All three files have custom headers with x-frame-origins (the other two have SAMEORIGIN instead of DENY)and x-content-type-option 'nosniff' (which stops attacks on the site as well as displays the content correctly regardless of browser by stopping MIME type requests).
The c2.txt file contains less information than the other two text files. The c2.txt file does not set cookies, doesn't contain content-length, and is without 'cache-control: no-store no-cache must-revalidate' (which means the response is not to cache directive, no-cach pushes for a validation request for cache, and must-revalidate will trigger when the resource is considered stale).