Since this is the technique they used, the browsers would have sent referring URLs as part of each request. When traffic begins to spike suspiciously, why not send a headless browser to each referrer, and if any code on the referrer results in automatic loading of the domain you're trying to protect, blacklist it. I'm guessing that the bulk of the requests were referred by a relatively small number of pages/domains, so this would be a small processing task with a big payoff. This would effectively kill the use of this technique.
Unfortunately, the countermeasure for this sort of sniff already exists: the attacking referrer detects traffic from the victim's IP range and returns a sanitized copy of the content with the automatic loading logic removed. "Nothing to see here, officer."
It's a big programming task for a small processing task for a temporary payoff.
There's nothing that says the headless requests would have to come from the victim's IP range. Any cloud service could be used. Also, since open source headless browsers already exist (phantomjs et al), it's a small programming task.
