip used - 2100 / 5460 - 61.54 %	403	Html is minified: 190.38 %	0.063
Forbidden
Date: Sun, 15 Jun 2025 10:20:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=YguXSdwX_X47lDMIeUcMSVOVSrAQYvpEf7_hN54KqtA-1749982801-1.0.1.1-tf5bOUHScldXHJnyWfHnDJ74pbYfSPYNa3C7gRglMdTlEDaccPi2P.uuT93dLPSUZ.LNwXFSSZhm0YBj7vhlI2WMUVolvYPsfkwWT_SF8Q8; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vTp%2BTaCqb4zoymFJLmtaAx90dD5Cm6aXTiqAK%2BniAWHzERA2TTf3DJ6d%2FuL4bxUgbmXo6dahCvNnN0dWf3f52Rtwu7nw4KKZwv8OcR%2BmDJRzgefq6sHos6OelSeTd8eHNouMFdN7%2F9zEoHfxZe6TaKcn%2B%2Fc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 9501551e3e17e529-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
Content-Length: 2100

• http://lift-api.vfsglobal.com/ 2606:4700:4400::ac40:96cf gzip used - 2099 / 5460 - 61.56 %	403	Html is minified: 190.38 %	0.080
Forbidden
Date: Sun, 15 Jun 2025 10:20:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=5rY_JX1sEGEpNDtHEttbFlRADpV41XNunsmLmbIfohU-1749982801-1.0.1.1-8jLLgegwLyM1u0U8oWUL6t99naE35tOF0fZELoAaUKzR3pUXJQqykRyQHJvINekngrtFJzmuhPAQ5YUbOOofoCWd9p_oU_Q5w89AUalum9I; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b2d7uwdhuct%2FrO0L7fV3Mm7J2fUrUBHs94XHUMi1p%2FW8%2FTOFRUpSq4YolscRza7zm%2By7hJKkqlO9zKeCbv0Ek%2FLFdqSOykjkD8HfPSUK7jI23Lz98Uexclm0lLLRJJ40Z3lKbZUK9Z7zTJP4NLc%2FdzUMXnI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 9501551edcd1e51e-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
Content-Length: 2099

• https://lift-api.vfsglobal.com/ 104.18.37.49 br used - 1909 / 5453 - 64.99 % Inline-JavaScript (∑/total): 4/1535 Inline-CSS (∑/total): 1/24	403	Html is minified: 190.60 % Other inline scripts (∑/total): 0/0	2.977	M
Forbidden
Date: Sun, 15 Jun 2025 10:20:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=3ETnizUytdCqrQHQFmRRZeG.sa8v.TdAXkygDfTO.tg-1749982801-1.0.1.1-BvoQXMUIdb.69j.o3cwFlb_u3cvAMOvV4LcvWfe7IzqFO7dbU2agQwlQHIdfiLH1QfpNm9tkmWhrp5FpycKT.CfMrvJ1H87z_Di0tiUk2tc; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXujciyioU4HeDi1t97Q%2BnYayNFCGwPdDPzdV8pjSEU7cNdG%2FEHuWcUyx1TnevigS0jBLqwOhh%2FtBjSBhjJXPC3tFR9znl7NbzGYkidppwd03l0tk4jPVz2e0HrlMCkraWNfv7WFsFo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 9501551fc97ce525-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: br
Content-Length: 1909

• https://lift-api.vfsglobal.com/ 172.64.150.207 br used - 1909 / 5453 - 64.99 % Inline-JavaScript (∑/total): 4/1535 Inline-CSS (∑/total): 1/24	403	Html is minified: 190.60 % Other inline scripts (∑/total): 0/0	3.037	M
Forbidden
Date: Sun, 15 Jun 2025 10:20:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=2Frcy1bCjjfHmrQlbbi_u8tYLmo7yooFXQs6JoDOCak-1749982807-1.0.1.1-Q004T.zu3mWfZd3rnl8kIK6XOEwmtvoYnpcjv3Qd7MZIk2URo2xQvbaulD9ttjJddwYdsbWXoxgMQ2RpZ3i1zjCKbVb8EligSS8AV.k.HSQ; path=/; expires=Sun, 15-Jun-25 10:50:07 GMT; domain=.vfsglobal.com; HttpOnly; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v7ThkXZJIqGg70haH0VV0JuSCS6761HILm9OHyZsL%2Bu%2FpyYDLMm8uhaDiFzsJuwFr0mJjq8hHVhM6Wmem%2B%2B6H3VRtyF3xJ3rypgh24aXBuzK9zgqcY2HRBrnenqdLnryANzl3UyR2OA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 950155425cfbe50a-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: br
Content-Length: 1909

• https://lift-api.vfsglobal.com/ 2606:4700:4400::6812:2531 br used - 1912 / 5460 - 64.98 % Inline-JavaScript (∑/total): 4/1535 Inline-CSS (∑/total): 1/24	403	Html is minified: 190.38 % Other inline scripts (∑/total): 0/0	2.974	M
Forbidden
Date: Sun, 15 Jun 2025 10:20:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=Si99ZRQJ3SJ8NhUSWRI_3g37RTBsEkwzYC6BAZalx24-1749982813-1.0.1.1-ddo1AvS0qn.5DOUb5bgcDtqrs8VkCv0WZ_gVHQBSrevX5UPOpDUS_y.1ADiawIRJMBrEHvAjv1BnoFUqscXDl4mq89BDYAY7KHVTv1Msjvw; path=/; expires=Sun, 15-Jun-25 10:50:13 GMT; domain=.vfsglobal.com; HttpOnly; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4qX%2BPFWl0UAwKznXOiORw%2FHeiw1mow%2ByciMK%2BtUE5iCP7Sw%2FiYLLGcCNSiorO2MyKh7HrNg9kGYnoxT1Y9bWJH9eRgmKrrJVTDwTorg2EN%2F1DZL1msGsFhq0m8pEaCrJXP7q35KHWMmI7KSMqQNXO%2Bo2r4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 950155658d722685-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: br
Content-Length: 1912

• https://lift-api.vfsglobal.com/ 2606:4700:4400::ac40:96cf br used - 1912 / 5460 - 64.98 % Inline-JavaScript (∑/total): 4/1535 Inline-CSS (∑/total): 1/24	403	Html is minified: 190.38 % Other inline scripts (∑/total): 0/0	2.890	M
Forbidden
Date: Sun, 15 Jun 2025 10:20:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=EhO33kLHP_fat3Ha5gFvmTgQw2TIAFc7Uw4d2cGyCYw-1749982818-1.0.1.1-qjsY3UM5Pe7SSHNjOYXnP.0XZLteXN1a.0u6swEU3wNwS7MUsVqMCXKHz.VDv17AzmOfF_xm0ukXcMSFLDFE15BK2ExamGwc5x9HaHFSTcw; path=/; expires=Sun, 15-Jun-25 10:50:18 GMT; domain=.vfsglobal.com; HttpOnly; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IEoWs1dPTRCJv%2Bg94nB0bfN2SEJ0BecOiYrn5hR2JjHMDeZnJHUoydk7WJyM8RnRXPbemaXZfc96QilCCVsTyl82LKqFBEX%2Bg1pFInfuqi5jUOCM%2BRzAAjlGqAmZ3QP7g4VYZ2JIrBDIp35GrOV2Ze4BG4o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 950155883f1fe507-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: br
Content-Length: 1912

