AJAX is based on the following open standards − Browser-based presentation using HTML and Cascading Style Sheets (CSS). In the early-to-mid 1990s, most Web sites were based on complete HTML pages. Each user action required that a complete new page be loaded from the server. This placed additional load on the server and made bandwidth a limiting factor. This process was inefficient, as reflected by the user experience: all page content disappeared, then the new page appeared. Each time the browser reloaded a page because of a partial change, all of the content had to be re-sent, even though only some of the information had changed. AJAX = Asynchronous JavaScript And XML. AJAX is Based on Open Standards. AJAX is Based on Internet Standards. I am soliciting advice on correctly implementing nonces for ajax powered forms. The forms are written in plain html. For security reasons, I have limited the scope of the nonce to 300 seconds. Data is stored in XML format and fetched from the server. And the url that generates nonce values check for http referer to ensure that requests are made from the site. However, this may be futile due to the reasons mentioned in Referer header: privacy and security concerns (MDN). AJAX is based on internet standards, and uses a combination of: XMLHttpRequest object (to exchange data asynchronously with a server) JavaScript/DOM (to display/interact with the information) CSS (to style the data) XML (often used as the format for transferring data) AJAX is not a programming language. The way, I have currently implemented is - the default form submit is intercepted through javascript and before processing the form, a get call is made to get a nonce token in JSON, the resulting nonce data is appended to the form data and is sent to the server for further processing via POST (XHR). AJAX just uses a combination of: A browser built-in XMLHttpRequest object (to request data from a web server) JavaScript and HTML DOM (to display or use the data)

