It knows more than you think

Things a plain webpage can figure out about you — all of it without asking, none of it leaving your browser.

The quick read

reading…

🕵️ Spoof detective

cross-checking your signals…

how

Your browser advertises a timezone, language, platform and GPU. Your IP implies a country and ISP. When those disagree — Tokyo timezone but a Zürich IP, a Windows user-agent on Apple silicon — it usually means a VPN or a spoofed user-agent. Nothing here is sent anywhere.

🌐 What the edge actually saw

asking the server…

how

This isn't your browser talking — it's a Cloudflare Function reading the connection metadata the edge attaches to every request (request.cf): your real IP, the city it geolocates you to, your ISP, which datacenter served you, even the round-trip time. No external lookup, nothing you chose to send. Only runs on the live HTTPS site.

🛰️ Inside your network

scanning…

how

WebRTC (the video-call tech) negotiates connections by listing your device's network addresses — so a page can read your local IP and count your network interfaces without permission. Then we time-probe a few common dev ports on your own machine. Modern browsers mask some of this (you'll see .local instead of a raw IP) — that masking is them protecting you.

🧬 Your fingerprint

computing…

how

No cookies, no login — just your device's quirks: how your GPU draws a hidden image (canvas + WebGL), which fonts you have installed, your screen, languages and hardware. Combined, they're distinctive enough to recognize you across sites and even after you clear cookies. This is the tracking method that actually works — and it's computed entirely here, nothing sent anywhere.