Your custom response header will have no effect on any web browser, and it will not be included with any subsequent requests made by the browser. It is therefore completely useless for preventing cross-site request forgery.
As I said
last time you posted this question[
^], you need to explain precisely why you think the anti-XSRF system extensively across the internet is somehow not suitable for your application. If you can't provide a cogent response to that, then you need to stop trying to reinvent the wheel.