According to a company representative, CF requires a UA header, checks the contents of the UA header and blocks access to websites based on strings contained in the UA header that match "known bad ones" as part of its commercial "bot protection" services.
None of this implies that using a string that is a "known good one" is enough to satisfy the CF challenge. But CF still requires people to send CF a UA string. Right.
It seems that CF wants to mandate exclusive use of certain clients to access the web, "as a service", presumably ones that are preferred by so-called "tech" companies that sell advertising services.
Imagine if this type of restriction was imposed on CF itself and some third party blocked CF's access to the www unless CF used the software chosen by the third party or the third party's clients.
The www is supposed to be a means of accessing public information. From what I've seen many if not most of these websites blocked by CF "bot protection" are in fact comprised of public information.
None of this implies that using a string that is a "known good one" is enough to satisfy the CF challenge. But CF still requires people to send CF a UA string. Right.
It seems that CF wants to mandate exclusive use of certain clients to access the web, "as a service", presumably ones that are preferred by so-called "tech" companies that sell advertising services.
Imagine if this type of restriction was imposed on CF itself and some third party blocked CF's access to the www unless CF used the software chosen by the third party or the third party's clients.
The www is supposed to be a means of accessing public information. From what I've seen many if not most of these websites blocked by CF "bot protection" are in fact comprised of public information.