headers->set('X-Frame-Options', 'SAMEORIGIN'); return $response; } }