Google App Engine adding cache-control and other headers

Question

I have a Flask application on Google App Engine and I want to tell browsers to cache a response that uses the Cache-Control header. It works as expected on dev_appserver.py but when deployed to App Engine the headers are modified and break the cache header.

Here is the Flask view in particular:

@app.route("/resource")
def resource():
    response = make_response(render_template("resource.html"))
    response.headers['Cache-Control'] = "max-age=31536000"
    logging.error("HEADERS: {}".format(response.headers))
    return response

The logs for both development server and App Engine show:

Content-Type: text/html; charset=utf-8
Content-Length: 112628
Cache-Control: max-age=31536000

When I run it with the development app server it works as expected, as you can see from the headers below.

When I open Chrome's development tools the headers for App Engine are:

alternate-protocol:443:quic
cache-control:no-cache, must-revalidate
content-encoding:gzip
content-length:19520
content-type:text/html; charset=utf-8
date:Wed, 22 Jan 2014 19:53:47 GMT
expires:Fri, 01 Jan 1990 00:00:00 GMT
pragma:no-cache
server:Google Frontend
set-cookie:session=; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
status:200 OK
strict-transport-security:max-age=31536000
vary:Accept-Encoding
version:HTTP/1.1
x-appengine-estimated-cpm-us-dollars:$0.002267
x-appengine-resource-usage:ms=7388 cpu_ms=5069
x-frame-options:DENY
x-ua-compatible:chrome=1

In contrast the development app server headers are as expected:

Cache-Control:max-age=31536000, private
Content-Length:112628
content-type:text/html; charset=utf-8
Date:Wed, 22 Jan 2014 19:57:05 GMT
Expires:Wed, 22 Jan 2014 19:57:05 GMT
Server:Development/2.0
set-cookie:session=; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
x-frame-options:DENY
x-ua-compatible:chrome=1

Of course I have checked to make sure that I am not adding the extra headers, and I could find no reference of the cache-related headers (pragma, expires and cache-control) being added outside the given view.

So it seems App Engine is adding a bunch of headers when deployed, which seems unusual. What might I have overlooked?

-- EDIT --

As @dinoboff noted from the docs in a comment below:

Cache-Control, Expires and Vary

These headers specify caching policy to intermediate web proxies (such as Internet Service Providers) and browsers. If your script sets these headers, they will usually be unmodified, unless the response has a Set-Cookie header, or is generated for a user who is signed in using an administrator account.

Answer 1

These headers are additional headers that are added because you are looking at the site as a logged in admin user. They will not be present for "normal" users.

This blog post talks about the X-AppEngine-Resource-Usage header specifically: http://googleappengine.blogspot.co.uk/2009/08/new-features-in-124.html

And as they note:

You can view these headers using plugins such as Firefox's Live HTTP Headers or Firebug. Note that only logged in administrators see these figures - ordinary users, and users who aren't logged in, won't see them at all.