Comment by GTP
7 months ago
I guess it depends on the server's implementation. but, since you need some logic to decide when to serve the html bomb anyway, I don't see why you would prefer this solution. Just use whatever script you're using to detect the bots to serve the bomb.
No other scripts. Hide the link to the bomb behind an image so humans can't click it.
My first thought is how this would interact with things like screen readers and other accessibility devices
Don’t screen readers ignore invisible text/links?