Django provides a middleware for setting up various security options. The vast majority of these are things that are highly dependent on the particulars of the deployment, but using any of them require the middleware to be enabled. With this, server admins could set up things like HSTS or referrer policies by setting the relevant keys in their settings_local.py file. This change adds it to our middleware, and turns on X-Content-Type-Options: nosniff, which is harmless to our normal usage, and can prevent a bunch of complaining from some security scanning tools. Testing Done: - Ran unit tests. - Loaded a page and verified that the nosniff header was now present.