Originally Posted by rnd me
a different website cannot make request to your server using ajax, but a server or remote script request could. you can check the refferer header for a match as well. using post instead of get will cut off all non-user-approved (popup-warning) xdomain client-side IO actions.
a script whose context originates from another site will not have access to your cookies.
Thanks, but what if that script would use a function on my domain, would it count as if it was sent by my domain?