The Slowloris denial-of-service attack from 2009 works by abusing exactly this keep-alive lifecycle, opening many connections and trickling headers slowly enough to exhaust a server's connection pool without ever closing them. Every production server config you'll touch — nginx's keepalive_timeout, Apache's KeepAliveTimeout — tunes the same Connection-header behavior you implement in this task.