PGSA.IO Persian Gulf Strait Awareness · Independent Observer

About PGSA.IO

PGSA.IO is an independent, non-governmental open-source intelligence project tracking transit conditions, incidents, and the regulatory environment around the Strait of Hormuz. We publish what is already public — UKMTO advisories, NAVCENT reporting, OFAC actions, mainstream news — in one fast, sober, regularly-updated place for the maritime community.

What PGSA.IO is not

  • We are not the Persian Gulf Strait Authority operating at pgsa.ir.
  • We are not affiliated with, endorsed by, or under contract to the Government of the Islamic Republic of Iran, the Islamic Revolutionary Guard Corps, or any state actor on either side of the strait.
  • We do not issue, broker, sell, or facilitate transit authorizations, transit fees, vessel registrations, or any payment to any party. Anyone purporting to do so on our behalf is fraudulent.
  • We do not run a payment endpoint, escrow, or transit-broker channel. We never will. Anyone offering one in our name is a fraud.
  • We operate one inbound email address — info@pgsa.io — for source corrections and scam reports. See Contact for what we use it for and how messages are handled.

Why this site exists

In March 2026, Iran announced it would charge for safe passage through the Strait of Hormuz. A wave of scam operators followed, soliciting cryptocurrency payments in exchange for fraudulent paperwork. Iran subsequently formalized a "Persian Gulf Strait Authority" at pgsa.ir as the official interface to the IRGC for transit. The IRGC remains a U.S.-designated Foreign Terrorist Organization. Shipowners now face overlapping pressures: Iranian demands, U.S. sanctions exposure, fraudulent intermediaries, and live kinetic risk to vessels in the strait.

The maritime community needs a single, trustworthy, non-paywalled, unaffiliated place to see what is happening and what to ignore. That is what we are.

Editorial principles

  • Source-first. Every claim links to a primary or named secondary source.
  • No rewriting of advisories. Operational warnings (UKMTO, NAVCENT) are timestamped, headlined, and linked verbatim to source. We do not paraphrase advisories that vessels make routing decisions on.
  • No anonymous tips, no leaks. We aggregate the public record. Operators with non-public information should report it through UKMTO, the IMB PRC, or their flag state.
  • Corrections in public. Errors are corrected in place with a visible note and timestamp.
  • Adversary information is labeled. Iranian state media (PressTV) is included as an adversary signal and is visually flagged as such. Inclusion is not endorsement.

How the site updates

The site is statically generated and rebuilt on a 30-minute cron. Source feeds are pulled, normalized, deduplicated, and rendered into the live feed. There is no live database, no user accounts, no analytics tracker that profiles you. Total infrastructure: a static origin behind Cloudflare.

Sanctions & legal posture

This site is operated outside Iranian jurisdiction and complies with applicable U.S. and U.K. sanctions law. Reporting on sanctioned entities and their activities is protected speech and a public-interest function. Nothing on this site constitutes legal, financial, or transit advice; consult your flag state, P&I club, and counsel before any operational decision.

Contact

For source corrections, scam reports, and OSINT tips: info@pgsa.io — see the dedicated contact page for what we use it for and how messages are handled. We do not solicit payment in any form, host a contact form, or respond to transit inquiries. Coordinate transit through UKMTO, your flag state, and your P&I club.

Operational security & visitor privacy

  • Cloudflare Web Analytics only. We use Cloudflare Web Analytics to count page views, referrers, and country of origin in aggregate. It does not set cookies, does not fingerprint visitors, and does not track users across sites. No Google Analytics, Plausible, Mixpanel, or any other tracker. The beacon script is the only third-party JavaScript permitted by our Content Security Policy.
  • No cookies set by us. The site sets none. Cloudflare's edge may set transient bot-detection cookies; we do not read them.
  • No fonts, no images, no stylesheets from third parties. The CSP locks origin to 'self' for everything except the analytics beacon — see /_headers.
  • No forms, no logins. There is no input field anywhere on this site.
  • Outbound links carry no referrer. Clicks to UKMTO, OFAC, IMB, IMO etc. do not reveal that you came from pgsa.io.
  • Static origin. The site is statically generated and served from a CDN edge. There is no application server to compromise, no database, no admin panel.
  • DDoS posture. Cloudflare's L3/L4/L7 protections apply by default; rate limiting and Bot Fight Mode are enabled. The static surface area means even a successful flood degrades to "page slower," not "data exposed."