If you have an AJAX application that uses a PHP back-end app on a different server as your web front-end server (e.g. load balancing, cdn’s, etc), your PHP script will need to send header variables with the allowed content server name(s).
Web browsers are now following a standard for HTTP Access control to prevent client-side Cross Site scripting attacks.
I tested this with Firefox and it simply blocks the request without any error messages. Google Chrome browser will error out with the following message if the access control origin is not set correctly on your PHP script. (woot!)