This page fires POST /action using your browser's current session cookie.
The server validates the identity signal and returns the result below.
Browser (you): passes — user-agent and IP match the stored identity signal.
Attacker (curl / Postman): blocked — different user-agent breaks the hash.