Security and Error Handling
Fail open safely and understand highwire.js security, privacy, and PCI behavior.
Error handling
collect() does not throw under normal operation — degraded environments
still produce a blob. Whatever happens, fail open: deviceData is
optional on the gateway, so a checkout must never be blocked by context
collection.
let deviceData;
try {
({ blob: deviceData } = await hw.collect());
} catch {
deviceData = undefined; // fail open — submit the payment without it
}Security and PCI
- Never reads input values.
observeFieldlistens only for thepasteevent and records the field name you chose — neverelement.value. Your PCI scope is unchanged. - No iframes, no hosted fields. The library renders no UI.
- No network calls. The blob travels only through your own request path to your server, then to the gateway.
- Self-hosted with SRI. You serve the file from your own origin and pin
it with the SHA-384 hash HighWire provides;
script-src 'self'is a sufficient CSP. - Open-source fingerprinting. Device fingerprinting uses FingerprintJS
OSS v4 (MIT). It makes no calls to FingerprintJS servers, and
visitorIdis a hash, not raw personal data. - localStorage only, no cookies. The only thing the library persists is
a first-seen timestamp (
__hw_first_seen_at) inlocalStorage. It sets no tracking cookies. - Geolocation is prompt-gated. Location is only read through the
browser's native permission prompt, and a denial is simply recorded — it
never blocks collection. Pass
geolocation: { enabled: false }to avoid prompting entirely. - No IP collection. The gateway resolves the cardholder IP server-side; the library does not read or transmit IP addresses.