How do you or the terms defines “security-related features”?
You agree not to circumvent, disable or otherwise interfere with the security-related features…
A security system should at least expect specific cookies and headers from a request before it gets validated.
Because the system requires JavaScript and cookies
( Browser Security System - Features and Limitations )
My requests to REST API were made using Python script and did not contain any cookies—and headers—other than essential parameters. The fact that they were accepted by the server without cookies just implies the absence of such security system at those endpoints.
So I’m confused of how you concluded that I circumvented something. Like, what security-related features did I circumvent? 403 Forbidden error is security-related but not this error:
Connection aborted.’, RemoteDisconnected(‘Remote end closed connection without response’,)