|
|
|
|
|
|
by pbhjpbhj
2533 days ago
|
|
|
My guess is he's looking at XSS mitigations or similar that aren't in headless? If it were doing something like using CSS being non-blocking (? I don't know that it is) that's a server side detection .. but that would seem to work even against spoofing. But he says if you spoof another Chrome-based browser (Safari) he can't tell. So he's looking first at UA?? That's weird. |
|
|