I see that there is two ways to check CSRF

First way could be in a form:

$csrf = new Hidden('csrf');

    $csrf->addValidator(new Identical(array(
        'value' => $this->security->getSessionToken(null, null, false),
        'message' => 'CSRF validation failed'
    <input type="hidden" name="crsf}" value="{{ security.getToken() }}">    

Second way is to encrypt the name and value, like in the first exampel the name was just Csrf: if ($this->security->checkToken(null, null, false)) { // continue }

<input type="hidden" name="{{ security.getTokenKey() }}" value="{{ security.getToken() }}">

Which type should i use?

Well i think the first option is nice, cuz you dont have additional code block in your code :)

But what is it the safest way?

Both are imho safe, the first option looks better.