Feedback needed for my XSS and CSRF in php contact form

Hello, i am new to php security and i try to learn it applying it to mail() function in a contact form.

Can you please comment on my code if i do the XSS and CSRF correctly with ajax and is it secure enough or maybe i need to add something? please ignore the front end its just some copy paste.

2)Do i really need data validation checks in my mailer.php because i use the html5 form validation checks is that ok?

3)And do i need another die(); after the mail was send line 43 1)comment and maybe that unset line 47 2)comment is not needed? i am not sure about it.

4)Do i need google recaptcha? or CSRF only it’s fine so the bots dont spam me?

I pasted the code in here(i dont know any better way to show it to you guys and its not in a proper way in those fields in JSfiddel its just a paste so you dont hurt your eyes reading the code)

Its working in the link below and i tested XSS but i dont know about CSRF or any other mistakes.