diff --git a/framework/yii/assets/yii.js b/framework/yii/assets/yii.js
index 22f92a5..add3a02 100644
--- a/framework/yii/assets/yii.js
+++ b/framework/yii/assets/yii.js
@@ -163,12 +163,22 @@ yii = (function ($) {
 		init: function () {
 			var $document = $(document);
 
+			// automatically send CSRF token for all AJAX requests
 			$.ajaxPrefilter(function (options, originalOptions, xhr) {
 				if (!options.crossDomain && pub.getCsrfVar()) {
-					xhr.setRequestHeader('X-CSRF-TOKEN', pub.getCsrfToken());
+					xhr.setRequestHeader('X-CSRF-Token', pub.getCsrfToken());
 				}
 			});
 
+			// handle AJAX redirection
+			$document.ajaxComplete(function (event, xhr, settings) {
+				var url = xhr.getResponseHeader('X-Redirect');
+				if (url) {
+					window.location = url;
+				}
+			});
+
+			// handle data-confirm and data-method for clickable elements
 			$document.on('click.yii', pub.clickableSelector, function (event) {
 				var $this = $(this);
 				if (pub.allowAction($this)) {
@@ -178,6 +188,8 @@ yii = (function ($) {
 					return false;
 				}
 			});
+
+			// handle data-confirm and data-method for changeable elements
 			$document.on('change.yii', pub.changeableSelector, function (event) {
 				var $this = $(this);
 				if (pub.allowAction($this)) {
diff --git a/framework/yii/web/Controller.php b/framework/yii/web/Controller.php
index 773e2de..6b8afa4 100644
--- a/framework/yii/web/Controller.php
+++ b/framework/yii/web/Controller.php
@@ -126,8 +126,7 @@ class Controller extends \yii\base\Controller
 	 * Any relative URL will be converted into an absolute one by prepending it with the host info
 	 * of the current request.
 	 *
-	 * @param integer $statusCode the HTTP status code. If null, it will use 302
-	 * for normal requests, and [[ajaxRedirectCode]] for AJAX requests.
+	 * @param integer $statusCode the HTTP status code. If null, it will use 302.
 	 * See [[http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html]]
 	 * for details about HTTP status code
 	 * @return Response the current response object
diff --git a/framework/yii/web/Request.php b/framework/yii/web/Request.php
index 76c8883..c76fd4e 100644
--- a/framework/yii/web/Request.php
+++ b/framework/yii/web/Request.php
@@ -73,7 +73,7 @@ class Request extends \yii\base\Request
 	/**
 	 * The name of the HTTP header for sending CSRF token.
 	 */
-	const CSRF_HEADER = 'X-CSRF-TOKEN';
+	const CSRF_HEADER = 'X-CSRF-Token';
 
 	/**
 	 * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true.
diff --git a/framework/yii/web/Response.php b/framework/yii/web/Response.php
index cfbc537..979cce0 100644
--- a/framework/yii/web/Response.php
+++ b/framework/yii/web/Response.php
@@ -112,13 +112,6 @@ class Response extends \yii\base\Response
 	 */
 	public $charset;
 	/**
-	 * @var integer the HTTP status code that should be used when redirecting in AJAX mode.
-	 * This is used by [[redirect()]]. A 2xx code should normally be used for this purpose
-	 * so that the AJAX handler will treat the response as a success.
-	 * @see redirect
-	 */
-	public $ajaxRedirectCode = 278;
-	/**
 	 * @var string
 	 */
 	public $statusText;
@@ -565,17 +558,22 @@ class Response extends \yii\base\Response
 
 	/**
 	 * Redirects the browser to the specified URL.
+	 *
 	 * This method will send out a "Location" header to achieve the redirection.
+	 *
 	 * In AJAX mode, this normally will not work as expected unless there are some
 	 * client-side JavaScript code handling the redirection. To help achieve this goal,
-	 * this method will use [[ajaxRedirectCode]] as the HTTP status code when performing
-	 * redirection in AJAX mode. The following JavaScript code may be used on the client
-	 * side to handle the redirection response:
+	 * this method will send out a "X-Redirect" header instead of "Location".
+	 *
+	 * If you use the "yii" JavaScript module, it will handle the AJAX redirection as
+	 * described above. Otherwise, you should write the following JavaScript code to
+	 * handle the redirection:
 	 *
 	 * ~~~
-	 * $(document).ajaxSuccess(function(event, xhr, settings) {
-	 *     if (xhr.status == 278) {
-	 *         window.location = xhr.getResponseHeader('Location');
+	 * $document.ajaxComplete(function (event, xhr, settings) {
+	 *     var url = xhr.getResponseHeader('X-Redirect');
+	 *     if (url) {
+	 *         window.location = url;
 	 *     }
 	 * });
 	 * ~~~
@@ -597,8 +595,7 @@ class Response extends \yii\base\Response
 	 * Any relative URL will be converted into an absolute one by prepending it with the host info
 	 * of the current request.
 	 *
-	 * @param integer $statusCode the HTTP status code. If null, it will use 302
-	 * for normal requests, and [[ajaxRedirectCode]] for AJAX requests.
+	 * @param integer $statusCode the HTTP status code. If null, it will use 302.
 	 * See [[http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html]]
 	 * for details about HTTP status code
 	 * @return Response the response object itself
@@ -613,11 +610,14 @@ class Response extends \yii\base\Response
 		if (strpos($url, '/') === 0 && strpos($url, '//') !== 0) {
 			$url = Yii::$app->getRequest()->getHostInfo() . $url;
 		}
-		if ($statusCode === null) {
-			$statusCode = Yii::$app->getRequest()->getIsAjax() ? $this->ajaxRedirectCode : 302;
+
+		if (Yii::$app->getRequest()->getIsAjax()) {
+			$this->getHeaders()->set('X-Redirect', $url);
+		} else {
+			$this->getHeaders()->set('Location', $url);
 		}
-		$this->getHeaders()->set('Location', $url);
 		$this->setStatusCode($statusCode);
+
 		return $this;
 	}