Hacker News new | past | comments | ask | show | jobs | submit login

Wait, now you have me wondering: If this is just javascript from another domain, what's preventing bots from proxying requests, intercepting this one, and replacing it with a dummy function that returns a "no threat" score?

So... the answer is, nothing prevents it?

When the API reports a failed verification, the webmaster knows that the response has been tampered with?

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact