Detecting Ajax in PHP and making sure request was from my own website

Question

I use my PHP back-end to detect AJAX requests by checking for a value in $_SERVER[\'HTTP_X_REQUESTED_WITH\'].

This gives me a reliable detection, making

Answer 1

Let you Controller

• generate access token
• store in session for later comparison

In your View

• declare the access token as JS variable
• send the token with each request

Back in your Controller

• validate HTTP_X_REQUESTED_WITH
• validate token

Check these security guidelines from OpenAjax.
Also, read the article on codinghorror.com Annie linked.