From our origin server we are sending back - X-Frame-Options SAMEORIGIN. However, when it goes through cloudflare this is removed from the response. Note that this is on a favicon.png file. Any thoughts on why this is happening and what we can do to resolve?
UPDATE: It appears that the header is not suppressed on html files, but is on js and png files.