High Wire Payments

Security and Error Handling

Fail open safely and understand highwire.js security, privacy, and PCI behavior.

Error handling

collect() does not throw under normal operation — degraded environments still produce a blob. Whatever happens, fail open: deviceData is optional on the gateway, so a checkout must never be blocked by context collection.

let deviceData;
try {
  ({ blob: deviceData } = await hw.collect());
} catch {
  deviceData = undefined; // fail open — submit the payment without it
}

Security and PCI

  • Never reads input values. observeField listens only for the paste event and records the field name you chose — never element.value. Your PCI scope is unchanged.
  • No iframes, no hosted fields. The library renders no UI.
  • No network calls. The blob travels only through your own request path to your server, then to the gateway.
  • Self-hosted with SRI. You serve the file from your own origin and pin it with the SHA-384 hash HighWire provides; script-src 'self' is a sufficient CSP.
  • Open-source fingerprinting. Device fingerprinting uses FingerprintJS OSS v4 (MIT). It makes no calls to FingerprintJS servers, and visitorId is a hash, not raw personal data.
  • localStorage only, no cookies. The only thing the library persists is a first-seen timestamp (__hw_first_seen_at) in localStorage. It sets no tracking cookies.
  • Geolocation is prompt-gated. Location is only read through the browser's native permission prompt, and a denial is simply recorded — it never blocks collection. Pass geolocation: { enabled: false } to avoid prompting entirely.
  • No IP collection. The gateway resolves the cardholder IP server-side; the library does not read or transmit IP addresses.

On this page