diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index c2515b260..7c41e03df 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -1140,9 +1140,10 @@ class Context
 		if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST')
 		{
 			// Set variables for XE compatibility.
-			if (isset($_POST['_rx_ajax_compat']) && in_array($_POST['_rx_ajax_compat'], array('JSON', 'XMLRPC')))
+			$compat = $_SERVER['HTTP_X_AJAX_COMPAT'] ?? ($_POST['_rx_ajax_compat'] ?? false);
+			if ($compat && in_array($compat, array('JSON', 'XMLRPC')))
 			{
-				self::$_instance->request_method = $_POST['_rx_ajax_compat'];
+				self::$_instance->request_method = $compat;
 				return;
 			}
 			else
diff --git a/classes/display/DisplayHandler.class.php b/classes/display/DisplayHandler.class.php
index 63eeb2f40..bc7531534 100644
--- a/classes/display/DisplayHandler.class.php
+++ b/classes/display/DisplayHandler.class.php
@@ -97,7 +97,7 @@ class DisplayHandler extends Handler
 		}
 		else
 		{
-			if($responseMethod == 'JSON' || $responseMethod == 'JS_CALLBACK' || isset($_POST['_rx_ajax_compat']))
+			if($responseMethod == 'JSON' || $responseMethod == 'JS_CALLBACK' || isset($_SERVER['HTTP_X_AJAX_COMPAT']) || isset($_POST['_rx_ajax_compat']))
 			{
 				self::_printJSONHeader();
 			}
diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
index 14975b103..c208f2645 100644
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@@ -701,7 +701,7 @@ class ModuleHandler extends Handler
 		$procResult = $oModule->proc();
 
 		$methodList = array('XMLRPC' => 1, 'JSON' => 1, 'JS_CALLBACK' => 1);
-		if(!$oModule->stop_proc && !isset($methodList[Context::getRequestMethod()]) && !isset($_POST['_rx_ajax_form']))
+		if(!$oModule->stop_proc && !isset($methodList[Context::getRequestMethod()]) && !isset($_SERVER['HTTP_X_AJAX_TARGET']) && !isset($_POST['_rx_ajax_form']))
 		{
 			$error = $oModule->getError();
 			$message = $oModule->getMessage();
@@ -1013,7 +1013,8 @@ class ModuleHandler extends Handler
 		if(!isset($methodList[Context::getRequestMethod()]))
 		{
 			// Handle iframe form submissions.
-			if(isset($_POST['_rx_ajax_form']) && starts_with('_rx_temp_iframe_', $_POST['_rx_ajax_form']))
+			$ajax_form_target = strval($_SERVER['HTTP_X_AJAX_TARGET'] ?? ($_POST['_rx_ajax_form'] ?? ''));
+			if($ajax_form_target !== '' && starts_with('_rx_temp_iframe_', $ajax_form_target))
 			{
 				$data = [];
 				if ($this->error)
@@ -1029,7 +1030,7 @@ class ModuleHandler extends Handler
 				$data = array_merge($data, $oModule->getVariables());
 
 				ob_end_clean();
-				echo sprintf('<html><head></head><body><script>parent.XE.handleIframeResponse(%s, %s);</script></body></html>', json_encode(strval($_POST['_rx_ajax_form'])), json_encode($data));
+				echo sprintf('<html><head></head><body><script>parent.XE.handleIframeResponse(%s, %s);</script></body></html>', json_encode($ajax_form_target), json_encode($data));
 				return;
 			}
 
diff --git a/common/js/xml_handler.js b/common/js/xml_handler.js
index dea9344e3..9d9b435e5 100644
--- a/common/js/xml_handler.js
+++ b/common/js/xml_handler.js
@@ -42,8 +42,6 @@
 		params = params ? ($.isArray(params) ? arr2obj(params) : params) : {};
 		params.module = module;
 		params.act = act;
-		params._rx_ajax_compat = 'XMLRPC';
-		params._rx_csrf_token = getCSRFToken();
 
 		// Decide whether or not to use SSL.
 		var url = request_uri;
@@ -180,6 +178,10 @@
 				type : "POST",
 				dataType : "json",
 				data : params,
+				headers : {
+					'X-AJAX-Compat': 'XMLRPC',
+					'X-CSRF-Token': getCSRFToken()
+				},
 				success : successHandler,
 				error : errorHandler
 			});
@@ -205,8 +207,6 @@
 			//if (action_parts.length != 2) return;
 			params.module = action_parts[0];
 			params.act = action_parts[1];
-			params._rx_ajax_compat = 'JSON';
-			params._rx_csrf_token = getCSRFToken();
 			request_info = params.module + "." + params.act;
 		}
 
@@ -320,6 +320,10 @@
 				url: request_uri,
 				data: params,
 				processData: (action !== 'raw'),
+				headers : (action !== 'raw') ? {
+					'X-AJAX-Compat': 'JSON',
+					'X-CSRF-Token': getCSRFToken()
+				} : {},
 				success : successHandler,
 				error : errorHandler
 			});
diff --git a/modules/member/member.class.php b/modules/member/member.class.php
index 6d4baeebf..e8ab501e2 100644
--- a/modules/member/member.class.php
+++ b/modules/member/member.class.php
@@ -11,7 +11,7 @@ class Member extends ModuleObject
 	 * Constants
 	 */
 	public const ADMIN_EXTRA_VARS = ['refused_reason', 'limited_reason'];
-	public const NOUSE_EXTRA_VARS = ['error_return_url', 'success_return_url', '_rx_ajax_compat', '_rx_csrf_token', 'ruleset', 'captchaType', 'use_editor', 'use_html'];
+	public const NOUSE_EXTRA_VARS = ['error_return_url', 'success_return_url', '_rx_ajax_compat', '_rx_ajax_form', '_rx_csrf_token', 'ruleset', 'captchaType', 'use_editor', 'use_html'];
 	public const STATUS_LIST = ['APPROVED', 'DENIED', 'UNAUTHED', 'SUSPENDED', 'DELETED'];
 
 	/**