You should not rely on distinguishing between real and unreal XMLHTTP (XHR) requests. Do not trust any requests regardless of their origin. The origin does not matter from a security point of view as long as the request does not contain malicious content. When requests need to be authorized, they authenticate themselves correctly with a strong authentication mechanism, that is all you can do.
Dig deeper on Software Security Test Best Practices
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.