PHP check to make sure request is either xmlhttp from my site or normal request from a certain domain

Question

How would the condition be written to ensure a page is either accessed by xmlhttp request from my site or from an allowed outside domain?

Answer 1

You need to be aware that HTTP headers are easily spoofed so someone could easily telnet and send that HTTP header and access the page. Do not rely upon HTTP REFERER for sensitive data. The only reasonably safe prevention is to use logins.