By asking this question I assume that requests from the browser to backend server are catchable by network console and possible to reproduce simply by a "Copy as curl".
Let's say I want to collect a dummy value from my browser to analyse it from my backend system, for example:
window.devicePixelRatio
How can I be sure that window.devicePixelRatio is the user's real one? I mean, a malicious user can block the request sent to the backend and craft his own request with a simple curl.
Is it technically possible to make this impossible or really difficult for malicious users? Is there some pattern to do this?