This is not safe

How can I change that code to be safe in WP?

public static function isAJAX( ) {
return isset( $_SERVER[‘HTTP_X_REQUESTED_WITH’] ) and ( $_SERVER[‘HTTP_X_REQUESTED_WITH’] == ‘XMLHttpRequest’ );

“DOING_AJAX” didn’t work. Becuase, I check if a page content called via AJAX or opened normally.

I’m not sure I understood your question correctly but I think you need to look at WordPress Nonces and check_ajax_referer() function

or simply use some variable only in ajax calls and check if it’s set

I think, I’ll use a variable to solve that issue. WP nonce is for security of AJAX fields generally.

This is from WooCommerce:

I tried it. But, didn’t work. I’ll add a variable to the url.