Suggestion: make it clear that User-Agent must be specified in request

[erasmus]

Hitting developer.world.org/api/v4/verify/rp_... with the wrong header leads to Cloudflare's bot protection 403, when there's no user agent.

Would be helpful if this was made clear to builders/LLMs, something like

Add a user agent to your request to avoid getting blocked by Cloudflare's bot protection rules.

headers: {
  'Content-Type': 'application/json',
  'User-Agent': '{INSERT YOUR USER-AGENT}'