Add X-Content-Type-Options header globally in VirtualHost

Set X-Content-Type-Options: nosniff at the VirtualHost level to ensure
all responses (including /custom.css and /robots.txt) have the header,
not just assets under /assets and /packs paths.

CP4AIOPS-448

Author: jrafanie

COPY/etc/httpd/conf.d/manageiq-https-application.conf

@@ -13,6 +13,7 @@ Include conf.d/manageiq-redirects-websocket
 Include conf.d/manageiq-host-config
 RequestHeader set X_FORWARDED_PROTO 'https'
 Header always set Strict-Transport-Security "max-age=631138519"
+Header always set X-Content-Type-Options "nosniff"
 
 ErrorLog /var/www/miq/vmdb/log/apache/ssl_error.log
 TransferLog /var/www/miq/vmdb/log/apache/ssl_access.log