bmcweb: Add X-Content-Type-Options header

Because we should always be posting the correct mime type on all of our
pages, add a "nosniff" flag, to improve our protection against injection
attacks.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

Change-Id: I4a311948e5e157b4071effddff577c73b65d7af1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp
index 872f4aa..237438b 100644
--- a/include/security_headers_middleware.hpp
+++ b/include/security_headers_middleware.hpp
@@ -39,6 +39,7 @@
         res.addHeader("X-Content-Security-Policy", "default-src 'self'");
         res.addHeader("X-XSS-Protection", "1; "
                                           "mode=block");
+        res.addHeader("X-Content-Type-Options", "nosniff");
         res.addHeader("X-UA-Compatible", "IE=11");
 
 #ifdef BMCWEB_INSECURE_DISABLE_XSS_PREVENTION