Info like client IP address, http user-agent details, geolocation. Especially for denies that don't present a user with a login screen and therefore no direct identity info is collected, like when a "location" deny rule applies. For use troubleshooting exactly which rule is denying a user access, since the generic access denied screen they're presented with does not give any indication.