Love it! How were you able to access the profile endpoint?

Do you get the header values from other XHR endpoints on the same server while loading the retrocredit page?

How do you generate the "recaptcha" header (or is it constant and can be reused)?

A Tampermonley script (or just js for dev console) would make this even better. I might try if this works.