security – bunyam.in https://bunyam.in Easy Solutions Wed, 16 Apr 2025 11:06:26 +0000 en-US hourly 1 https://wordpress.org/?v=6.8 How to detect request is XHR or Ajax https://bunyam.in/how-to-dedect-request-is-xhr-or-ajax/ Tue, 29 Sep 2015 09:14:57 +0000 http://bunyam.in/?p=25 Read more »]]> Detecting XHR is a small trick for security procedure nowadays.

Today most web application is detecting by bots or spiders. Some of them looking for your security issues. You can handle it with simple moves. 

If you filter just like below, there is a one more layer for your critical procedures. Because lots of spiders or crawlers does not have skill for set request type.

[php]
/* XHR-AJAX check */
if(!empty($_SERVER[‘HTTP_X_REQUESTED_WITH’]) && strtolower($_SERVER[‘HTTP_X_REQUESTED_WITH’]) == ‘xmlhttprequest’){
/*Your Procedures or processes */
}else{
/*Here is a direct call or bot */
die(‘you shall not pass!’);
}
[/php]
Simple.

]]>