What Gets Collected
The collector reads standard browser-environment attributes and measures some network timing; the edge observes a few connection-level attributes — and both simply relay them to Octet.
What the collector reads, by category
The collector reads widely-available, non-sensitive browser attributes. At a high level, they fall into a few categories:
- Environment & locale — for example, the browser's configured language, locale, and time settings.
- Rendering & hardware characteristics — standard capability and rendering attributes the browser exposes to any page.
- Network timing — lightweight timing measurements made from the browser.
That is the level of detail this documentation goes into on purpose. The specific attributes — and, more importantly, how they are interpreted — are part of Octet's reasoning, which runs server-side and is not documented. See How It Works.
What the edge observes
The edge, sitting in front of your app, adds the connection-level observations that only the server side can see — for example the source IP, the request's header ordering, and connection-level network timing. It forwards these alongside the collector's signals. It interprets none of them.
No prompts, no sensitive permissions
The collector is unobtrusive by design:
- It never triggers a permission prompt. Your users see nothing.
- It does not use geolocation, the camera, or the microphone.
- It runs only in a secure (HTTPS) context.
Collecting is not interpreting
Both the collector and the edge are logic-free. Collecting a signal says nothing about what Octet does with it. The mapping from signals to a country and confidence lives only on Octet's servers — it is never shipped in the collector, never sent to the browser, and never described here.
Where to go next
- How It Works. The end-to-end model.
- Trust & Privacy. The boundary and the data-handling posture.
- Collector API. The exact
verify()surface.