If($_SERVER['HTTP_ORGIN'] == 'http://trusted.site'){
      header('Access-Control-Allow-Origin: http://trusted.site');
      //process request
      }
  else{
         exit;
  }