While changing some settings (in this case network.http.sendRefererHeader), I got locked out of Twitter. This seems to be an intended feature.
You get an infinite redirect loop stating: "If you’re not redirected soon, please use this link.".
I don't think it would be an effective way to fight bots so why are they doing it? Thanks in advance!
Original research paper: http://www.ntt.co.jp/news2018/1807e/180718a.html
Twitter Blog: https://blog.twitter.com/engineering/en_us/topics/insights/2...
"A website can request a page from Twitter in the background with JavaScript using standard browser APIs. That request will be made using login credentials (stored in cookies), so if you're logged into Twitter, that request will be made as you.
Our site implements common CSRF protections on POST requests to prevent actions being made on your behalf (for example, being able to send a Tweet). The browser also enforces a number of limitations on cross-origin requests for security reasons. For example, another origin cannot read the response content. However, the requesting page is able to determine how long the request took to load.
This timing data will only reveal information if the response times can be manipulated into result based on a specific user. Generally, your page load time will depend on the Tweets you're viewing, and these aren't easy to predict.
However, when you are blocked by another user, we prevent you from being able to load their profile page, and just show a basic empty page. That page is much faster to load than a profile full of Tweets.
In our tests, profile page load times reliably dropped from around 500ms to about 200ms. In this way, one user can affect the page load time of another user viewing a specific url."