Content-Encoding is an HTTP header that tells a client or server how the message body has been compressed or transformed. Common values include gzip and deflate. When a server receives a request with this header, it may try to decode the body before processing it.
In cyber security, this matters because decompression happens inside the request handling path. A malformed or unexpected Content-Encoding value can trigger parser bugs, resource exhaustion, or crashes in services that do not validate input carefully. Attackers often use such headers in crafted HTTP requests to reach code paths that are rarely tested, especially on internet-facing services. Defenders should validate supported encodings, reject invalid combinations, monitor for suspicious compressed traffic, and keep web and file-transfer services patched so that request decoding does not become an availability risk.