Well, all my requests come through the loopback interface, so I've already eliminated external requests.

I know http requests are anonymous; but since both the server and the client live on the same system, I thought maybe I can somehow determine from which local user the request came. I understand there is not much hope, though.