HPACK is the header-compression scheme used by HTTP/2. It reduces repeated request and response header overhead by encoding values more efficiently and by using a dynamic table that both endpoints maintain for the connection. This improves speed and bandwidth use, but it also means the server must track per-connection state.
In cyber security, HPACK matters because state can become a resource-pressure point. Attackers may send many requests with large, changing, or carefully crafted headers to force extra parsing, table updates, and memory use. In a denial-of-service scenario, that can contribute to worker exhaustion or memory pressure even when payloads are small. Defenders reduce risk by setting strict limits on header size, table size, stream counts, and connection lifetime, especially at reverse proxies and edge servers.