pub const CAVAGE_REQUIRED_HEADERS: &[&str];Expand description
Minimum Cavage header set every compliant verifier should enforce.
The three names together bind the signature to the exact request URI — omitting any of them lets an intermediary replay a captured signature against a different path or a different virtual host. Mastodon’s own verifier hard-codes this requirement, so matching it keeps us bug-for-bug compatible with the reference Fediverse implementation.