tcgplayer.com

.com toplist crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 959 ms crawled 2026-05-18

US · 18.239.105.12 · AS16509 Amazon.com, Inc.

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title: Your Trusted Marketplace for Collectible Trading Card Games - TCGplayer
Description: Buy Magic: The Gathering Cards, Yu-Gi-Oh! Cards, Pokémon Cards, One Piece CCG, Digimon TCG, Flesh and Blood, Lorcana, CCG Supplies, and more.
Language: en

Technology

CDN: Amazon CloudFront
Server: AmazonS3

Fonts

Google Fonts

Third-party hosts loaded (2)

fonts.googleapis.com×3
fonts.gstatic.com×1

Registration

Registrar

MarkMonitor Inc.

Created

2004-11-25

Expires

2026-11-25 189 days left

Updated

2024-03-19

Name servers

ns-1052.awsdns-03.org
ns-2001.awsdns-58.co.uk
ns-275.awsdns-34.com
ns-719.awsdns-25.net

DNS records live

NS

ns-1052.awsdns-03.org
ns-2001.awsdns-58.co.uk
ns-275.awsdns-34.com
ns-719.awsdns-25.net

MX

10 mx1.hc2186-24.iphmx.com
10 mx2.hc2186-24.iphmx.com

TXT

Show 16 TXT records

MS=ms38150701
adobe-idp-site-verification=25164687e15a57a865a83d05e79e15242cfbfbbcaeeba52d3c370b6ea4b91a7b
airtable-verification=4aa7ad3bd600961fdd6661f9c5505517
apple-domain-verification=A1tBNwp719rBrU57
atlassian-domain-verification=9CqXy0mqLrw8leKzrtncxQ7AVcomaaLh5g4ncvJK++dWfAE1p+e5zG3y+uz2IRAf
figma-domain-verification=2e51d1dca13bc8b3cd2e4134afd498c6609f5569eebe76d452fc0ccc622e4875-1758740188
globalsign-domain-verification=43cdbea1e43dc968b7acbe4677d58be2
google-site-verification=6dF5NSS8GF3wbI6JTyppuXKc7XQhSwY_gd7HMJjyOHc
google-site-verification=KqeRugK39fvYReyIWNehim_bo55bfzWt_sd_913IyNQ
google-site-verification=OoF_KEC3fLeNwSSuGer7ZPT5Gz40_Rif8FcMCyuL92A
google-site-verification=_PlK8rQIge_3kVFdaMBgScAGHyzJg1CoO0EBmwe5cc8
google-site-verification=fxSYfLMlfceMMBFeUsE9xbHeVMznGXf56kRlbOMUc6I
knowbe4-site-verification=631eba93fd5704ba55cbf21c1c1eb348
lucid-validation-QcLLuXCFW6jiK6teh2od
openai-domain-verification=dv-U2SxSRdp5IhURg7AWKNYtLEM
smartsheet-site-validation=vjFXdty85g2ug965QL3EJydcV_AxeYey

Email authentication strong

SPF

v=spf1 ip4:68.232.157.143 ip4:216.71.154.29  include:c._spf.ebay.com include:sendgrid.net include:mail.zendesk.com include:servers.mcsv.net include:spf.mandrillapp.com include:_spf.ultipro.com include:8946057.spf04.hubspotemail.net ~all

softfail (~all)

DMARC

v=DMARC1; p=reject; rua=mailto:ebay@rua.agari.com,mailto:dmarc_agg@auth.returnpath.net; ruf=mailto:ebay@ruf.agari.com,mailto:dmarc_afrf@auth.returnpath.net; fo=1; rf=afrf; pct=100

policy: reject (enforced)

DKIM

Show 5 DKIM selectors

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotXHAg1nk60vR4Z1aXvExsNgLMZOAfgij3tILHKxOFrFgvpXK9izB5UI3L/dCsgmBEGHDSzBQrBZ6T…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpFt7MPA9LbOQiFKIUbCuU8HBd7NGZ9ryQOljJ38CD35XnzAWz3HjZLJNWwp6QmEJXuD6REtXYQyF8OKdh…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGVx7K2LiPKsUqh9kCMLQ+U189fGg8vjGBZclbBZMeyXISC1uc0Q8hrQr8/EU/Z+gSBu7rJKxiBfA4sY/tcKXIjU…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

Amazon RSA 2048 M04

from 2025-11-14 to 2026-12-13

Expires in 207 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.tcgplayer.com/

present

content-security-policy

findings

missing HSTS
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: frame-ancestors 'self' *.tcgplayer.com app.optimizely.com