feat: x-frame security options (prisma#1656)

Author: nilubava

netlify.toml

@@ -12,6 +12,12 @@ INDEX_ALGOLIA = "true"
   for = "/*"
   [headers.values]
     Access-Control-Allow-Origin = "https://www.prisma.io"
+    Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+    Content-Security-Policy = "default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content"
+    X-Frame-Options = "DENY"
+    X-Content-Type-Options = "nosniff"
+    Referrer-Policy = "no-referrer"
+    Feature-Policy = "microphone 'none'; geolocation 'none'"
 
 [[redirects]]
   from = "/docs/*"