Currently, there are no way to verify that the plugin was served through the access control handler. Adding the ability to verify this without touching code or doing some crazy tests is crucial.

For more information refer to the https://aamporta.com/plugin/protected-media-files/installation#verify-file-redirects