Add CSRF to My AJAX / JSON API Calls

My [React / Vue / plain JS] frontend makes AJAX requests to my [Django / Rails / Express] backend using session cookies. Set up CSRF protection for these requests.

Walk me through:
1. The double-submit cookie pattern: server sets a CSRF cookie, frontend reads it and sends it back in a header like X-CSRF-Token
2. Exactly where to set the cookie on the backend and how to read it in the frontend
3. Which fetch/axios interceptor to add so I do not have to remember the header on every call
4. What the server should do when the header is missing or does not match (reject with 403)

My stack: [your backend and frontend frameworks here]

Show working code for one endpoint end to end. I am learning, so explain each part simply.