Confused about Rocket Loader header

Hi,

I have enabled security headers in Cloudflare.

It ads these headers in every request I made.

expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

But for rocket loader these headers are different.

ETag: "6283f7a4-302c"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 70f3742d490581e2-IAD
X-Frame-Options: DENY

Now I am confused about one header. X-Frame-Option. For whole site it is sameorigin but for rocket loader it is DENY why?

Neither it has referrer-policy added.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.