The reason to why I'm asking this is because I want to develop a secure whitelist whereby exploiters are unable to manipulate the script to believe they are whitelisted
I've tried userid formats of whitelist however again exploiters can easily manipulate this by executing which modifies either their roblox user id/username
Your best use for a whitelist would be a list of UserIds. Doing this server sided will only allow those players in. I've never heard of exploiters being able to change their userid, if that was possible, there would be a huge security risk.
For security purposes roblox doesn't allow you to identify anything to trace the location of a player. This includes Ip, Mac adress, Age, Gender, Country, etc.
Here's a whitelist template.
local IDs = { [12345] = true, [67890] = true, --etc... } game.Players.PlayerAdded:Connect(function(Player) if not IDs[Player.UserId] then Player:Kick("You're not whitelisted to join this game") end end)