/
FreightUtils.com
🔍
Calculators
LDM CalculatorCBM CalculatorChargeable WeightPallet FittingContainer CapacityUnit ConverterConsignment Calculator
Reference
ADR Dangerous GoodsADR Exemption CalculatorAirline CodesINCOTERMS 2020HS Code LookupUK Import Duty & VATUN/LOCODE LookupULD Types (Air Cargo)Vehicle & Trailer Types
Guides
LQ/EQ CheckerADR 2025 ChangesADR Tunnel CodesADR Limited QuantitiesADR Training Guide
Platform
ChangelogStatusRoadmapVersioning PolicyDeprecation Policy
API DocsPricingAboutContact

For IT departments

A short reference for corporate IT teams evaluating freightutils.com for whitelist approval.

What this site is

FreightUtils is a free reference site for road, sea, and air freight professionals: loading-metre and CBM calculators, chargeable-weight tools, ADR 2025 dangerous-goods lookups, HS 2022 tariff codes, UK import duty estimates, UN/LOCODE search, ISO container specifications, IATA airline and AWB-prefix data, and Incoterms 2020 references. Every tool is either a read-only lookup against publicly licensed reference data or a deterministic calculation performed in the user's browser. The same data and calculations are also exposed via a public REST API documented at /api-docs, used by transport-management systems, n8n and Zapier workflows, and AI agents.

Who runs it

The site is operated by Marius Cristoiu, a sole trader based in the United Kingdom and an ADR-certified freight transport planner. Hosting is on Vercel, with edge delivery from the Frankfurt region for EU traffic. The general contact address is contact@freightutils.com; security disclosures follow RFC 9116 at the canonical location.

What the site does and does not do

Pages are statically or server-rendered HTML. The calculator pages run JavaScript locally in the browser to compute results from user-entered dimensions and weights — no calculation inputs are sent to a server unless the user explicitly invokes the REST API with their own API key. The REST API itself serves JSON over HTTPS with rate-limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) so callers can implement back-off cleanly.

The site does not run third-party advertising networks, tracking pixels, cross-site analytics scripts, or social-media trackers. The only telemetry is Vercel's built-in cookieless analytics (page-view counts and HTTP-error rates) which is served same-origin through the site's own hostname and stores no personal identifiers. There is no PECR consent banner because there is no PECR-relevant cookie use.

User accounts are optional. When a user signs up for a free or Pro API key, FreightUtils stores their email address, the API key, the plan tier, and rolling request counters. Payment data is never stored on FreightUtils servers — Stripe handles billing directly. The full processing detail, retention windows, and sub-processor list are in the privacy policy and the UK GDPR Article 28 DPA.

Network endpoints to allow

For full functionality of the site and API, allow the following hostnames through corporate firewalls and proxy filters. All traffic is HTTPS over port 443.

freightutils.com — apex domain. 308-redirects all traffic to the canonical www host.
www.freightutils.com — canonical site host. Serves every HTML page, the REST API at /api/*, the MCP server at /api/mcp/mcp, the OpenAPI specification at /openapi.json, the Postman collection, the ADR Quick-Reference PDF, and all favicon and image assets.
fonts.googleapis.com — Google Fonts stylesheet for the Outfit typeface used across the site.
fonts.gstatic.com — Google Fonts WOFF2 font files referenced from the stylesheet above.

No other third-party hosts are required for the site to render or for the REST API to respond. If your egress filter blocks any subset of these and the site behaves unexpectedly (slow page loads, broken layouts, or specific endpoints returning empty results), the cause is almost certainly proxy-side filtering on one of the four hostnames above rather than anything site-side.

Privacy and data protection

FreightUtils complies with UK GDPR. The processing posture, retention windows, sub-processor list (Vercel, Upstash, Cloudflare, Stripe, Resend, Sentry, UptimeRobot), international-transfer mechanisms, and breach-notification commitments are documented in the privacy policy and the data processing agreement. Both are written in plain language and follow the Article-28 structure directly rather than being derived from a third-party SaaS template.

Security

All traffic is served over TLS 1.2+ with HSTS enabled at the edge. Stored credentials and API tokens are encrypted at rest. The site has no inbound user-uploaded content surface (no file uploads, no comment system, no user-generated public pages) so the attack surface is bounded to the API and the static HTML pages. Security disclosures should be sent to contact@freightutils.com. The canonical disclosure policy lives at /.well-known/security.txt.

Contact for IT enquiries

For whitelist approval, security questionnaires, or any other corporate-IT review: contact@freightutils.com. We aim to respond within one UK business day. Reasonable requests for additional documentation (penetration test summary, SOC-2 alignment statement, Article 28 signed copy) are usually answered within the same window.