I have a numeric value that increments on the client-side based on user actions in the browser.

At certain checkpoints I send this value to my Spring Boot backend (Angular frontend). The backend uses this value in a formula to compute a final result.

The problem: A user can open devtools and manipulate this value before it gets sent to the backend.

What I already considered:

• HMAC signing → secret lives in browser, user can recompute the hash with a fake value

• Asymmetric encryption → user can modify the JS before encryption happens

• Hashing endpoint → backend generates hash but the endpoint is public, user can call it with any fake value and get a valid hash

• Code obfuscation → user doesn't need to read the code, they just intercept the network request and edit the value directly

• API call on every increment → not acceptable, too many calls

Constraints:

• Value must be sent in batches, not on every increment

• Assume attacker has full browser devtools access and can modify JS

Question: Is there any secure way to send a client-side accumulated numeric value to the backend without the user being able to tamper with it, given these constraints?

Or is server-side tracking the only real solution?