Set x-content-type-options for static content

Author: rorymckinley

CHANGELOG.md

@@ -22,6 +22,8 @@ and this project adheres to
 - Add test gauge metric that can be used to set arbitrary values for the purposes
   of triggering behaviour in metric consumers.
   [3510](https://github.com/OpenFn/lightning/issues/3510)
+- Enable X-Content-Type-Options header for static pages.
+  [#3534](https://github.com/OpenFn/lightning/issues/3534)
 
 ### Changed
 

lib/lightning_web/endpoint.ex

@@ -36,7 +36,10 @@ defmodule LightningWeb.Endpoint do
     at: "/",
     from: :lightning,
     gzip: true,
-    only: LightningWeb.static_paths()
+    only: LightningWeb.static_paths(),
+    headers: [
+      {"x-content-type-options", "nosniff"}
+    ]
 
   if Code.ensure_loaded?(Tidewave) do
     plug Tidewave