Setting Response Headers - HttpRequestProcessor - Single Item

ResponseHeadersSingleItem.cs

using System;
using Sitecore;
using Sitecore.Data;
using Sitecore.Pipelines.HttpRequest;

namespace YourProject.Core.Processors
{
    public class ResponseHeaders : HttpRequestProcessor
    {
        private readonly ID _responseHeadersItem = new ID("{2C9586BD-4384-4DBF-B595-CF914572B9CD}");
        private const string CspFieldName = "Content Security Policy";
        private const string XFrameOptionsFieldName = "X Frame Options";

        public override void Process(HttpRequestArgs args)
        {
            if (Context.Item == null || Context.Database == null ||
            !Context.Site.Name.Equals("yourSiteName", StringComparison.InvariantCultureIgnoreCase))
            {
                return;
            }

            var responseHeadersItem = Context.Database.GetItem(_responseHeadersItem);
            if (responseHeadersItem == null)
            {
                return;
            }

            if (!string.IsNullOrEmpty(responseHeadersItem[CspFieldName]))
            {
                args.Context.Response.Headers["Content-Security-Policy"] = responseHeadersItem[CspFieldName];
            }

            if (!string.IsNullOrEmpty(responseHeadersItem[XFrameOptionsFieldName]))
            {
                args.Context.Response.Headers["X-Frame-Options"] = responseHeadersItem[XFrameOptionsFieldName];
            }
        }
    }
}