Add a couple security headers

[grahamc]

Summary by CodeRabbit

• Security
  • Implemented additional HTTP security headers to protect against clickjacking and MIME-type sniffing vulnerabilities.

[netlify]

✅ Deploy Preview for zero-to-nix ready!

Name	Link
🔨 Latest commit	f17e6c5
🔍 Latest deploy log	https://app.netlify.com/projects/zero-to-nix/deploys/6a3abdb0ad7969000897a301
😎 Deploy Preview	https://deploy-preview-550--zero-to-nix.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 26fafdb9-0167-4359-961c-46cc10355164

📥 Commits

Reviewing files that changed from the base of the PR and between 5983cc2 and e10cb85.

📒 Files selected for processing (1)

• netlify.toml

---

📝 Walkthrough

Walkthrough

Adds a [[headers]] block to netlify.toml that applies two security-related HTTP response headers — X-Frame-Options: DENY and X-Content-Type-Options: nosniff — to all paths (/*).

Changes

Security Headers Configuration

Layer / File(s)	Summary
Global security headers netlify.toml	Adds a [[headers]] block scoped to /* that sets X-Frame-Options = "DENY" and X-Content-Type-Options = "nosniff".

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A rabbit hops through headers galore,
"No sneaky frames shall pass my door!"
With nosniff set and DENY in place,
The site stands guard with security's grace.
🐇✨ Safe paths ahead, forevermore!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add a couple security headers' directly and clearly describes the main change in the pull request, which adds HTTP security headers (X-Frame-Options and X-Content-Type-Options) to netlify.toml.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch graham/eng-1294

---

_{Comment @coderabbitai help to get the list of available commands.}