diff --git a/system/HTTP/IncomingRequest.php b/system/HTTP/IncomingRequest.php
index ffe5cca85592..4a89067a7c60 100755
--- a/system/HTTP/IncomingRequest.php
+++ b/system/HTTP/IncomingRequest.php
@@ -294,8 +294,7 @@ public function isCLI(): bool
 	 */
 	public function isAJAX(): bool
 	{
-		return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&
-				strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest');
+		return $this->hasHeader('X-Requested-With') && strtolower($this->getHeader('X-Requested-With')->getValue()) === 'xmlhttprequest';
 	}
 
 	//--------------------------------------------------------------------
@@ -312,11 +311,11 @@ public function isSecure(): bool
 		{
 			return true;
 		}
-		elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+		elseif ($this->hasHeader('X-Forwarded-Proto') && $this->getHeader('X-Forwarded-Proto')->getValue() === 'https')
 		{
 			return true;
 		}
-		elseif (! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
+		elseif ($this->hasHeader('Front-End-Https') && ! empty($this->getHeader('Front-End-Https')->getValue()) && strtolower($this->getHeader('Front-End-Https')->getValue()) !== 'off')
 		{
 			return true;
 		}
diff --git a/tests/system/HTTP/IncomingRequestTest.php b/tests/system/HTTP/IncomingRequestTest.php
index 111e451b654c..6080fcdbb177 100644
--- a/tests/system/HTTP/IncomingRequestTest.php
+++ b/tests/system/HTTP/IncomingRequestTest.php
@@ -326,7 +326,7 @@ public function testIsCLI()
 
 	public function testIsAJAX()
 	{
-		$_SERVER['HTTP_X_REQUESTED_WITH'] = 'xmlhttprequest';
+		$this->request->appendHeader('X-Requested-With', 'XMLHttpRequest');
 		$this->assertTrue($this->request->isAJAX());
 	}
 
@@ -340,13 +340,13 @@ public function testIsSecure()
 
 	public function testIsSecureFrontEnd()
 	{
-		$_SERVER['HTTP_FRONT_END_HTTPS'] = 'on';
+		$this->request->appendHeader('Front-End-Https', 'on');
 		$this->assertTrue($this->request->isSecure());
 	}
 
 	public function testIsSecureForwarded()
 	{
-		$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
+		$this->request->appendHeader('X-Forwarded-Proto', 'https');
 		$this->assertTrue($this->request->isSecure());
 	}