Laravel Not Adding Custom Headers
Try this out: In the controller function that calls the view, follow with a call to the 'Response' class:
$contents = View::make('your_view')->with('data', $data);$response = Response::make($contents, 200);$response->header('X-Frame-Options','deny'); // Anti clickjacking$response->header('X-XSS-Protection', '1; mode=block'); // Anti cross site scripting (XSS)$response->header('X-Content-Type-Options', 'nosniff'); // Reduce exposure to drive-by dl attacks$response->header('Content-Security-Policy', 'default-src \'self\''); // Reduce risk of XSS, clickjacking, and other stuff // Don't cache stuff (we'll be updating the page frequently)$response->header('Cache-Control', 'nocache, no-store, max-age=0, must-revalidate');$response->header('Pragma', 'no-cache');$response->header('Expires', 'Fri, 01 Jan 1990 00:00:00 GMT');return $response;
Of course you could refactor the above and include it in a helper function.
Also an option:
return Response::view('view_name', [ 'data' => $data, ])->header('X-Frame-Options','deny');
Found in: http://laravel.com/docs/4.2/responses#basic-responses
Look at Creating Custom Responses
return response($content) ->header('Content-Type', $type) ->header('X-Header-One', 'Header Value') ->header('X-Header-Two', 'Header Value');
laravel 5.8