send() on response doesn't have certain headers

Hi, I'm making an API but I'm having quite some trouble with CORS-errors. I'm using Laravel 9.4.1.

The classic CORS-error:

Access to fetch at '<link>/api/users/6/posts' from origin '<local>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I'm trying to send a response from a class my controller uses, using response($data)->send();. I'm noticing however that when I do this, no Access-Control-Allow-Origin: * is present, resulting in CORS-errors on my client. X-RateLimit-Limit and X-RateLimit-Remaining headers are also missing. Adding a status code doesn't help, by the way.

Why is it that when using send(), these headers are not applied automatically? When I simply do return response('Test'); in my controller for example (so simply returning), these headers are present.

I know I can do the following to add the Access-Control-Allow-Origin header manually, but then I'm still missing the RateLimit headers:

response($this->service->getResult())->withHeaders([
    "Access-Control-Allow-Origin" => "*"
])->send();

Ideally, I don't want to return a response in my controller since I'd have to pass my response around.

Maybe there's another way to 'force' send a response from outside your controller that auto-applies all the extra Laravel stuff? I actually don't see the send method shown on the validation section in the Laravel docs.

Many thanks