$protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http'; $url = $protocol . '://' . $_SERVER[HTTP_HOST] . $_SERVER[REQUEST_URI]; $hash = hash_hmac('sha256',
$url, $yourKey); if ($_SERVER['HTTP_X_MYLEAD_SECURITY_HASH'] === $hash) { // successful verification. It is safe to process the postback }