Attackers often use Brotli compression to bypass traditional security mechanisms. To close this visibility gap and improve security, the Content-Based Threat Detection (CTD) engine, used by Palo Alto Networks NGFWs, now supports Brotli decompression for improved analysis and threat detection of HTTP content. Brotli is a high-efficiency data compression format that Google developed for HTTP web applications and content. Palo Alto Networks Security subscription services, such as Advanced Threat Prevention, Advanced WildFire, and Advanced URL Filtering, rely on the CTD engine to facilitate traffic inspection. With the addition of the Brotli decoder, the CTD engine now processes traffic that it previously dropped or passed through the network as an unsupported content-encoding type, making the traffic available for inspection by various Palo Alto Networks content inspection features. This includes, but is not limited to, Precision AI® optimized features such as Advanced WildFire: Inline Cloud Analysis, Advanced Threat Prevention: Inline Cloud Analysis, and Inline Deep Learning Analysis for Advanced URL Filtering. This also applies to any HTTP traffic payloads that a configured and enabled security policy processes. This new capability allows for broader visibility into traffic. When you enable the feature, the existing content decoder framework integrates this software-based Brotli library.