headers->set('X-content-type-options','nosniff'); $response->headers->set('X-xss-protection','1; mode=block'); //cache $response->headers->set('pragma','no-cache'); $response->headers->set('Expires','-1'); $response->headers->set('cache-control','no-store, must-revalidate, no-cache'); return $response; } }