Which is a very welcome step. but it is not adhering to the policies set by domain. e.g. I am not using X-Content-Type-Options this header is disabled (origin and on cloudflare both) on my website but this rocket-loader script has this header
same it also has this header
How can I remove these headers?