> We consider an HTTPS connection to be intercepted when there is a mismatch between the expected client request signature corresponding to the browser identified by the User Agent, and the actual client request fingerprint of the request.
Sounds like something that would be "trivial" to defeat, by means of "emulating" other TLS implementations more closely?
which is what https://github.com/lwthiker/curl-impersonate does: it's a special build of curl that can impersonate Chrome & Firefox