dakshraman / laravel-browser-guard
A Laravel package to discourage right-click, shortcut keys, and casual DevTools access in the browser.
Maintainers
Package info
github.com/dakshraman/laravel-browser-guard
pkg:composer/dakshraman/laravel-browser-guard
Requires
- php: ^7.1.3|^8.0
- illuminate/support: ^5.8|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0|^12.0
Requires (Dev)
- orchestra/testbench: ^8.0|^9.0|^10.0
- pestphp/pest: ^2.0|^3.0
- pestphp/pest-plugin-laravel: ^2.0|^3.0|^4.0
This package is auto-updated.
Last update: 2026-04-22 04:28:03 UTC
README
A Laravel package that discourages:
- right click / context menu
- selected shortcut keys like
F12,Ctrl+Shift+I,Ctrl+Shift+J,Ctrl+Shift+C,Ctrl+U - casual DevTools opening through simple browser-side detection
Important note
This package does not provide real security. Anything running in the browser can be bypassed by a determined user. Use it only as a UI deterrent, not as a protection layer for sensitive data.
Installation
composer require dakshraman/laravel-browser-guard php artisan browser-guard:install
Or publish manually:
php artisan vendor:publish --tag=browser-guard-config php artisan vendor:publish --tag=browser-guard-assets
Add the script to your layout
In your main Blade layout, just before </body>:
@browserGuardScripts
Usage modes
1. Global mode
In config/browser-guard.php:
'mode' => 'global',
The script will load wherever @browserGuardScripts exists.
2. Middleware mode
In config/browser-guard.php:
'mode' => 'middleware',
Then apply the middleware only to routes you want to protect:
Route::middleware('browser.guard')->group(function () { Route::get('/protected-page', function () { return view('welcome'); }); });
Useful config
'enabled' => true, 'block_right_click' => true, 'block_shortcuts' => true, 'detect_devtools' => true, 'show_alert' => true, 'alert_message' => 'This action is disabled on this page.', 'devtools_action' => 'alert', // alert | redirect | blank 'devtools_redirect_url' => '/',
Custom shortcuts
'shortcuts' => [ ['key' => 'F12'], ['ctrl' => true, 'shift' => true, 'key' => 'I'], ['ctrl' => true, 'shift' => true, 'key' => 'J'], ['ctrl' => true, 'shift' => true, 'key' => 'C'], ['ctrl' => true, 'key' => 'U'], ],
Excluding paths
'except_paths' => [ 'admin/api/*', 'health-check', ],
File structure
browser-guard/
├── composer.json
├── config/
│ └── browser-guard.php
├── resources/
│ ├── js/
│ │ └── browser-guard.js
│ └── views/
│ └── script.blade.php
└── src/
├── BrowserGuardServiceProvider.php
├── Commands/
│ └── InstallBrowserGuardCommand.php
└── Middleware/
└── BrowserGuardMiddleware.php
Suggested improvements
If you want this package to feel more production-ready, the next upgrades are:
- add tests with Orchestra Testbench
- add a facade or helper for runtime toggling
- add a small toast UI instead of
alert() - add IP/user-based exemptions
- add an inline-script fallback when published assets are missing
License
MIT