• http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 104.18.37.49 gzip used - 1738 / 4515 - 61.51 % Inline-JavaScript (∑/total): 3/614 Inline-CSS (∑/total): 1/24	403	Html is minified: 157.81 % Other inline scripts (∑/total): 0/0	0.066
Forbidden
Visible Content:
Date: Sun, 15 Jun 2025 10:20:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=pDc41h9JT6.98ykW_N00xjc37lCtJfX1oeEYZig46YQ-1749982824-1.0.1.1-hpfD2iRmf0bXTEQSYlPmZ5TPUtkdOHgAaecUiBjamF8th7Zwg5j1sGuyCl5MLrCJJijX_G8U_Vr5mBtNzfNrUeaHkDAyRmlZAB1n88ds5ms; path=/; expires=Sun, 15-Jun-25 10:50:24 GMT; domain=.vfsglobal.com; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MM09m0pPl3tH74wsJPxR9UunBx%2F%2FZQUb%2FvHWvaOSxWAZyZXENYCKed6a7qxoWK8aeycrwQQgRAFDoLwKqGn8lLfidW0EE%2BWxZBxkmPVrXEd%2B9A6tDpHuFQJTgEsdw9Lg5wBqlxMuZ%2Fc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 950155aa5c984504-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
Content-Length: 1738

• http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 172.64.150.207 gzip used - 1738 / 4515 - 61.51 % Inline-JavaScript (∑/total): 3/614 Inline-CSS (∑/total): 1/24	403	Html is minified: 157.81 % Other inline scripts (∑/total): 0/0	0.514
Forbidden
Visible Content:
Date: Sun, 15 Jun 2025 10:20:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=w5WjY_7DVM.xBkCDd.PQPS2pkdZ2y3N0GeYVYrBNKBs-1749982825-1.0.1.1-AU8smNVLVf7yclmCWTrxDVqlGBixyOoH734S7HlisSgiqGDQFAxicT3mIyVKMwfbGPSQPEJxBBasGvuHoXiX1nDfPbkljvTDiqO2Kvy8PEE; path=/; expires=Sun, 15-Jun-25 10:50:25 GMT; domain=.vfsglobal.com; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=99zjw3RgmmExZQmo09EjmOELwmRqD0xcH6Cz0awiuW4pWzzf9aqGFbNqFssTUaCaWRkDylXeNdBInsXgAkoPqXKOpE7yla0XB2IDph6%2FX7ZxL9kRx5ppT3fxIpq2ksybKrZLxGWGzEU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 950155b3f985e533-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
Content-Length: 1738

• http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2606:4700:4400::6812:2531 gzip used - 1743 / 4522 - 61.46 % Inline-JavaScript (∑/total): 3/614 Inline-CSS (∑/total): 1/24	403	Html is minified: 157.67 % Other inline scripts (∑/total): 0/0	0.043
Forbidden
Visible Content:
Date: Sun, 15 Jun 2025 10:20:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=mFPdaIeMqmlR17ForwWkgmFio.U95CNTYnnpR6Km.j4-1749982826-1.0.1.1-w_rS7Sk6CwkMhXXuG7qTEv_w1pkpPII01vw3NNLzGdfAXuOwZSrmpeaC0YrBp5gAOp4Ey3cvrOhm2SFWTbnXTFW2CjppVTl5rxyHKfouovk; path=/; expires=Sun, 15-Jun-25 10:50:26 GMT; domain=.vfsglobal.com; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLwzAahx0yfOe%2BNr3ct5HPdoscTLOjCHJlE06al%2BHx%2BdX9yF4eRFs3fwQhWItjFepFT%2BXRS09ukzkhUvjEHqGKXKynbK8U1liNgqG4pyxPnvdQTM%2FgVI%2BhmErGPpfedO%2B1DNcpRrJCYTWIuha2GdEAtdkEc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 950155ba3b08e513-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
Content-Length: 1743

• http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2606:4700:4400::ac40:96cf gzip used - 1742 / 4522 - 61.48 % Inline-JavaScript (∑/total): 3/614 Inline-CSS (∑/total): 1/24	403	Html is minified: 157.67 % Other inline scripts (∑/total): 0/0	0.060
Forbidden
Visible Content:
Date: Sun, 15 Jun 2025 10:20:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Set-Cookie: __cf_bm=5qI9rqbe8R5SewZ3QQ0oqIe.6HNjdOURL7tTNQV3l70-1749982827-1.0.1.1-mVbjBqiIz7ldWWN6GySFDR31Wx8Dfnwoks1RdkXQOCC5REjBdUJe58ukadpfvtS8nQMuPLtVrNFmyWg0G0pEoCHk8d4V2MWn3UMcupwZcsI; path=/; expires=Sun, 15-Jun-25 10:50:27 GMT; domain=.vfsglobal.com; HttpOnly
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lBnPXgyXOV65ibhMvCoSJwujk6I2EDgqo%2BATGzIiJFDBfls0iNe9z1WLH%2Fu4AL0FG3AQcfqyntQQvQlZgkTxO%2Biy777symJydXXWXtuqWOiZR%2B%2BGUOnlUAvsFTkgeN278kDpJOLDBcjXoaxzHBSaHZ7azUU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://visa.vfsglobal.com
Server: cloudflare
CF-RAY: 950155bfecc7e507-TXL
Alt-Svc: h3=":443"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip
Content-Length: 1742

• https://104.18.37.49/ 104.18.37.49	-103		0.030	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. (FF: SSL_ERROR_NO_CYPHER_OVERLAP)

• https://172.64.150.207/ 172.64.150.207	-103		0.033	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. (FF: SSL_ERROR_NO_CYPHER_OVERLAP)

• https://[2606:4700:4400:0000:0000:0000:6812:2531]/ 2606:4700:4400::6812:2531	-103		0.023	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. (FF: SSL_ERROR_NO_CYPHER_OVERLAP)

• https://[2606:4700:4400:0000:0000:0000:ac40:96cf]/ 2606:4700:4400::ac40:96cf	-103		0.037	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. (FF: SSL_ERROR_NO_CYPHER_OVERLAP)

