LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Why does the Geolocation API require HTTPS?

Because location is sensitive personal data that could be intercepted over plain HTTP, browsers only expose geolocation on secure origins — HTTPS, or localhost for development.

Secure origins:

  • https://example.com (HTTPS)
  • http://localhost (exception for development)
  • http://127.0.0.1 (exception for development)

Why this matters:

  • Location reveals where you are, where you live, where you work
  • HTTP traffic can be intercepted (man-in-the-middle)
  • Attackers could track user movements

If you try on HTTP:

navigator.geolocation.getCurrentPosition(success, error);
// Error: "Only secure origins are allowed"

Other APIs with same requirement: Camera, microphone, push notifications, service workers.

Go deeper:

  • doc MDN — Secure contexts — the general mechanism behind the HTTPS-only rule, why localhost is exempt, and the window.isSecureContext check.

From Quiz: WEBT / Geolocation API and Responsive Layouts | Updated: Jul 05, 2026