Is there a way to detect if a player executes an HttpGet request?

Some times when players exploit they use HttpGet script instead of pasting a Lua hack script. Is there a way that I can detect when a player Executes the HttpGet request?

1 Like

Nothing that I know of, otherwise you can ask Roblox to add this feature (#platform-feedback:engine-features )

A player can’t even send HTTP requests on their client, so if they can send HTTP requests to a website, it has to be because of you not handling good security in the game with RemoteEvents – Remember, don’t trust the client

What is this “GetHttp” script anyway?

They usually look like this:

loadstring(game:HttpGet("", true))()

HttpGet is no longer a thing, and you can’t use loadstring on a player’s client, it even has to be enabled first before it could be used on the server. This entire will fail, unless it is sent over a RemoteEvent you set up to run code in real-time

1 Like

In short, no.
HttpGet is a part of game and if you try to access it you’ll either get nil or a security context error.
I’ve seen in the past exploits even overwrite HttpGet via the exploit so they can keep supporting previous scripts which use it. There’s no way to detect it.

1 Like

It doesn’t, remember that exploits don’t have to abide by Roblox’s rules, especially when they are only on the client, because they have complete control of their client. This script would be executable in every game, even if game.ServerScriptService.LoadstingEnabled = false.

1 Like

Exploits implement their own HttpGet which isn’t even in the Roblox VM at all. So no, you can’t ever detect that.


game:HttpGet isn’t a valid Roblox function, so trying to notice when a exploiter calls it is practically impossible unless Roblox creates that function, which will open a huge exploiting hole in lots of games so it most likely wont get added.

You’re just going to have to stick with them, closest you can get to is just adding an anti-exploit.