Concluded Answer after googling a lot !

谷歌搜索后得出的结论！

Step-1 : Generate Token System For All Web-Service:

步骤 1：为所有 Web 服务生成令牌系统：

Generating Token :

生成令牌：

<?php
  session_start();
  $token = md5(rand(1000,9999)); //you can use any encryption
  $_SESSION['token'] = $token; //store it as session variable
?>

Step-2 : Use it while sending ajax call:

第 2 步：在发送 ajax 调用时使用它：

var form_data = {
  data: $("#data").val(), //your data being sent with ajax
  token:'<?php echo $token; ?>', //used token here.
  is_ajax: 1
};

$.ajax({
  type: "POST",
  url: 'yourajax_url_here',
  data: form_data,
  success: function(response)
  {
    //do further
  }
});

Step-3 : NOW, Let's secure ajax handler PHP file with,

第 3 步：现在，让我们保护 ajax 处理程序 PHP 文件，

session_start(); //most of people forget this while copy pasting code ;)
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
  //Request identified as ajax request

  if(@isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']=="http://yourdomain/ajaxurl")
  {
   //HTTP_REFERER verification
    if($_POST['token'] == $_SESSION['token']) {
      //do your ajax task
      //don't forget to use sql injection prevention here.
    }
    else {
      header('Location: http://yourdomain.com');
    }
  }
  else {
    header('Location: http://yourdomain.com');
  }
}
else {
  header('Location: http://yourdomain.com');
}

NOTE: SORRY FOR NESTED IF..ELSE, BUT IT INCREASES UNDERSTANDABILITY.YOU CAN SIMPLIFY ALL THREE IN ONE IF ELSE. 85% Security Enhanced !

注意：很抱歉嵌套 IF..ELSE，但它增加了可理解性。如果 ELSE 的话，您可以将三者合二为一。85% 安全性增强！

Quoting Eran Galperinfrom a similar discussion

从类似的讨论中引用Eran Galperin

As others have said, Ajax request can be emulated be creating the proper headers. If you want to have a basic check to see if the request is an Ajax request you can use:

if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
 //Request identified as ajax request
}

However you should never base your security on this check. It will eliminate direct accesses to the page if that is what you need.

正如其他人所说，可以通过创建正确的标头来模拟 Ajax 请求。如果您想进行基本检查以查看请求是否为 Ajax 请求，您可以使用：

if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
 //Request identified as ajax request
}

但是，您永远不应该将您的安全性建立在此检查上。如果您需要，它将消除对页面的直接访问。

Please take this answer by Jeremy Rutenalso into account:

请同时考虑Jeremy Ruten 的这个回答：

There is no way of guaranteeing that they're accessing it through AJAX. Both direct access and AJAX access come from the client, so it can easily be faked.

Why do you want to do this anyways?

If it's because the PHP code isn't very secure, make the PHP code more secure. (For example, if your AJAX passes the user id to the PHP file, write code in the PHP file to make sure that is the correct user id.)

无法保证他们通过 AJAX 访问它。直接访问和 AJAX 访问都来自客户端，因此很容易被伪造。

你为什么要这样做？

如果是因为 PHP 代码不是很安全，请使 PHP 代码更安全。（例如，如果您的 AJAX 将用户 ID 传递给 PHP 文件，请在 PHP 文件中编写代码以确保这是正确的用户 ID。）

More clever thoughts in the discussion linked above.

上面链接的讨论中有更聪明的想法。

some way are required for secure connection ajax and php . you can use

安全连接 ajax 和 php 需要某种方式。您可以使用

if(@isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']=="http://yourdomain/ajaxurl")
{
 //Request identified as ajax request
}

dont forget to secure php file because with cURL can spoof headers .

不要忘记保护 php 文件，因为使用 cURL 可以欺骗标题。

you could also block hotlinking if you are worried that others might access your content without your approval

如果您担心其他人可能未经您的同意访问您的内容，您也可以阻止盗链

see: http://www.htmlbasix.com/disablehotlinking.shtml

见：http: //www.htmlbasix.com/disablehotlinking.shtml

JavaScript running on another domain cannot access any page on your domain because this is a violation of the Same-Origin Policy. The attacker would need to exploit an XSS vulnerability in order to pull this off. In short you don't need to worry about this specific attack, just the same old attacks that affect every web application.

在另一个域上运行的 JavaScript 无法访问您域中的任何页面，因为这违反了同源策略。攻击者需要利用 XSS 漏洞才能实现这一目标。简而言之，您无需担心这种特定的攻击，只需担心影响每个 Web 应用程序的旧式攻击即可。

It's not simple and propably there is no way to do that at all. You can require of some POST variables in your php file and send them in your AJAX request. This will secure you from someone who simply paste URL in his browser.

这并不简单，而且可能根本没有办法做到这一点。您可以在 php 文件中要求一些 POST 变量，并将它们发送到您的 AJAX 请求中。这将保护您免受简单地将 URL 粘贴到他的浏览器中的人的侵害。

Nobody can AJAX your site from other domain (security issues), but always can connect and drieclty send http request, for example by cURL.

没有人可以从其他域（安全问题）对您的站点进行 AJAX，但始终可以连接并直接发送 http 请求，例如通过 cURL。

You can create some token in cookies, that will be also seen from jquery request, but that solution can also be hacked.

您可以在 cookie 中创建一些令牌，这也可以从 jquery 请求中看到，但该解决方案也可以被破解。

just set a session in the app and check if the session isset

只需在应用程序中设置一个会话并检查会话是否已设置

session_start();
if(!isset($_SESSION['gebruikersnaam'])) {
  header('Location: path/to/app/home');
}
//Do stuff

You also can use this:

你也可以使用这个：

if(!$_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
 header('Location: path/to/app/home');
}

but not all the browsers support HTTP_X_REQUESTED_WITH

但并非所有浏览器都支持 HTTP_X_REQUESTED_WITH

for some extra security you can check if the ajax call is comming form your app

为了获得一些额外的安全性，您可以检查 ajax 调用是否来自您的应用程序

  if(@isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']=="http://yourdomain/path/to/ajax/file") {
   header('Location: path/to/app/home');
}