Browser Request vs Tool Request

There is a page which does not need any sign in to get accessed. That means, one can directly hit the URL and see that page. When that page is loaded it loads a video and using Ajax makes a request to the server, to increment the view count of the video. Again, if somebody uses something like "firebug", he can see the URL for the request.

The problem is any body can use a load test tool, to mimic the request and increase the video view count, without actually viewing it.

Is there a way to make sure that the request comes from inside a Browser and not some tool ?
Or, how do you suggest to solve this?

Thanks

There is nothing you can do. Anyone that uses a proxy tool such as Fiddler can also see the requests and call them.

Eric

Thanks Eric !
I think so too. By the way, is there a way in AJAX to set some request attribute (not parameters, which can be mimicked) value, before calling the server URL ? If yes, then the server code can find it and increment the count.

There is nothing you can do. Any request that can be sent via AJAX can also be sent via one of those tools.

Why isn't the counter triggered on the server by downloading the video?

Because, since people normally don't watch the whole videos. If the counting mechanism is invoked after downloading the video, the view count will be too less.

Generate a random token on the page, send it along with the AJAX request, only accept it once on the server?