7. Comments

	1. General Results, most used to calculate the result
A	name "lift-api.vfsglobal.com" is subdomain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 105960 (complete: 271405)
A	Good: All ip addresses are public addresses
A	Good: Minimal 2 ip addresses per domain name found: lift-api.vfsglobal.com has 4 different ip addresses (authoritative).
A	Good: Ipv4 and Ipv6 addresses per domain name found: lift-api.vfsglobal.com has 2 ipv4, 2 ipv6 addresses
A	Good: No asked Authoritative Name Server had a timeout
A	DNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
A	Good: every cookie sent via https is marked as secure
A	Good: Every cookie has a SameSite Attribute with a correct value Strict/Lax/None
A	Good: HSTS has preload directive
	Warning: HSTS preload sent, but not in Preload-List. Never send a preload directive if you don't know what preload means. Check https://hstspreload.org/ to learn the basics about the Google-Preload list. If you send a preload directive, you should immediately add your domain to the HSTS preload list via https://hstspreload.org/ . If Google accepts the domain, so the status is "pending": Note that new entries are hardcoded into the Chrome source code and can take several months before they reach the stable version. So you will see this message some months. If you don't want that or if you don't understand "preload", but if you send a preload directive and if you have correct A-redirects, everybody can add your domain to that list. Then you may have problems, it's not easy to undo that. So if you don't want your domain preloaded, remove the preload directive.
	HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
	http://lift-api.vfsglobal.com/ 104.18.37.49	403	__cf_bm=K85CNrmuw4og.Dixm7pfV8BhSsf_Id3ni_0lBBVi_Ws-1749982801-1.0.1.1-8HHIUezhoXtbg3F7b.g72ew_vghB1w9huz8mvNA_dMPKI1x3mYPW1NInmkYNOa8EljmV90aYSgTuZ6aa7pFVpjKHtHuWCfi2Z5xI.b0BqfA; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
	http://lift-api.vfsglobal.com/ 172.64.150.207	403	__cf_bm=T2mpJSq39dFOyIDOox0ZJsTTcAohPNZW4sBtVrJs4X0-1749982801-1.0.1.1-obnHLxVOBiUtRcumO4TxPdVH_uSArGBTX1Gzk5LuwsLw4Oe4.JF7EYboUv8p_erytn871RtfWIyJiSttEds9JSbcLMwF95yT8iyf4f0mdaw; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
	http://lift-api.vfsglobal.com/ 2606:4700:4400::6812:2531	403	__cf_bm=YguXSdwX_X47lDMIeUcMSVOVSrAQYvpEf7_hN54KqtA-1749982801-1.0.1.1-tf5bOUHScldXHJnyWfHnDJ74pbYfSPYNa3C7gRglMdTlEDaccPi2P.uuT93dLPSUZ.LNwXFSSZhm0YBj7vhlI2WMUVolvYPsfkwWT_SF8Q8; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
	http://lift-api.vfsglobal.com/ 2606:4700:4400::ac40:96cf	403	__cf_bm=5rY_JX1sEGEpNDtHEttbFlRADpV41XNunsmLmbIfohU-1749982801-1.0.1.1-8jLLgegwLyM1u0U8oWUL6t99naE35tOF0fZELoAaUKzR3pUXJQqykRyQHJvINekngrtFJzmuhPAQ5YUbOOofoCWd9p_oU_Q5w89AUalum9I; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 104.18.37.49	403	__cf_bm=pDc41h9JT6.98ykW_N00xjc37lCtJfX1oeEYZig46YQ-1749982824-1.0.1.1-hpfD2iRmf0bXTEQSYlPmZ5TPUtkdOHgAaecUiBjamF8th7Zwg5j1sGuyCl5MLrCJJijX_G8U_Vr5mBtNzfNrUeaHkDAyRmlZAB1n88ds5ms; path=/; expires=Sun, 15-Jun-25 10:50:24 GMT; domain=.vfsglobal.com; HttpOnly	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 172.64.150.207	403	__cf_bm=w5WjY_7DVM.xBkCDd.PQPS2pkdZ2y3N0GeYVYrBNKBs-1749982825-1.0.1.1-AU8smNVLVf7yclmCWTrxDVqlGBixyOoH734S7HlisSgiqGDQFAxicT3mIyVKMwfbGPSQPEJxBBasGvuHoXiX1nDfPbkljvTDiqO2Kvy8PEE; path=/; expires=Sun, 15-Jun-25 10:50:25 GMT; domain=.vfsglobal.com; HttpOnly	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2606:4700:4400::6812:2531	403	__cf_bm=mFPdaIeMqmlR17ForwWkgmFio.U95CNTYnnpR6Km.j4-1749982826-1.0.1.1-w_rS7Sk6CwkMhXXuG7qTEv_w1pkpPII01vw3NNLzGdfAXuOwZSrmpeaC0YrBp5gAOp4Ey3cvrOhm2SFWTbnXTFW2CjppVTl5rxyHKfouovk; path=/; expires=Sun, 15-Jun-25 10:50:26 GMT; domain=.vfsglobal.com; HttpOnly	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2606:4700:4400::ac40:96cf	403	__cf_bm=5qI9rqbe8R5SewZ3QQ0oqIe.6HNjdOURL7tTNQV3l70-1749982827-1.0.1.1-mVbjBqiIz7ldWWN6GySFDR31Wx8Dfnwoks1RdkXQOCC5REjBdUJe58ukadpfvtS8nQMuPLtVrNFmyWg0G0pEoCHk8d4V2MWn3UMcupwZcsI; path=/; expires=Sun, 15-Jun-25 10:50:27 GMT; domain=.vfsglobal.com; HttpOnly	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
B	http://lift-api.vfsglobal.com/ 104.18.37.49	403	__cf_bm=K85CNrmuw4og.Dixm7pfV8BhSsf_Id3ni_0lBBVi_Ws-1749982801-1.0.1.1-8HHIUezhoXtbg3F7b.g72ew_vghB1w9huz8mvNA_dMPKI1x3mYPW1NInmkYNOa8EljmV90aYSgTuZ6aa7pFVpjKHtHuWCfi2Z5xI.b0BqfA; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	http://lift-api.vfsglobal.com/ 172.64.150.207	403	__cf_bm=T2mpJSq39dFOyIDOox0ZJsTTcAohPNZW4sBtVrJs4X0-1749982801-1.0.1.1-obnHLxVOBiUtRcumO4TxPdVH_uSArGBTX1Gzk5LuwsLw4Oe4.JF7EYboUv8p_erytn871RtfWIyJiSttEds9JSbcLMwF95yT8iyf4f0mdaw; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	http://lift-api.vfsglobal.com/ 2606:4700:4400::6812:2531	403	__cf_bm=YguXSdwX_X47lDMIeUcMSVOVSrAQYvpEf7_hN54KqtA-1749982801-1.0.1.1-tf5bOUHScldXHJnyWfHnDJ74pbYfSPYNa3C7gRglMdTlEDaccPi2P.uuT93dLPSUZ.LNwXFSSZhm0YBj7vhlI2WMUVolvYPsfkwWT_SF8Q8; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	http://lift-api.vfsglobal.com/ 2606:4700:4400::ac40:96cf	403	__cf_bm=5rY_JX1sEGEpNDtHEttbFlRADpV41XNunsmLmbIfohU-1749982801-1.0.1.1-8jLLgegwLyM1u0U8oWUL6t99naE35tOF0fZELoAaUKzR3pUXJQqykRyQHJvINekngrtFJzmuhPAQ5YUbOOofoCWd9p_oU_Q5w89AUalum9I; path=/; expires=Sun, 15-Jun-25 10:50:01 GMT; domain=.vfsglobal.com; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 104.18.37.49	403	__cf_bm=pDc41h9JT6.98ykW_N00xjc37lCtJfX1oeEYZig46YQ-1749982824-1.0.1.1-hpfD2iRmf0bXTEQSYlPmZ5TPUtkdOHgAaecUiBjamF8th7Zwg5j1sGuyCl5MLrCJJijX_G8U_Vr5mBtNzfNrUeaHkDAyRmlZAB1n88ds5ms; path=/; expires=Sun, 15-Jun-25 10:50:24 GMT; domain=.vfsglobal.com; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 172.64.150.207	403	__cf_bm=w5WjY_7DVM.xBkCDd.PQPS2pkdZ2y3N0GeYVYrBNKBs-1749982825-1.0.1.1-AU8smNVLVf7yclmCWTrxDVqlGBixyOoH734S7HlisSgiqGDQFAxicT3mIyVKMwfbGPSQPEJxBBasGvuHoXiX1nDfPbkljvTDiqO2Kvy8PEE; path=/; expires=Sun, 15-Jun-25 10:50:25 GMT; domain=.vfsglobal.com; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2606:4700:4400::6812:2531	403	__cf_bm=mFPdaIeMqmlR17ForwWkgmFio.U95CNTYnnpR6Km.j4-1749982826-1.0.1.1-w_rS7Sk6CwkMhXXuG7qTEv_w1pkpPII01vw3NNLzGdfAXuOwZSrmpeaC0YrBp5gAOp4Ey3cvrOhm2SFWTbnXTFW2CjppVTl5rxyHKfouovk; path=/; expires=Sun, 15-Jun-25 10:50:26 GMT; domain=.vfsglobal.com; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2606:4700:4400::ac40:96cf	403	__cf_bm=5qI9rqbe8R5SewZ3QQ0oqIe.6HNjdOURL7tTNQV3l70-1749982827-1.0.1.1-mVbjBqiIz7ldWWN6GySFDR31Wx8Dfnwoks1RdkXQOCC5REjBdUJe58ukadpfvtS8nQMuPLtVrNFmyWg0G0pEoCHk8d4V2MWn3UMcupwZcsI; path=/; expires=Sun, 15-Jun-25 10:50:27 GMT; domain=.vfsglobal.com; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
