Validate ZAP scan findings and remediate

As part of our compliance process, we must address any findings generated through the ZAP scan against the dashboard in the development environment. The two most notable include:

• Content Security Policy (CSP) Header Not Set (Medium)
• Hidden File Found (Medium)

Additional details can be found in the generated report

Resources:

• https://nextjs.org/docs/app/building-your-application/configuring/content-security-policy

Acceptance Criteria

• Validate that the above findings are not false positives
• Address findings to remove and Medium or higher findings
• Validate changes by re-running ZAP scan