Skip to main content

Is prattwhitney.com a Scam? Security Check Results - Pratt & Whitney Reviews

prattwhitney.com favicon

Is prattwhitney.com Safe? Security Analysis for Pratt & Whitney

https://prattwhitney.com

Check if prattwhitney.com is a scam or legitimate. Free security scan and reviews.

TransportationN/aenterprise
JavaScriptYouTube iframe APIGoogle Tag ManagerCrazy EggCloudflare (implied by __CF$cv$params script)+1 more
Analyzed 10/3/2025Completed 4:23:07 PM
60
Security Score
MEDIUM RISK

AI Summary

Pratt & Whitney is a globally recognized aerospace company specializing in the design, manufacture, and servicing of aircraft engines and auxiliary power units. As a subsidiary of Raytheon Technologies, it holds a strong market position in commercial, military, business, and general aviation sectors. The website reflects a mature digital presence with comprehensive product and service offerings, targeting aerospace industry professionals and customers worldwide. The company emphasizes innovation and sustainability, as evidenced by its Future of Flight initiatives and extensive maintenance and digital health management services. Technically, the website is built on a modern CMS platform (Sitecore) and employs advanced web technologies including asynchronous JavaScript loading, Google Tag Manager, and Cloudflare CDN for performance and security. The site is mobile-optimized, accessible, and SEO-friendly, providing a seamless user experience. The presence of multiple customer portals and integration with social media platforms further enhances its digital maturity. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms aligned with GDPR compliance. However, explicit security policies, incident response information, and vulnerability disclosure mechanisms are not publicly available, representing areas for improvement. No critical vulnerabilities or exposed sensitive data were detected in the analysis. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, supporting Pratt & Whitney's reputation as a leading aerospace manufacturer. Strategic recommendations include publishing detailed security and incident response policies, establishing a vulnerability disclosure program, and enhancing transparency around data protection roles.

Detected Technologies

JavaScriptYouTube iframe APIGoogle Tag ManagerCrazy EggCloudflare (implied by __CF$cv$params script)ResizeSensor

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

Pratt & Whitney operates in the aerospace transportation sector with an enterprise-scale business model focused on manufacturing and servicing aircraft engines. Its competitive advantages include a century-long heritage, strong backing by Raytheon Technologies, and a diversified product portfolio spanning commercial, military, and general aviation engines. Revenue streams derive from engine sales, maintenance programs, leasing, parts sales, and digital health management solutions. The company targets airlines, military customers, business aviation operators, and general aviation markets globally. Growth indicators include investment in sustainable aviation technologies and digital services. The partnership ecosystem includes sister companies Collins Aerospace and Raytheon, with dedicated customer portals enhancing client engagement. The website content and structure reflect a mature, well-resourced operation with clear strategic focus on innovation and customer service.

Security Posture Analysis

Comprehensive Security Assessment

The website exhibits a solid security posture with mandatory HTTPS, use of security headers (implied), and cookie consent aligned with GDPR. No exposed credentials or sensitive data were found. The use of Cloudflare CDN and Google Tag Manager indicates reliance on reputable third-party security and analytics services. However, the absence of publicly available security policies, incident response contacts, and vulnerability disclosure programs limits transparency and may impact stakeholder confidence. Compliance with privacy regulations is evident but could be enhanced with clearer documentation. Overall, the security maturity is good but can be improved by formalizing and publishing security governance documents and providing direct security contact channels.

Strategic Recommendations

Priority Actions for Security Improvement

1

Publish a dedicated security policy and incident response plan on the website.

Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Pratt & Whitney

Description:

Pratt & Whitney is a world leader in the design, manufacture and service of aircraft engines and auxiliary power units.

Key Services:
Commercial EnginesMilitary EnginesRegional Aviation EnginesBusiness Aviation EnginesGeneral Aviation EnginesHelicopter EnginesAuxiliary Power UnitsMaintenance ProgramsRepair & OverhaulDigital Engine Health Management
Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:
JavaScriptYouTube iframe APIGoogle Tag ManagerCrazy EggCloudflare (implied by __CF$cv$params script)ResizeSensor
Performance:

fast

Mobile:

excellent

Accessibility:

good

SEO:

good

Security Assessment

Security Score:
90/100
Best Practices:
  • HTTPS enforced
  • Use of Google Tag Manager with async loading
  • Cookie consent mechanism implemented
  • No exposed sensitive data in HTML
  • No vulnerable libraries detected in scripts

Analytics & Tracking

Services:
Google Tag ManagerCrazy Egg
Tracking Level:moderate
Privacy Compliance:good

