How can a site bypass VPN without using geolocation?


[I was instructed to repost if related questions didn’t answer my question. I’ll try to explain my question better.]

There’s a website and it shows two pieces of information when you chat with another user:

“IP location” and “Detected location”.

When I used a VPN (and WebRTC off), the “IP location” changed to the VPN country, (as expected) but the “Detected location” showed the real country. So the site was able to bypass VPN.

Does anyone understand how this is possible?

I tried several other sites but not a single one was able to detect real location. Sites like https://www.iplocation.net only saw the VPN location. So I know the VPN is solid. Some sites use geolocation (e.g. https://gps-coordinates.org), but for that, the browser shows notification asking for permission. In related questions, there’s discussion about Google Maps, but on fresh browser even maps.google.com can’t bypass the VPN (and shows the VPN location). Then if you click on the small circle, browser will ask to allow location permission. So unless you allow, GM can’t get your location.

But in the case of this site, the browser didn’t ask for location permission (nor is there any permission indication on the address bar)

So I’m curious to understand how is this possible?