I have a piece of javascript that I want to implement on multiple thank-you pages of webshops to transport data to a php script (via jsonp) on a HTTPS server. Is there any way to authenticate the transport request of the external script to avoid illegal/faked requests? The easiest way would be to verify the referer e.g. by the http_referrer of the request. But the referrer isn't always passed by the browser. I can't use any server side script on the thank you pages to generate hashes.