I use my PHP back-end to detect AJAX requests by checking for a value in
This gives me a reliable detection, making sure the request is made utilizing AJAX techniques.
How can I make sure the request came from my own domain, and not an external domain/robot?
www.example.com/ajax?true could allow anyone to make an AJAX call and cut the information.
I could make sessions for everyone that enters my website normally, and then allow AJAX calls.. but that can be faked too.
Does it even matter these days?