How this site works

Data transparency

Last updated: July 5, 2026. This page is a practical data-flow explanation for PageMine.xyz. It is separate from the Privacy policy so users and deployers can quickly understand what happens in each tool.

Core design

The site is designed to show diagnostics back to the person currently using the browser. It does not require an account, does not ask for a name or email address and does not intentionally write diagnostic outputs into a custom project database.

Browser info data flow

The browser reads local API values and displays them in the page. Examples include User-Agent, language, timezone, screen details, WebGL/canvas/audio-derived signals, cookie support, Do Not Track, Global Privacy Control and WebRTC availability. These values are calculated or read in the browser and rendered in the page.

IP and request data flow

The page calls /api/ip. That serverless endpoint receives a normal web request and returns selected request metadata to the page, such as public IP address, IP version, selected allowlisted headers, deployment geolocation headers where available and timestamp. Cookie and Authorization headers are not intentionally returned.

Location and ISP data flow

Approximate location can come from deployment headers or lookup data. ISP and ASN data can come from ipinfo.io first. ipwho.is is used only as a fallback when IPinfo fails, is disabled, or does not return enough ISP/ASN data. These values are approximate and usually describe the network path or provider rather than a named person.

The browser-side third-party lookup fallback has been removed. There is no UI toggle that lets the browser call public IP lookup providers directly, and the browser Content Security Policy limits network connections to this site.

WebRTC data flow

The WebRTC check is local and does not use an external STUN server by default. It checks whether peer-connection features and candidate masking behavior are visible to the browser.

Speed test data flow

The speed test sends and receives test payloads between your browser and this deployment's internal speed endpoints. It does not use a third-party speed-test service in this build. Hosting infrastructure may still log requests as part of normal operation.

Generator data flow

Random numbers, passwords, QR codes and 2FA/TOTP codes are generated in the browser in the intended workflow. The generator tools do not need to send password text, QR content or TOTP secrets to project API endpoints. Copy and Paste buttons require your action and depend on browser permission behavior.

What can still exist outside the project database

No custom project database is not the same as no processing anywhere. Browsers can cache pages, keep form history or store clipboard content. Hosting platforms can keep operational logs. The approved server-side lookup providers, ipinfo.io and ipwho.is, can keep their own logs. Extensions or device-level software can observe pages you use. The site tries to be transparent about these limits instead of hiding them.

Recommended operator checklist before public launch

Review the Privacy policy and Terms, confirm that the active server-side IP lookup strategy is still IPinfo first and ipwho.is only as fallback, confirm provider terms for production or advertising use, keep direct browser third-party lookup disabled, avoid ads or behavioral tracking near sensitive generator inputs, keep CSP strict, rate-limit expensive endpoints, and update the policy before adding analytics, ads or third-party scripts.