Geolocation API Test

See the coordinates, accuracy radius, altitude, and heading your browser exposes when a site asks for your location — and how that compares to what your IP address reveals.

Permission state

Read via navigator.permissions.query

unknown

Clicking the button calls navigator.geolocation.getCurrentPositionwith enableHighAccuracy: true. Your browser will prompt you before sharing anything.

IP-based location (server-side)

Approximate latitude
39.9625
Approximate longitude
-83.0061
City
Columbus
Country
United States

Derived from your public IP address using the IP geolocation database — typically accurate to the metro area, not the street.

How the Geolocation API works

The W3C Geolocation API exposes navigator.geolocation to JavaScript. When a script calls getCurrentPosition the browser shows a permission prompt; if you grant it, the browser returns a GeolocationPosition object with latitude, longitude, and an accuracy radius. Under the hood the browser combines GPS (on mobile), Wi-Fi triangulation, cell-tower IDs, and IP geolocation to produce the fix.

The API is only available in secure contexts (HTTPS), only after an explicit permission prompt, and the decision is remembered per-origin until you clear site data or revoke manually. Watch-position mode streams updates as you move and is gated by the same permission.

Accuracy by signal source

GPS (mobile, outdoors) — 5–20 m accuracy, includes altitude and heading while moving.
Wi-Fi triangulation (laptop, indoors) — 20–100 m; browser reports nearby access-point MACs to Google/Apple.
Cell-tower (mobile, indoors) — 100–1000 m, depending on tower density.
IP fallback — 1–100 km, equivalent to the server-side IP lookup shown on this page.

Privacy tips

Only allow geolocation on sites that need it — maps, ride-hailing, food delivery. News sites and e-commerce do not.
Audit your granted permissions regularly: Chrome → chrome://settings/content/location; Firefox → about:preferences#privacy → Permissions.
Use a VPN to blur IP-based location — even without GeoAPI access, your IP reveals your metro area on every request.
Revoke by default — set Chrome's default Location setting to "Don't allow sites to see your location" and grant per-site only when needed.

Frequently Asked Questions

How does the Geolocation API decide where I am?

Your browser combines several signals: GPS hardware on mobile devices, Wi-Fi access point MAC addresses (resolved through Google or Apple location databases), cell-tower identifiers, and as a last resort your public IP address. The browser picks the most accurate signal available — typically GPS outdoors on phones, Wi-Fi indoors on laptops, and IP fallback everywhere else.

What is the accuracy value?

The accuracy field reports the 68th-percentile radius of confidence in metres. A value of 20 m means there is a 68% chance your true location lies within 20 m of the returned coordinates. GPS fixes on open-sky mobile devices commonly show 5–20 m; Wi-Fi triangulation on laptops sits around 20–100 m; IP-only fallback shows anywhere from 1–100 km.

Why does the precise location differ from the IP-based location?

IP geolocation databases map each IP block to the datacentre or registered address of the ISP that owns it, which can be tens or hundreds of kilometres away from the actual subscriber. Mobile carriers aggregate users into large regional pools, so IP-derived coordinates for an Android phone can be off by an entire country. The Geolocation API is accurate to a room; IP lookup is accurate to a metro area at best.

Can a website track my location without asking?

Not via the Geolocation API — the browser shows a permission prompt before any coordinates are returned, and modern browsers remember the per-origin decision. However, sites can still infer your approximate city from your IP address (visible on every request), your time zone (via Intl.DateTimeFormat), and your language preferences (via navigator.language) without any prompt. Those signals are in the 10–100 km range.

How do I revoke geolocation permission?

Chrome: click the padlock in the address bar → Site settings → Location. Firefox: click the shield → permissions → Location, or Settings → Privacy & Security → Permissions → Location → Settings. Safari: Settings → Websites → Location → select site. Mobile browsers funnel through the OS location permission, which you revoke in system Settings → Privacy.

Is the Geolocation API a privacy risk?

It is the strictest of the major privacy-sensitive APIs: permission-gated, prompt-required, origin-scoped, and only available over HTTPS. The risk is user-driven — once you click Allow the site receives precise coordinates indefinitely unless you revoke. Treat the prompt like a password prompt and only allow it for maps, ride-hailing, and similar tools that genuinely need it.

More Tools

Full Browser Inspector

See all 80+ data points your browser exposes

What Is My IP?

Check your public IP, location, and ISP

What Is My Browser?

Detect your browser, version, OS, and device type

IPv6 Leak Test

Check whether your IPv6 address leaks alongside your VPN's IPv4

WebRTC Leak Test

Detect local and public IPs exposed by WebRTC, even behind a VPN

DNS Leak Test

See which resolver answers your queries and whether it bypasses your VPN

JavaScript Information

Inspect your JS engine, supported features, and runtime capabilities

Canvas Fingerprint

See the unique image your browser renders and how trackers use it

TLS Client Test

Inspect your ClientHello, cipher suites, and JA3 fingerprint

Incognito / Private Mode Test

Detect whether your browser is in Incognito or Private Browsing mode

Further Reading

What Is Browser Fingerprinting?

Learn how sites track you without cookies

Browser Privacy Comparison

Chrome vs Firefox vs Safari vs Brave

Browser Privacy Tips

10 practical ways to harden your browser