C	Error - no version with Http-Status 200
H	Fatal error: No https - result with http-status 200, no encryption
M	http://lift-api.vfsglobal.com/ 104.18.37.49	403		Misconfiguration - main pages should never send http status 400 - 499
M	http://lift-api.vfsglobal.com/ 172.64.150.207	403		Misconfiguration - main pages should never send http status 400 - 499
M	http://lift-api.vfsglobal.com/ 2606:4700:4400::6812:2531	403		Misconfiguration - main pages should never send http status 400 - 499
M	http://lift-api.vfsglobal.com/ 2606:4700:4400::ac40:96cf	403		Misconfiguration - main pages should never send http status 400 - 499
M	https://lift-api.vfsglobal.com/ 104.18.37.49	403		Misconfiguration - main pages should never send http status 400 - 499
M	https://lift-api.vfsglobal.com/ 172.64.150.207	403		Misconfiguration - main pages should never send http status 400 - 499
M	https://lift-api.vfsglobal.com/ 2606:4700:4400::6812:2531	403		Misconfiguration - main pages should never send http status 400 - 499
M	https://lift-api.vfsglobal.com/ 2606:4700:4400::ac40:96cf	403		Misconfiguration - main pages should never send http status 400 - 499
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain lift-api.vfsglobal.com, 4 ip addresses.
	Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain lift-api.vfsglobal.com, 4 ip addresses.
B	No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.lift-api.vfsglobal.com
	2. Header-Checks
A	lift-api.vfsglobal.com 104.18.37.49	Content-Security-Policy		Ok: Header without syntax errors found: frame-ancestors 'none'
F				Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
E				Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
A				Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E				Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
F				Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
F				Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
A		report-to		Ok: Header without syntax errors found: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXujciyioU4HeDi1t97Q%2BnYayNFCGwPdDPzdV8pjSEU7cNdG%2FEHuWcUyx1TnevigS0jBLqwOhh%2FtBjSBhjJXPC3tFR9znl7NbzGYkidppwd03l0tk4jPVz2e0HrlMCkraWNfv7WFsFo%3D"}],"group":"cf-nel","max_age":604800}
A				Ok: Header without syntax errors found: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXujciyioU4HeDi1t97Q%2BnYayNFCGwPdDPzdV8pjSEU7cNdG%2FEHuWcUyx1TnevigS0jBLqwOhh%2FtBjSBhjJXPC3tFR9znl7NbzGYkidppwd03l0tk4jPVz2e0HrlMCkraWNfv7WFsFo%3D"}],"group":"cf-nel","max_age":604800}
A		X-Content-Type-Options		Ok: Header without syntax errors found: nosniff
A		Referrer-Policy		Ok: Header without syntax errors found: same-origin
A		X-Frame-Options		Ok: Header without syntax errors found: SAMEORIGIN
B				Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A	lift-api.vfsglobal.com 172.64.150.207	Content-Security-Policy		Ok: Header without syntax errors found: frame-ancestors 'none'
F				Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
E				Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
A				Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E				Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
F				Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
F				Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
A		report-to		Ok: Header without syntax errors found: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v7ThkXZJIqGg70haH0VV0JuSCS6761HILm9OHyZsL%2Bu%2FpyYDLMm8uhaDiFzsJuwFr0mJjq8hHVhM6Wmem%2B%2B6H3VRtyF3xJ3rypgh24aXBuzK9zgqcY2HRBrnenqdLnryANzl3UyR2OA%3D"}],"group":"cf-nel","max_age":604800}
A				Ok: Header without syntax errors found: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v7ThkXZJIqGg70haH0VV0JuSCS6761HILm9OHyZsL%2Bu%2FpyYDLMm8uhaDiFzsJuwFr0mJjq8hHVhM6Wmem%2B%2B6H3VRtyF3xJ3rypgh24aXBuzK9zgqcY2HRBrnenqdLnryANzl3UyR2OA%3D"}],"group":"cf-nel","max_age":604800}
A		X-Content-Type-Options		Ok: Header without syntax errors found: nosniff
A		Referrer-Policy		Ok: Header without syntax errors found: same-origin
A		X-Frame-Options		Ok: Header without syntax errors found: SAMEORIGIN
B				Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A	lift-api.vfsglobal.com 2606:4700:4400::6812:2531	Content-Security-Policy		Ok: Header without syntax errors found: frame-ancestors 'none'
F				Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
E				Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
A				Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E				Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
F				Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
F				Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
A		report-to		Ok: Header without syntax errors found: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4qX%2BPFWl0UAwKznXOiORw%2FHeiw1mow%2ByciMK%2BtUE5iCP7Sw%2FiYLLGcCNSiorO2MyKh7HrNg9kGYnoxT1Y9bWJH9eRgmKrrJVTDwTorg2EN%2F1DZL1msGsFhq0m8pEaCrJXP7q35KHWMmI7KSMqQNXO%2Bo2r4%3D"}],"group":"cf-nel","max_age":604800}
A				Ok: Header without syntax errors found: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4qX%2BPFWl0UAwKznXOiORw%2FHeiw1mow%2ByciMK%2BtUE5iCP7Sw%2FiYLLGcCNSiorO2MyKh7HrNg9kGYnoxT1Y9bWJH9eRgmKrrJVTDwTorg2EN%2F1DZL1msGsFhq0m8pEaCrJXP7q35KHWMmI7KSMqQNXO%2Bo2r4%3D"}],"group":"cf-nel","max_age":604800}
A		X-Content-Type-Options		Ok: Header without syntax errors found: nosniff
A		Referrer-Policy		Ok: Header without syntax errors found: same-origin
