vwfs.co.uk

.uk crawl

First seen 2026-04-12 · Last seen 2026-05-07 · ok HTTP/1.1 200 3307 ms crawled 2026-05-05

DE · 185.60.96.123 · AS205505 Volkswagen Financial Services AG

Reputation 100/100

Classifying

HTML metadata

Title

Finance, Servicing, Insurance and Mobility | VWFS UK

Description

Straightforward finance, servicing, insurance and mobility products, available to customers across the Volkswagen Group in the UK.

Language

Canonical

https://customer.vwfs.co.uk/

Translations

Technology

CDN: Amazon CloudFront
Server: CloudFront

Third-party hosts loaded (6)

cms-assets.vwfs.com×14
apikeys.civiccomputing.com×2
cc.cdn.civiccomputing.com×2
cdn.bronson.vwfs.io×2
assets.adobedtm.com×1
widget.trustpilot.com×1

Social

Registration

Registrar

1api GmbH

Created

1997-09-05

Expires

2026-09-05 107 days left

Updated

2025-10-03

Name servers

dnsglb1.vwfsag.de.
dnsglb2.vwfs.net.

DNS records live

NS

dnsglb1.vwfsag.de
dnsglb2.vwfs.net

MX

10 mx01.vwfs.com
10 mx02.vwfs.com
10 mx03.vwfs.com
10 mx04.vwfs.com

TXT

Show 4 TXT records

sending_domain897763=0fae36c02f0a739d07348706d92e8cab3d0c14341f0d6aec8f4c41eb6cb4a2d5
browserstack-domain-verification=56cffcba-58fc-49af-b09a-c42125b3ed0e
access-domain-verification=db079aa991da9fe4514945f894d271a7da174d641fa66faba99bd87720d7f4f8
v=spf1 ip4:185.60.96.64/29 ip4:185.60.97.64/29 ip4:81.91.250.10/32 ip4:185.105.64.1/23 ip4:185.105.66.1/23 include:et._spf.pardot.com include:spf.mailjet.com include:ciphr247.com include:themisglobal.co.uk -all

Verified for

Adobe
Apple
GlobalSign
Google
Meta
Microsoft 365
Postman

Certificate (current)

DigiCert QuoVadis 2G3 TLS RSA4096 SHA384 2023 CA1

from 2026-01-06 to 2027-01-06

Expires in 230 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://customer.vwfs.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://*.cms.vwfs.tools; img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://www.google.de https://*.google.co.uk https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de https://cms-assets.vwfs.io https://cms-assets.vwfs.com https://smetrics.vwfs.co.uk https://mediaservice.audi.com https://GISTPAEndpoint-Prod.azureedge.net https://default.vms.vwfs.io https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://gateway.
strict-transport-security: max-age=31536000; includeSubdomains; preload;