I use Tampermonkey (and Allow-control-Allow-Origin) extensions in Chrome to automate procedures on some sites. The functionality of my user script includes ajax requests locally to an app I have also developed in order to get content from html and response with 'commands' to perform actions on browser through JavaScript (navigate to other links, set values to fields and press buttons).
However, I am concern on what level the automation of the implemented functionality is visible to the sites.
The questions which are raised are:
- Is it possible to detected the use of userscripts from the site provider?
- The ajax requests (to local host) can be caught somehow by the site provider (ex. JavaScript code checks all the ajax requests done in browser tab and detect unknown domains/calls )? If yes, what could be the alternative solution?
- Is it possible to be distinguished user actions (navigating to other links, adding values to filed, pressing buttons), if those done by user or javascript? (it is assumed that actions aren't performed instantly. Time gaps take place)