A		X-Frame-Options		Ok: Header without syntax errors found: SAMEORIGIN
B				Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A	lift-api.vfsglobal.com 2606:4700:4400::ac40:96cf	Content-Security-Policy		Ok: Header without syntax errors found: frame-ancestors 'none'
F				Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
E				Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
A				Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E				Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
F				Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
F				Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
A		report-to		Ok: Header without syntax errors found: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IEoWs1dPTRCJv%2Bg94nB0bfN2SEJ0BecOiYrn5hR2JjHMDeZnJHUoydk7WJyM8RnRXPbemaXZfc96QilCCVsTyl82LKqFBEX%2Bg1pFInfuqi5jUOCM%2BRzAAjlGqAmZ3QP7g4VYZ2JIrBDIp35GrOV2Ze4BG4o%3D"}],"group":"cf-nel","max_age":604800}
A				Ok: Header without syntax errors found: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IEoWs1dPTRCJv%2Bg94nB0bfN2SEJ0BecOiYrn5hR2JjHMDeZnJHUoydk7WJyM8RnRXPbemaXZfc96QilCCVsTyl82LKqFBEX%2Bg1pFInfuqi5jUOCM%2BRzAAjlGqAmZ3QP7g4VYZ2JIrBDIp35GrOV2Ze4BG4o%3D"}],"group":"cf-nel","max_age":604800}
A		X-Content-Type-Options		Ok: Header without syntax errors found: nosniff
A		Referrer-Policy		Ok: Header without syntax errors found: same-origin
A		X-Frame-Options		Ok: Header without syntax errors found: SAMEORIGIN
B				Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
F	lift-api.vfsglobal.com 104.18.37.49	Permissions-Policy		Critical: Missing Header:
B	lift-api.vfsglobal.com 104.18.37.49	Cross-Origin-Embedder-Policy		Info: Missing Header
B	lift-api.vfsglobal.com 104.18.37.49	Cross-Origin-Opener-Policy		Info: Missing Header
B	lift-api.vfsglobal.com 104.18.37.49	Cross-Origin-Resource-Policy		Info: Missing Header
F	lift-api.vfsglobal.com 172.64.150.207	Permissions-Policy		Critical: Missing Header:
B	lift-api.vfsglobal.com 172.64.150.207	Cross-Origin-Embedder-Policy		Info: Missing Header
B	lift-api.vfsglobal.com 172.64.150.207	Cross-Origin-Opener-Policy		Info: Missing Header
B	lift-api.vfsglobal.com 172.64.150.207	Cross-Origin-Resource-Policy		Info: Missing Header
F	lift-api.vfsglobal.com 2606:4700:4400::6812:2531	Permissions-Policy		Critical: Missing Header:
B	lift-api.vfsglobal.com 2606:4700:4400::6812:2531	Cross-Origin-Embedder-Policy		Info: Missing Header
B	lift-api.vfsglobal.com 2606:4700:4400::6812:2531	Cross-Origin-Opener-Policy		Info: Missing Header
B	lift-api.vfsglobal.com 2606:4700:4400::6812:2531	Cross-Origin-Resource-Policy		Info: Missing Header
F	lift-api.vfsglobal.com 2606:4700:4400::ac40:96cf	Permissions-Policy		Critical: Missing Header:
B	lift-api.vfsglobal.com 2606:4700:4400::ac40:96cf	Cross-Origin-Embedder-Policy		Info: Missing Header
B	lift-api.vfsglobal.com 2606:4700:4400::ac40:96cf	Cross-Origin-Opener-Policy		Info: Missing Header
B	lift-api.vfsglobal.com 2606:4700:4400::ac40:96cf	Cross-Origin-Resource-Policy		Info: Missing Header
	3. DNS- and NameServer - Checks
A	Info:: 26 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 2 Name Servers.
A	Info:: 26 Queries complete, 26 with IPv6, 0 with IPv4.
A	Good: All DNS Queries done via IPv6.
	Bad (greater 8):: An average of 13.0 queries per domain name server required to find all ip addresses of all name servers.
A	Info:: 2 different Name Servers found: pdns09.domaincontrol.com, pdns10.domaincontrol.com, 2 Name Servers included in Delegation: pdns09.domaincontrol.com, pdns10.domaincontrol.com, 2 Name Servers included in 1 Zone definitions: pdns09.domaincontrol.com, pdns10.domaincontrol.com, 1 Name Servers listed in SOA.Primary: pdns09.domaincontrol.com.
A	Good: Only one SOA.Primary Name Server found.: pdns09.domaincontrol.com.
A	Good: SOA.Primary Name Server included in the delegation set.: pdns09.domaincontrol.com.
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A	Info: Ipv4-Subnet-list: 2 Name Servers, 2 different subnets (first Byte): 173., 97., 2 different subnets (first two Bytes): 173.201., 97.74., 2 different subnets (first three Bytes): 173.201.78., 97.74.110.
A	Excellent: Every Name Server IPv4-address starts with an unique Byte.
A	Info: IPv6-Subnet-list: 2 Name Servers with IPv6, 1 different subnets (first block): 2603:, 1 different subnets (first two blocks): 2603:0005:, 2 different subnets (first three blocks): 2603:0005:21e2:, 2603:0005:22e2:, 2 different subnets (first four blocks): 2603:0005:21e2:0000:, 2603:0005:22e2:0000:
A	Good: Name Server IPv6 addresses from different subnets found.
A	Good: Nameserver supports TCP connections: 4 good Nameserver
A	Good: Nameserver supports Echo Capitalization: 4 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
	Nameserver doesn't pass all EDNS-Checks: pdns09.domaincontrol.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
A	Good: All SOA have the same Serial Number
	Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.
	4. Content- and Performance-critical Checks
	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 104.18.37.49	403		Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 172.64.150.207	403		Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2606:4700:4400::6812:2531	403		Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
	http://lift-api.vfsglobal.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2606:4700:4400::ac40:96cf	403		Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: All CSS / JavaScript files are sent compressed (gzip, deflate, br checked). That reduces the content of the files. 8 external CSS / JavaScript files found
	Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 0 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 8 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 8 complete.
A	Good: All checked attribute values are enclosed in quotation marks (" or ').
A	Info: No img element found, no alt attribute checked
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
A	Duration: 233414 milliseconds, 233.414 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

