Detecting Ajax in PHP and making sure request was from my own website

Question

I use my PHP back-end to detect AJAX requests by checking for a value in $_SERVER[\'HTTP_X_REQUESTED_WITH\'].

This gives me a reliable detection, making

Answer 1

Check the $_SERVER['HTTP_REFERER']. This will work in many cases, but shouldn't be confused for a completely-secure solution.