A method to facilitate detection of automated attacks on a web service is disclosed. Some embodiments of the method can include binding a session identifier to a user session with the web service. The method can further include receiving a plurality of web requests during the user session that include the session identifier. The plurality of web requests can then be processed with a set of automation detection heuristics to identify session attributes associated with the session identifier during the user session. The method can further include detecting that the session identifier is associated with an automated attack when at least one of the session attributes associated with the session identifier exceeds a threshold amount.