Operators of web server systems and other systems that serve content to the public face a number of challenges. Computer fraudsters may interfere with the serving of content by placing code on computers of unsuspecting users, where that code may intercept communications between the computers and the web server systems for illicit purposes, such as identifying passwords and other credentialing information. Fraudsters may also form botnets for attacking content providers, such as for making attempts to access those content providing systems using stolen credentials or for performing denial of service attacks in a coordinated manner on a content provider. Alternatively, legitimate systems may repeatedly request content from such content providing systems as a means of scraping the content, e.g., to perform indexing for a search engine. Any or all of these activities may place risks on a content serving system and/or put problematic loads on them, and may require distinguishing legitimate activity from illegitimate.