lift-api.vfsglobal.com

104.18.37.49

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

lift-api.vfsglobal.com

104.18.37.49

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain - incomplete	1	CN=*.vfsglobal.com, O=VFS Global Services Private Limited, L=Mumbai, C=IN, ST=Maharashtra
	2	CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US

lift-api.vfsglobal.com

172.64.150.207

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

lift-api.vfsglobal.com

172.64.150.207

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain - incomplete	1	CN=*.vfsglobal.com, O=VFS Global Services Private Limited, L=Mumbai, C=IN, ST=Maharashtra
	2	CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US

lift-api.vfsglobal.com

2606:4700:4400::6812:2531

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

lift-api.vfsglobal.com

2606:4700:4400::6812:2531

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain - incomplete	1	CN=*.vfsglobal.com, O=VFS Global Services Private Limited, L=Mumbai, C=IN, ST=Maharashtra
	2	CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US

lift-api.vfsglobal.com

2606:4700:4400::ac40:96cf

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

lift-api.vfsglobal.com

2606:4700:4400::ac40:96cf

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain - incomplete	1	CN=*.vfsglobal.com, O=VFS Global Services Private Limited, L=Mumbai, C=IN, ST=Maharashtra
	2	CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US

9. Certificates

CN=*.vfsglobal.com, O=VFS Global Services Private Limited, L=Mumbai, S=Maharashtra, C=IN

28.01.2025

29.01.2026
expires in 84 days

*.vfsglobal.com, vfsglobal.com - 2 entries

CN=*.vfsglobal.com, O=VFS Global Services Private Limited, L=Mumbai, S=Maharashtra, C=IN

28.01.2025

29.01.2026
expires in 84 days

*.vfsglobal.com, vfsglobal.com - 2 entries

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	07FE27FBD4E292F10C0012BEDF0D640A
Thumbprint:	91D4F50E1C1162AB8B48DC603AB0CD7BCE11FF0E
SHA256 / Certificate:	R0ERYiFTY6ErJoHxUvkzaHFVJy0lc+xQMMn14hhAhns=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	68c8cacc4aebb388d1dea2fa82c75cf0f5d608d020ec9050e7a58ea337f73dcb
SHA256 hex / Subject Public Key Information (SPKI):	68c8cacc4aebb388d1dea2fa82c75cf0f5d608d020ec9050e7a58ea337f73dcb (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://status.geotrust.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=*.vfsglobal.com, O=VFS Global Services Private Limited, L=Mumbai, S=Maharashtra, C=IN

28.01.2025

29.01.2026
expires in 84 days

*.vfsglobal.com, vfsglobal.com - 2 entries

CN=*.vfsglobal.com, O=VFS Global Services Private Limited, L=Mumbai, S=Maharashtra, C=IN

28.01.2025

29.01.2026
expires in 84 days

*.vfsglobal.com, vfsglobal.com - 2 entries

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	07FE27FBD4E292F10C0012BEDF0D640A
Thumbprint:	91D4F50E1C1162AB8B48DC603AB0CD7BCE11FF0E
SHA256 / Certificate:	R0ERYiFTY6ErJoHxUvkzaHFVJy0lc+xQMMn14hhAhns=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	68c8cacc4aebb388d1dea2fa82c75cf0f5d608d020ec9050e7a58ea337f73dcb
SHA256 hex / Subject Public Key Information (SPKI):	68c8cacc4aebb388d1dea2fa82c75cf0f5d608d020ec9050e7a58ea337f73dcb (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://status.geotrust.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US

02.11.2017

02.11.2027
expires in 726 days

CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US

02.11.2017

02.11.2027
expires in 726 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0D07782A133FC6F9A57296E131FFD179
Thumbprint:	8B3C5B9B867D4BE46D1CB5A01D45D67DC8E94082
SHA256 / Certificate:	wG4wf3z8HTL6cqTAM8h7kAGa8hbwd11kl4ouymyKIw4=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	4831b9a2b12ff225fa30d7a7200c5af2740536944e07febe965b197571d936ab
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US

02.11.2017

02.11.2027
expires in 726 days

CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US

02.11.2017

02.11.2027
expires in 726 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0D07782A133FC6F9A57296E131FFD179
Thumbprint:	8B3C5B9B867D4BE46D1CB5A01D45D67DC8E94082
SHA256 / Certificate:	wG4wf3z8HTL6cqTAM8h7kAGa8hbwd11kl4ouymyKIw4=
SHA256 hex / Cert (DANE * 0 1):	c06e307f7cfc1d32fa72a4c033c87b90019af216f0775d64978a2eca6c8a230e
SHA256 hex / PublicKey (DANE * 1 1):	4831b9a2b12ff225fa30d7a7200c5af2740536944e07febe965b197571d936ab
SHA256 hex / Subject Public Key Information (SPKI):	4831b9a2b12ff225fa30d7a7200c5af2740536944e07febe965b197571d936ab
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

01.08.2013

15.01.2038
expires in 4453 days

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

01.08.2013

15.01.2038
expires in 4453 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:	DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:	yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):	cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

18.01.2024

10.11.2031
expires in 2195 days

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

18.01.2024

10.11.2031
expires in 2195 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0FE032AB844D033106C50C8E13C8B068
Thumbprint:	8BF7F178A745A11BAC6AE5B586FC1838EADCB2CF
SHA256 / Certificate:	edV7Fd+mXChw6v4Rtjd2WQnP6Te0nBXOfxlAMMqzla0=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.cn
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 2195 days

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

10.11.2006

10.11.2031
expires in 2195 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	083BE056904246B1A1756AC95991C74A
Thumbprint:	A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
SHA256 / Certificate:	Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=
SHA256 hex / Cert (DANE * 0 1):	4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161
SHA256 hex / PublicKey (DANE * 1 1):	aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SHA256 hex / Subject Public Key Information (SPKI):	aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer				last 7 days	active	num Certs
CN=Amazon RSA 2048 M02, O=Amazon, C=US				0	1	2
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE				0	0	2
CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US				0	1	1
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US				0	0	1
CN=Amazon RSA 2048 M01, O=Amazon, C=US				0	0	1

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
9749827114 precert	CN=Amazon RSA 2048 M02, O=Amazon, C=US	2025-03-10 00:00:00	2026-04-07 23:59:59	*.vfsglobal.com, vfsglobal.com - 2 entries
9342000483 precert	CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US	2025-01-28 00:00:00	2026-01-28 23:59:59	*.vfsglobal.com, vfsglobal.com - 2 entries
5211404604 precert	CN=Amazon RSA 2048 M02, O=Amazon, C=US	2023-05-11 00:00:00	2024-06-08 23:59:59	*.vfsglobal.com, vfsglobal.com - 2 entries
4887541947 precert	CN=Amazon RSA 2048 M01, O=Amazon, C=US	2023-03-01 00:00:00	2023-07-09 23:59:59	*.vfsglobal.com, vfsglobal.com - 2 entries
4846170099 precert	CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE	2023-02-20 06:51:12	2024-03-23 06:51:11	*.vfsglobal.com, vfsglobal.com - 2 entries
3826995765 precert	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	2022-06-10 00:00:00	2023-07-09 23:59:59	*.vfsglobal.com, vfsglobal.com - 2 entries
3429255313 precert	CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE	2022-02-15 06:41:08	2023-03-19 06:41:08	*.vfsglobal.com, vfsglobal.com - 2 entries

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuer				last 7 days	active	num Certs
CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US				0	1	2
CN=Amazon RSA 2048 M02, O=Amazon, C=US				0	1	2
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE				0	0	1
CN=Amazon RSA 2048 M03, O=Amazon, C=US				0	0	1

