The nastiest thing here is to use anything via the browser-embedded ActiveX. It's true for anything at all, including Ajax. This is not a legitimate way at all. Not only it is not standard, working, basically, only for Microsoft, not all systems and browsers, but is also considered very unsafe, by quite good reasons. In fact, the users concerned with safety should blacklist the site if the spot that it tries to use ActiveX. It would be one of the worst safety breach.
You need to use Ajax in a standardized way. Please see:
Ajax,
Getting Started — Ajax[
^],
Using XMLHttpRequest — Web APIs.
You can also find quite good Ajax support in some JavaScript libraries/frameworks, notably jQuery:
Ajax | jQuery API Documentation,
jQuery.ajax() | jQuery API Documentation.
See also the comment to the question by Prateek Dalbehera.
Ajax has been standardized a long time ago. It's hardly unlikely that some non-nonsense browser would fail to support it. If you ever face a browser which does not support Ajax in a standard way but requires ActiveX, you can decisively detect it in your code and deny working with it. It will only benefit your software or site and won't scare of real users.
—SA