From ebd25770b4d706d740604066212e803055a8f60d Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Tue, 17 Mar 2026 10:19:29 +0100
Subject: [PATCH] revert: remove client-side bot detection from tracking script

Server-side heuristic scoring already catches these patterns via
IsSuspiciousEvent. Client-side checks are trivially bypassable
(script is public) and add payload weight for all real users.
---
 public/script.js | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/public/script.js b/public/script.js
index 9dfc800..e864977 100644
--- a/public/script.js
+++ b/public/script.js
@@ -18,20 +18,6 @@
     return;
   }
 
-  // * Skip likely bots: headless Chrome fingerprints and known bot viewports
-  var isChrome = /Chrome/.test(navigator.userAgent) && !/Edg/.test(navigator.userAgent);
-  if (
-    // * Headless Chrome has zero plugins (real Chrome always has at least 1; Firefox excluded — it legitimately reports 0)
-    (isChrome && navigator.plugins && navigator.plugins.length === 0) ||
-    // * Headless Chrome lacks the chrome runtime object
-    (isChrome && !window.chrome) ||
-    // * No outer window dimensions — headless or hidden browser
-    (window.outerWidth === 0 || window.outerHeight === 0) ||
-    // * Default headless viewport: exactly 1024x1024 (no real monitor uses this)
-    (window.innerWidth === 1024 && window.innerHeight === 1024)
-  ) {
-    return;
-  }
 
   // * Get domain from script tag
   const script = document.currentScript || document.querySelector('script[data-domain]');