Design advice for a utility method that doesnt really belong in a class

What you are looking for basically is known as a Filter. A filter is a piece of utility code that can run immediately before or after a controller action and is used for things such as authorization, caching, or logging.

A similar type of utility code is known as Middleware. Middleware is made up of the first and last piece of your code that a request receives, and can perform much of the same functions as a filter.
Middleware fills many of the same roles as HttpModules did in earlier versions of ASP.NET (not Core).

Both of the above can "short-circuit" a request and send a response without being processed by a controller.

The key difference between Filters and Middleware is that Middleware is applied to ALL requests while Filters are applied at the Controller or Action level.
This is the choice you have to decide on- IF all of your requests need to have a HeaderValidation then you go with Middleware. If only half of your requests need to go through this then you go with a Filter.
The "grey area" is if only a few requests don't need it, you could write a "special exclusion" into Middleware for specific requests as needed.

Filters in ASP.NET Core | Microsoft Docs[^]
Exploring Middleware as MVC Filters in ASP.NET Core 1.1[^]
Middleware vs Filters ASP. NET Core - The .NET Cultist[^]

Extending the controller base class with validating method could be an option. If you make it virtual, you could even override it for more specific needs eventually. But that means that you will have to change all your controllers and make them inherit from extended controller.

On the other hand, you could create a static validation method in a helper class. This would discharge you from having to instantiate it everytime you want to validate.