Search by 
vitamin2 / juicebox
This is the core Statamic addon used by VITAMIN 2.
Maintainers
0.1.0
2026-06-02 09:35 UTC
Requires
- php: ^8.5
- statamic/cms: ^6.0
Requires (Dev)
- orchestra/testbench: ^10.8
- spatie/laravel-ray: ^1.43
This package is auto-updated.
Last update: 2026-06-23 15:48:45 UTC
README
This is the core Statamic addon used by VITAMIN 2.
How to Install
You can install this addon via Composer:
composer require vitamin2/juicebox
Features
Secure Headers Middleware
Vitamin2\Juicebox\Features\SecureHeaders\Http\Middleware\SetSecureHeaders
Appends security-related HTTP response headers to every request. Registered automatically via the service provider.
| Header | Default value | Purpose |
|---|---|---|
Strict-Transport-Security | max-age=31536000 | Force HTTPS for 1 year. Only set on secure (HTTPS) requests. |
X-Frame-Options | SAMEORIGIN | Prevent clickjacking by controlling iframe embedding. |
X-Content-Type-Options | nosniff | Stop browsers from MIME-sniffing responses away from the declared content type. |
Referrer-Policy | strict-origin-when-cross-origin | Limit referrer info sent with cross-origin requests. |
Configuration
Publish the config file:
php artisan vendor:publish --tag=statamic-juicebox-secure-headers-config
| Key | Default | Accepted values |
|---|---|---|
enabled | true | true, false |
strict_transport_security | 'max-age=31536000' | Valid HSTS directive string, false |
x_frame_options | 'SAMEORIGIN' | 'DENY', 'SAMEORIGIN', false |
x_content_type_options | 'nosniff' | 'nosniff', false |
referrer_policy | 'strict-origin-when-cross-origin' | Any valid policy string, false |
Set any value to false to omit that header entirely.
Environment variables
| Variable | Default | Description |
|---|---|---|
JUICEBOX_SECURE_HEADERS_ENABLED | true | Master toggle — disables all headers when false. |