CRT-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
16963854823 precert	CN=Amazon RSA 2048 M02, O=Amazon, C=US	2025-03-09 23:00:00	2026-04-07 21:59:59	*.vfsglobal.com, vfsglobal.com 2 entries
16419786919 precert	CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US	2025-01-27 23:00:00	2026-01-28 22:59:59	*.vfsglobal.com, vfsglobal.com 2 entries
12675317099 precert	CN=Amazon RSA 2048 M03, O=Amazon, C=US	2024-04-09 22:00:00	2025-05-08 21:59:59	*.vfsglobal.com, vfsglobal.com 2 entries
12507082081 leaf cert	CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US	2024-02-23 23:00:00	2025-02-25 22:59:59	*.vfsglobal.com, vfsglobal.com 2 entries
9363288711 precert	CN=Amazon RSA 2048 M02, O=Amazon, C=US	2023-05-10 22:00:00	2024-06-08 21:59:59	*.vfsglobal.com, vfsglobal.com 2 entries
8695692376 precert	CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE	2023-02-20 05:51:12	2024-03-23 05:51:11	*.vfsglobal.com, vfsglobal.com 2 entries

11. Html-Content - Entries

Summary

							Subresource Integrity (SRI)
Domainname	HtmlElement	rel/property	∑	∑ size	∑ problems	∑ int.	∑ ext.	∑ Origin poss.	∑ SRI ParseErrors	∑ SRI valid	∑ SRI missing
https://lift-api.vfsglobal.com/ 104.18.37.49	a		1		0			0	0	0
	link	stylesheet	1	4,515 Bytes	0	1	0	0	0	0
	meta	other	5		0			0	0	0
https://lift-api.vfsglobal.com/ 172.64.150.207	a		1		0			0	0	0
	link	stylesheet	1	4,515 Bytes	0	1	0	0	0	0
	meta	other	5		0			0	0	0
https://lift-api.vfsglobal.com/ 2606:4700:4400::6812:2531	a		1		0			0	0	0
	link	stylesheet	1	4,515 Bytes	0	1	0	0	0	0
	meta	other	5		0			0	0	0
https://lift-api.vfsglobal.com/ 2606:4700:4400::ac40:96cf	a		1		0			0	0	0
	link	stylesheet	1	4,515 Bytes	0	1	0	0	0	0
	meta	other	5		0			0	0	0

Details (currently limited to 500 rows - some problems with spam users)

Domainname	Html-Element	name/equiv/ property/rel	href/src/content	HttpStatus	∑
https://lift-api.vfsglobal.com/ 104.18.37.49	a		https://www.cloudflare.com/5xx-error-landing			1	ok
							ok


	link	stylesheet	/cdn-cgi/styles/cf.errors.css		200	1	ok
				text/css X-Content-Type-Options nosniff found			ok
	Cache-Control: public, max-age=7200 - max-age too short.			Compression (gzip): 4515/24051 Bytes
	ETag: W/"684853aa-5df3"
	local SRI possible, possible hash-values: sha256-hOPHcCWs5a8UOXK0pA/INNzf1ORJ1LNqV+YjJvFrMJE= sha384-Z3NAcPj6Z8zEScbbj4SlGGpcl4i+2vp2Yg0FT1Ffh6LnNKsTAeZIMCEr2X2+kl9L sha512-bbdLJi1xeRbeCwtgDurSzGoQ5SqeJtcB+udh/LyTHzXyUVU2aakr47Uk84DzLmKsatVyvqI8eJZSKM6e+5LtQg== <link rel="stylesheet" href="/cdn-cgi/styles/cf.errors.css" crossorigin="anonymous" integrity="sha256-hOPHcCWs5a8UOXK0pA/INNzf1ORJ1LNqV+YjJvFrMJE=" />

	meta	charset	UTF-8			1	ok
							ok


	meta	Content-Type	text/html; charset=UTF-8			1	ok
							ok


	meta	X-UA-Compatible	IE=Edge			1	ok
							ok


	meta	robots	noindex, nofollow			1	ok
							ok


	meta	viewport	width=device-width,initial-scale=1			1	ok
							ok


172.64.150.207	a		https://www.cloudflare.com/5xx-error-landing			1	ok
							ok


	link	stylesheet	/cdn-cgi/styles/cf.errors.css		200	1	ok
				text/css X-Content-Type-Options nosniff found			ok
	Cache-Control: public, max-age=7200 - max-age too short.			Compression (gzip): 4515/24051 Bytes
	ETag: W/"684853aa-5df3"
	local SRI possible, possible hash-values: sha256-hOPHcCWs5a8UOXK0pA/INNzf1ORJ1LNqV+YjJvFrMJE= sha384-Z3NAcPj6Z8zEScbbj4SlGGpcl4i+2vp2Yg0FT1Ffh6LnNKsTAeZIMCEr2X2+kl9L sha512-bbdLJi1xeRbeCwtgDurSzGoQ5SqeJtcB+udh/LyTHzXyUVU2aakr47Uk84DzLmKsatVyvqI8eJZSKM6e+5LtQg== <link rel="stylesheet" href="/cdn-cgi/styles/cf.errors.css" crossorigin="anonymous" integrity="sha256-hOPHcCWs5a8UOXK0pA/INNzf1ORJ1LNqV+YjJvFrMJE=" />

	meta	charset	UTF-8			1	ok
							ok


	meta	Content-Type	text/html; charset=UTF-8			1	ok
							ok


	meta	X-UA-Compatible	IE=Edge			1	ok
							ok


	meta	robots	noindex, nofollow			1	ok
							ok


	meta	viewport	width=device-width,initial-scale=1			1	ok
							ok


2606:4700:4400::6812:2531	a		https://www.cloudflare.com/5xx-error-landing			1	ok
							ok


	link	stylesheet	/cdn-cgi/styles/cf.errors.css		200	1	ok
				text/css X-Content-Type-Options nosniff found			ok
	Cache-Control: public, max-age=7200 - max-age too short.			Compression (gzip): 4515/24051 Bytes
	ETag: W/"684853aa-5df3"
	local SRI possible, possible hash-values: sha256-hOPHcCWs5a8UOXK0pA/INNzf1ORJ1LNqV+YjJvFrMJE= sha384-Z3NAcPj6Z8zEScbbj4SlGGpcl4i+2vp2Yg0FT1Ffh6LnNKsTAeZIMCEr2X2+kl9L sha512-bbdLJi1xeRbeCwtgDurSzGoQ5SqeJtcB+udh/LyTHzXyUVU2aakr47Uk84DzLmKsatVyvqI8eJZSKM6e+5LtQg== <link rel="stylesheet" href="/cdn-cgi/styles/cf.errors.css" crossorigin="anonymous" integrity="sha256-hOPHcCWs5a8UOXK0pA/INNzf1ORJ1LNqV+YjJvFrMJE=" />

	meta	charset	UTF-8			1	ok
							ok


	meta	Content-Type	text/html; charset=UTF-8			1	ok
							ok


	meta	X-UA-Compatible	IE=Edge			1	ok
							ok


	meta	robots	noindex, nofollow			1	ok
							ok


	meta	viewport	width=device-width,initial-scale=1			1	ok
							ok


2606:4700:4400::ac40:96cf	a		https://www.cloudflare.com/5xx-error-landing			1	ok
							ok