Advertising & Marketing

Tracking Pixels:
Crazy Egg
Marketing Tools:
Crazy Egg
Transparency Level:good

Website Quality Assessment

Design Quality:excellent
User Experience:excellent
Content Relevance:excellent
Navigation Clarity:excellent
Professionalism:excellent
Trustworthiness:high

Key Observations

1

Website is fully accessible with rich content and navigation

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

55/100
Score

Missing Strict-Transport-Security header

HIGH

Forces HTTPS connections

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

Weak Referrer-Policy configuration

LOW

Current value: "same-origin"

👤GDPR Compliance

Privacy and data protection assessment under GDPR regulations.

GDPR Compliance

Privacy and data protection assessment

80/100
Score

No Cookie Consent Banner found

HIGH

GDPR requires explicit consent for non-essential cookies

No Data Protection Officer mentioned

LOW

Large organizations may need to designate a DPO under GDPR

GDPR Compliance Analysis

Privacy Policy85% confidence
Cookie Policy85% confidence
Contact Information Found90% confidence
phone

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

2/100
Score

No information security framework found

HIGH

NIS2 requires documented cybersecurity and information security measures

No vulnerability disclosure policy

MEDIUM

NIS2 encourages coordinated vulnerability disclosure

No security policy documentation found

HIGH

NIS2 requires documented cybersecurity governance and risk management

No incident response procedures found

HIGH

NIS2 requires documented incident response and business continuity plans

No business continuity planning found

MEDIUM

NIS2 emphasizes operational resilience and business continuity

No security contact information

HIGH

NIS2 requires clear incident reporting channels

No vulnerability reporting mechanism

MEDIUM

Clear vulnerability reporting supports coordinated disclosure

No NIS2 reference found

LOW

Consider explicitly mentioning NIS2 compliance efforts

Critical sector without clear security compliance

HIGH

Detected sectors: energy, transport, health, digital

📧Email Security

SPF, DKIM, and DMARC validation and email security assessment.

Email Security

SPF, DKIM, and DMARC validation

70/100
Score

No DKIM record found

MEDIUM

DKIM adds cryptographic signatures to emails

No BIMI Record

LOW

BIMI displays brand logos in email clients

No MTA-STS Policy

MEDIUM

MTA-STS enforces TLS for email delivery

No TLS-RPT Record

LOW

TLS-RPT provides reporting for email TLS issues

SPF
Sender Policy Framework
DKIM
DomainKeys Identified Mail
DMARC
Domain-based Message Authentication
MX Records
Mail Exchange Records
BIMI
Brand Indicators
MTA-STS
Mail Transfer Agent Security
TLS-RPT
TLS Reporting
DNSSEC
DNS Security
SPF Details
Record:
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
DNS Lookups:1/10
Policy:~all
DMARC Details
Policy:reject
Aggregate Reports:dmarc_rua@emaildefense.proofpoint.com
Forensic Reports:dmarc_ruf@emaildefense.proofpoint.com

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

0/100
Score

Unable to retrieve SSL certificate

CRITICAL

Could not establish secure connection to retrieve certificate information

Mixed Content Detected

MEDIUM

2 resources loaded over insecure HTTP

OCSP Status

OCSP Stapling Disabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

85/100
Score

DNSSEC Not Enabled

MEDIUM

DNSSEC is not configured for this domain

CAA Records Not Configured

LOW

Certificate Authority Authorization (CAA) records not found

DNS Records

A Records:104.18.34.167, 172.64.153.89
AAAA Records:2a06:98c1:310a::ac40:9959, 2606:4700:440c::6812:22a7
Name Servers:
aliza.ns.cloudflare.comDNS only
tim.ns.cloudflare.comDNS only
MX Records:
10: mxb-00105402.gslb.gpphosted.com
10: mxa-00105402.gslb.gpphosted.com
SOA:Serial: 2384653480, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:41ms

SPF Analysis

SPF Record:
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all

Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100
Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on the Sitecore CMS platform, leveraging modern JavaScript frameworks and asynchronous script loading for performance optimization. Hosting appears to utilize Cloudflare CDN, enhancing security and delivery speed. The site is mobile-responsive with good accessibility and SEO practices. The technical infrastructure supports a rich content experience with multimedia elements and interactive navigation. No technical debt or legacy technology indicators were found. Opportunities exist to further modernize by adopting progressive web app features and expanding API integrations for enhanced customer portal experiences. Technical risks are minimal but require ongoing monitoring of third-party dependencies.
Analyze Another Website