Search by 
vitamin2 / juicebox
This is the core Statamic addon used by VITAMIN 2.
Maintainers
0.1.0
2026-06-02 09:35 UTC
Requires
- php: ^8.5
- statamic/cms: ^6.0
Requires (Dev)
- orchestra/testbench: ^10.8
- spatie/laravel-ray: ^1.43
README
This is the core Statamic addon used by VITAMIN 2.
How to Install
You can install this addon via Composer:
composer require vitamin2/juicebox
Features
Secure Headers Middleware
Vitamin2\Juicebox\Http\Middleware\SetSecureHeaders
Appends security-related HTTP response headers to every request. Registered automatically via the service provider.
| Header | Default value | Purpose |
|---|---|---|
Strict-Transport-Security | max-age=31536000 | Force HTTPS for 1 year. Only set on secure (HTTPS) requests. |
X-Frame-Options | SAMEORIGIN | Prevent clickjacking by controlling iframe embedding. |
X-Content-Type-Options | nosniff | Stop browsers from MIME-sniffing responses away from the declared content type. |
Referrer-Policy | strict-origin-when-cross-origin | Limit referrer info sent with cross-origin requests. |
Configuration
Publish the config file:
php artisan vendor:publish --tag=juicebox-config
Override any header value in config/juicebox.php:
'secure_headers' => [
'strict_transport_security' => 'max-age=63072000; includeSubDomains',
'referrer_policy' => 'no-referrer',
],
Set any header to false to disable it entirely:
'secure_headers' => [
'x_frame_options' => false,
],