This is related to the post https://security.stackexchange.com/questions/23371/csrf-protection-with-custom-headers-and-without-validating-token/23373#23373?newreg=9acf3e40d05f4d19a00eb58b160f8453
So if we have decided to use Custom Header Validation as a option for CSRF protection and if we need to use some other custom header other than "X-Requested-By" then what is the best way to do that
From the source code of CsrfProtectionFilter, the header to validate is defined as a private static variable. So it is not possible to change the header to validate.
private static final String HEADER_NAME = "X-Requested-By";
It is good to stick to the standards and use X-Requested-By.
But, still if you want to validate a separate header, you need to write your own filter, which is very easy. Just copy the class and change the header (which is not recommended)