paizo.com

.com crawl

First seen 2026-04-15 · Last seen 2026-05-16 · ok HTTP/1.1 200 2959 ms crawled 2026-05-10

US · 32.184.146.106 · AS16509 Amazon.com, Inc.

Reputation 100/100

sector gaming type homepage

HTML metadata

Title: Home of the Pathfinder and Starfinder RPGs. The Golem’s Got It! | Paizo
Description: Join the Pathfinder and Starfinder roleplaying game community. From dice, maps, and subscriptions to the latest hardcover, you’ll find it all at paizo.com.
Language: en

Open Graph

url: https://paizo.com/
title: Home of the Pathfinder and Starfinder RPGs. The Golem’s Got It! | Paizo
description: Join the Pathfinder and Starfinder roleplaying game community. From dice, maps, and subscriptions to the latest hardcover, you’ll find it all at paizo.com.

Technology

CMS: Nuxt

Fonts

Adobe Fonts
Google Fonts

Third-party hosts loaded (5)

assets-us-01.kc-usercontent.com×6
cdnjs.cloudflare.com×2
cdn.jsdelivr.net×1
fonts.googleapis.com×1
use.typekit.net×1

Contact

Email

customer.service@paizo.com

Phone

14252500800

Registration

Registrar

GoDaddy.com, LLC

Created

2002-10-30

Expires

2026-10-30 163 days left

Updated

2023-10-30

Name servers

ns1.paizo.com
ns2.paizo.com
ns3.paizo.com
ns4.paizo.com

DNS records live

NS

ns1.paizo.com
ns2.paizo.com
ns3.paizo.com
ns4.paizo.com

MX

10 inbound-smtp.us-west-2.amazonaws.com

Email authentication strong

SPF

v=spf1 include:amazonses.com include:bigcommerce.net ~all

softfail (~all)

DMARC

v=DMARC1;p=quarantine;pct=100;fo=1

policy: quarantine

DKIM

default: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaClua3CRAGB6qej4Pfpd0We0UF7MbyMVHArPNMWsuzW0v6sSg5ooow0gy127d1N3moWfoPZ0HlY1Z7k55xHy…

selectors probed

Certificate (current)

Go Daddy Secure Certificate Authority - G2

from 2026-03-30 to 2026-10-14

Expires in 148 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://paizo.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.paizo.com *.kc-usercontent.com; img-src 'self' *.paizo.com https://*.bamboohr.com *.kc-usercontent.com *.ytimg.com https://*.google-analytics.com; connect-src 'self' https://*.paizo.com https://paizo.bamboohr.com https://*.kontent.ai https://*.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net; frame-src *.paizo.com *.youtube.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paizo.com https://paizo.bamboohr.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net
strict-transport-security: max-age=15552000; includeSubDomains

Links to (1)

humblebundle.com×1