[jeroenhd]

I've pondered why websites who are that afraid of reverse engineering don't simply feed the browser mock data or kill a user's session (with a five minute IP block) when the browser requests a source map. Almost all browsers request them by default the moment you open the debugger and normal users very rarely hit the debugger.

Sure, it'd be trivial to circumvent such a block, but it'd easily inconvenience most of the low-hanging fruit enough that things like community maintained ad blockers could become ineffective. Surely simply never serving ads to people who open the dev tools would prevent the 99.9% of normal users from using effective ad blockers in their browsers.

[Andrews54757]

I've seen some websites do this in the wild, it's why I recommend turning the sourcemaps off in the troubleshooting section of my anti-anti-debug tool.

It's pretty easy to circumvent this method, but honestly the user shouldn't have to configure their browsers to be resistant to anti-debugging. From the side of the website, it should be impossible to know if the debug tools are just open.

[iudqnolq]

I haven't seen any anti reverse engineering on sites with significant technical expertise. For example Facebook just prints a very reasonable warning. I've seen anti-debugger stuff only on relatively shady and cheap websites. I suspect the issue with your suggestion is it would require replacing static file serving with a smarter backend.