I read that checking the X-Requested-With header of the ajax request is a good

Question

0

Asked: May 19, 20262026-05-19T22:01:22+00:00 2026-05-19T22:01:22+00:00

I read that checking the X-Requested-With header of the ajax request is a good

0

I read that checking the X-Requested-With header of the ajax request is a good way to make sure the request isn’t coming from outside. On the server side, how do I check this header? and what’s the right way to react of this header is missing or wrong (redirect, throw exception, else)?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-19T22:01:23+00:00

Editorial Team

2026-05-19T22:01:23+00:00Added an answer on May 19, 2026 at 10:01 pm

You can check it like this…

$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND 
          strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';

If you are only expecting access via XHR, then just exit if this header is not present.

Note: This header is trivial to spoof. Don’t rely on this for anything but it looks like it came from na XHR.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I read that checking the X-Requested-With header of the ajax request is a good

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply