mainchain.net

HTML metadata

Title: Mainchain 4 | Login
Description: Log in to Mainchain - Mainfreight's secure global supply chain portal for our customers worldwide.
Language: en

Technology

Analytics

Google Tag Manager

Third-party hosts loaded (2)

js.hcaptcha.com×1
www.googletagmanager.com×1

Registration

Registrar

Netregistry Wholesale Pty Ltd

Created

2002-07-02

Expires

2026-07-02 42 days left

Updated

2026-04-26

Name servers

dns1.p02.nsone.net
dns2.p02.nsone.net
dns3.p02.nsone.net
dns4.p02.nsone.net

DNS records live

NS

dns1.p02.nsone.net
dns2.p02.nsone.net
dns3.p02.nsone.net
dns4.p02.nsone.net

MX

10 au-smtp-inbound-1.mimecast.com
10 au-smtp-inbound-2.mimecast.com

TXT

Show 5 TXT records

fjwnn1ht5wx2xk1w2rxf28m292vwq499
QuoVadis=fb94a1ce-47d5-4917-b781-e729f9ebcae4
cd5189a5-fcb5-4165-b7a8-535ce99ebf28
_l5vpifew2ojc87dss5c2w4zfeixghkc
_o25wmp6b9k27ndxptxk1fnbyue3g8e7

Verified for

GlobalSign
Google
Microsoft 365

Email authentication strong

SPF: v=spf1 ip4:203.174.30.0/23 include:au._netblocks.mimecast.com include:spf.protection.outlook.com -all
strict (-all)
DMARC: v=DMARC1; p=quarantine; pct=100; rua=mailto:e2f9eecd6282019@rep.dmarcanalyzer.com; ruf=mailto:e2f9eecd6282019@for.dmarcanalyzer.com; fo=1;
policy: quarantine
DKIM: no key found at common selectors

Certificate (current)

GlobalSign Atlas R3 DV TLS CA 2026 Q1

from 2026-03-10 to 2026-06-08

Expires in 18 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.mainchain.net/Login.aspx?ReturnURL=MnF8F7UxdQhIwRoyw1KPJh%2fOQzBX%2bko2CrGkGiAxhBVgWkytJlQS35YwQyc97m53h4hZVejpgeZcws1Be1qbZ3%2bHY5fvrpTr4kGqJd0d2DTl8PZl4nDmunNOL9JZJyl0%2fwHkFslrHJoFNUtlRJDK934nFCoFbBEji0BzqMB8FLRecog6lBaDPxOCdph7huaQUIGFDMqO8RUOc6I%2bX3WZym5CxnykYCoN78aOv0F5rE9Qf1R0a7gboRvOXrL%2fqmICst1RRlU51hR5NNyln5MISJV3OWVTWQvyOszWe8WKk1NJKhCrv2yryuc9p1y7Ali4mCCCf1WoFrOyXcjbRKPeTw%3d%3d&MFTSSOTokenId=&RedirectedFromSSO=true

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: sync-xhr=(self "https://*.mainchain.net"), accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' localhost www.google-analytics.com www.googletagmanager.com www.google.com www.googleapis.com mainchain.asknice.ly static.asknice.ly www.gstatic.com *.mainchain.net 'unsafe-inline';style-src 'self' https://hcaptcha.com https://*.hcaptcha.com www.google.com www.google-analytics.com www.googletagmanager.com www.googleapis.com www.gstatic.com mainchain.asknice.ly static.asknice.ly 'unsafe-inline';script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/api/siteverify https://www.google.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/ https://ajax.googleapis.com/ajax/libs/jquery/ mainchain.asknice.ly static.asknice.ly https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ ipinfo.io 'unsafe-inline' 'unsafe-eval';img-src 'self' data: www.google-analytics.com www.googletagmanager.com www.google.co.nz mainchain.asknice.ly static.asknice
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=15552000; includeSubDomains; preload

Links to (3)

Linked from (1)

mainfreight.com×3