	link	stylesheet	/cdn-cgi/styles/cf.errors.css		200	1	ok
				text/css X-Content-Type-Options nosniff found			ok
	Cache-Control: public, max-age=7200 - max-age too short.			Compression (gzip): 4515/24051 Bytes
	ETag: W/"684853aa-5df3"
	local SRI possible, possible hash-values: sha256-hOPHcCWs5a8UOXK0pA/INNzf1ORJ1LNqV+YjJvFrMJE= sha384-Z3NAcPj6Z8zEScbbj4SlGGpcl4i+2vp2Yg0FT1Ffh6LnNKsTAeZIMCEr2X2+kl9L sha512-bbdLJi1xeRbeCwtgDurSzGoQ5SqeJtcB+udh/LyTHzXyUVU2aakr47Uk84DzLmKsatVyvqI8eJZSKM6e+5LtQg== <link rel="stylesheet" href="/cdn-cgi/styles/cf.errors.css" crossorigin="anonymous" integrity="sha256-hOPHcCWs5a8UOXK0pA/INNzf1ORJ1LNqV+YjJvFrMJE=" />

	meta	charset	UTF-8			1	ok
							ok


	meta	Content-Type	text/html; charset=UTF-8			1	ok
							ok


	meta	X-UA-Compatible	IE=Edge			1	ok
							ok


	meta	robots	noindex, nofollow			1	ok
							ok


	meta	viewport	width=device-width,initial-scale=1			1	ok
							ok

12. Html-Parsing via https://validator.w3.org/nu/

No https result http status 200 and Content-Type text/html or text/xml found, no Html-Parsing - Check

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: pdns09.domaincontrol.com, pdns10.domaincontrol.com

QNr.	Domain	Type	NS used
1	com	NS	k.root-servers.net (2001:7fd::1)
	Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2	pdns09.domaincontrol.com	NS	e.gtld-servers.net (2001:502:1ca1::30)
	Answer: a1-245.akam.net, a11-64.akam.net, a20-65.akam.net, a6-66.akam.net, a8-67.akam.net, a9-67.akam.net, ans01.domaincontrol.com, ans02.domaincontrol.com
	Answer: ans01.domaincontrol.com 2603:5:2111::23, 97.74.97.35
	Answer: ans02.domaincontrol.com 173.201.65.35, 2603:5:2211::23
3	pdns10.domaincontrol.com	NS	e.gtld-servers.net (2001:502:1ca1::30)
	Answer: a1-245.akam.net, a11-64.akam.net, a20-65.akam.net, a6-66.akam.net, a8-67.akam.net, a9-67.akam.net, ans01.domaincontrol.com, ans02.domaincontrol.com
	Answer: ans01.domaincontrol.com 2603:5:2111::23, 97.74.97.35
	Answer: ans02.domaincontrol.com 173.201.65.35, 2603:5:2211::23
4	net	NS	f.root-servers.net (2001:500:2f::f)
	Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
5	a1-245.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
6	a11-64.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
7	a20-65.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
8	a6-66.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
9	a8-67.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
10	a9-67.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
11	a1-245.akam.net: 193.108.91.245	A	a1-67.akam.net (2600:1401:2::43)
12	a1-245.akam.net: 2600:1401:2::f5	AAAA	a1-67.akam.net (2600:1401:2::43)
13	a11-64.akam.net: 84.53.139.64	A	a1-67.akam.net (2600:1401:2::43)
14	a11-64.akam.net: 2600:1480:1::40	AAAA	a1-67.akam.net (2600:1401:2::43)
15	a20-65.akam.net: 95.100.175.65	A	a1-67.akam.net (2600:1401:2::43)
16	a20-65.akam.net: 2a02:26f0:67::41	AAAA	a1-67.akam.net (2600:1401:2::43)
17	a6-66.akam.net: 23.211.133.66	A	a1-67.akam.net (2600:1401:2::43)
18	a6-66.akam.net: 2600:1401:1::42	AAAA	a1-67.akam.net (2600:1401:2::43)
19	a8-67.akam.net: 2.16.40.67	A	a1-67.akam.net (2600:1401:2::43)
20	a8-67.akam.net: 2600:1403:a::43	AAAA	a1-67.akam.net (2600:1401:2::43)
21	a9-67.akam.net: 184.85.248.67	A	a1-67.akam.net (2600:1401:2::43)
22	a9-67.akam.net: 2a02:26f0:117::43	AAAA	a1-67.akam.net (2600:1401:2::43)
23	pdns09.domaincontrol.com: 97.74.110.54	A	a1-245.akam.net (2600:1401:2::f5)
24	pdns09.domaincontrol.com: 2603:5:21e2::36	AAAA	a1-245.akam.net (2600:1401:2::f5)
25	pdns10.domaincontrol.com: 173.201.78.54	A	a1-245.akam.net (2600:1401:2::f5)
26	pdns10.domaincontrol.com: 2603:5:22e2::36	AAAA	a1-245.akam.net (2600:1401:2::f5)

14. CAA - Entries

Domainname	flag	Value	∑ Queries
lift-api.vfsglobal.com.cdn.cloudflare.net	0	no CAA entry found	1
vfsglobal.com.cdn.cloudflare.net	0	no CAA entry found	1
com.cdn.cloudflare.net	0	no CAA entry found	1
lift-api.vfsglobal.com			1
cdn.cloudflare.net	0	no CAA entry found	1
cloudflare.net	0	no CAA entry found	1
vfsglobal.com	0	no CAA entry found	1
net	0	no CAA entry found	1
com	0	no CAA entry found	1

15. TXT - Entries

Domainname	Status	∑ Queries
lift-api.vfsglobal.com		1
_acme-challenge.lift-api.vfsglobal.com	Name Error - The domain name does not exist	1
_acme-challenge.lift-api.vfsglobal.com.vfsglobal.com	Name Error - The domain name does not exist	1
_acme-challenge.lift-api.vfsglobal.com.cdn.cloudflare.net	missing entry or wrong length	1
_acme-challenge.lift-api.vfsglobal.com.lift-api.vfsglobal.com	Name Error - The domain name does not exist	1
_acme-challenge.lift-api.vfsglobal.com.cdn.cloudflare.net.lift-api.vfsglobal.com.cdn.cloudflare.net	perhaps wrong	1

16. DomainService - Entries

Type		Domain	Pref	Value	DNS-error	num Answers	Status	Description
SPF	TXT	lift-api.vfsglobal.com					32768	TXT expected, but CNAME found. CNAME not allowed, only TXT queries are allowed. See RFC 7208, 4.4.

17. Cipher Suites

Skipped, CDN used or too many ip addresses

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

Permalink: https://check-your-website.server-daten.de/?i=14ac62c4-40df-43d7-a957-754ea066ddc4

Last Result: https://check-your-website.server-daten.de/?q=lift-api.vfsglobal.com - 2025-06-15 12:17:34

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=lift-api.vfsglobal.com" target="_blank">Check this Site: lift-api.vfsglobal.com</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page - https://check-your-website.server-daten.de/?d=lift-api.vfsglobal.com

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

Mobile- and other Chrome-Checks

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. Header-Checks

3. DNS- and NameServer - Checks

4. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

11. Html-Content - Entries

Summary

Details (currently limited to 500 rows - some problems with spam users)

12. Html-Parsing via https://validator.w3.org/nu/

13. Nameserver - IP-Adresses

14. CAA - Entries

15. TXT - Entries

16. DomainService - Entries

17. Cipher Suites

18. Portchecks