When used in a Palo Alto Networks custom threat signature, a string context defines the specific protocol field or data buffer where the signature matching engine performs its search. Rather than scanning an entire packet, contexts allow administrators to restrict pattern matching to precise locations, such as http-req-host-str for domain names, http-req-url-path-str for URIs, or dns-req-query-name for DNS requests. By scoping the search to a relevant protocol element, the firewall significantly improves inspection performance and ensures that signatures only trigger when a pattern appears in the correct logical part of the traffic flow, such as a command in an SMTP header or a specific parameter in a web request.