How to know, from what site server is getting request?

Question

How i can avoid cross-site-scripting, by knowing, from what site user is requesting data?

Answer 1

$_SERVER['HTTP_REFERER']

should contain the URL from which the request originates from.

EDIT: If you are actually trying to prevent XSS then it's mostly down to having to make sure you use htmlentities() everywhere you print unfiltered user data, and should really be using it on pretty much all data you print that isn't meant to be viewed as raw HTML.

Although there are bunch of considerations when writing PHP code as well, but they are far too many to discuss here without any pointers.

Answer 2

I am not sure whether knowing the referrer URL will work for you but

And most of the time, XSS attacks came from an input or data that are not well filtered or cleaned before showing it to a browser, like cookies/sessions.

Please read the article below which teaches a library to prevent XSS attacks.

Link: http://oozman.com/php-tutorials/avoid-cross-site-scripting-attacks-in-php/

Answer 3

in $_SERVER array in base case this is $_SERVER['HTTP_REFERER'] - but if user go to your site from js method like document.location.href = 'yoursite.com'. IE (test on IE7) does not sent to you information about referer through security reason.

Answer 4

Use $_SERVER["HTTP_REFERER"], but see the responses to this question.

Answer 5

How i can avoid cross-site-scripting

You can't avoid cross-site-scripting by knowing from what site a user is requesting data.

You can avoid cross-site-scripting by properly escaping.