Prevent using Back button to see Sensitive Content

A security issue that can occur if pages aren't re-validated is that if someone was to use the Back button on the browser, they will be able to see potentially sensitive content. To prevent this in Laravel a Middleware can be created to set the page headers to not cache the page data.

<?php

namespace App\Http\Middleware;

use Closure;

class Revalidate  
{
    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        return $response->header('Cache-Control', 'nocache, no-store, max-age=0,     
                                  must-revalidate')
        ->header('Pragma', 'no-cache')
        ->header('Expires', 'Fri, 01 Jan 1990 00:00:00 GMT');
    }
}

This can then be added to the Kernel File. If added under $middleware then it will be added to every page.

    /**
     * The application's global HTTP middleware stack.
     *
     * @var array
     */
    protected $middleware = [
        \App\Http\Middleware\Revalidate::class,
    ]; 

It can also be added to specific routes using $routeMiddleware

'revalidate' => \App\Http\Middleware\Revalidate::class,  

or to $middlewareGroups so that it runs on all pages within a certain group. In this case it will run on all pages in the 'auth' group.

    /**
    * The application's route middleware groups.
    *
    * @var array
    */
    protected $middlewareGroups = [
        'auth' => [
            \App\Http\Middleware\Authenticate::class,
            \App\Http\Middleware\Revalidate::class,
        ],

        'api' => [
            'throttle:60,1',
            'auth:api',
        ],
    ];






Original solution that I modified for my needs: https://stackoverflow.com/a/42057397