Is there a way to differentiate between the browsers loading the webpage that requested the resource (e.g., <script src="https://www.example.com/requested_script.js"></script>
Directly (without referrer) to the resource being requested by using PHP or .htaccess and entering the URL directly in the URL bar?
I'm trying to protect JavaScript files from R&D (theft and copying) by instructing the server to serve up a fake (i.e. fake) JavaScript file when a potential thief attempts to view it, directly reading the file content/source code, while leaving the real JavaScript file Provided to the browser as a legal resource.
Maybe add a hash value as the end of the redirect, only one will be real.
is similar to
To make it harder to read, use an obfuscator, for example:
https://closure-compiler.appspot.com/home
It will also reduce the file size.
However, if your main concern is running "proprietary" operations in Javascript, you'd be better off moving those operations to the server side and then sending the final calculations/values to the client so no one knows how you Get them.
Unfortunately, any additional information is always visible to the client because that's how the browser reads it.