which code or rule can prove this requires a legitimate request from within the headless browser running on the target server i not have knowledge about it and can not understand it,can you give me any hint?