The following WordPress site is behind Cloudflare, currently with " Scrape Shield", “Hotlink Protection” off:
When “Hotlink Protection” is on the article image is downloaded by Discourse to display in the onebox but the favicon is not (in Firefox this is clear as there is an empty box):
This is the HTML source:
<img src="https://www.thenews.coop/wp-content/uploads/favicon-1.ico" class="site-icon" width="64" height="64">
With “Hotlink Protection” on the favicon is not displayed due to the Cloudflare serving a “Error 1011, Access denied”.
I was also wondering, has the downloading and serving locally, of favicons been considered for cases where Cloudflare’s “Hotlink Protection” is on?