In This article the auther mentioned a way to protect from AJAX hijacking by using
CSRFprotect param but I didn't understand how he set it's value ?
I would put the code here but when I do it appears inapprehensible .
He's intercepted the JQuery ajax events in order to add a custom querystring parameter (ie it's a custom solution, and would need to be implemented carefully on the server-side too, it's not a standard solutoin). Would probably help against a general case website infection, but not against a targeted attack.