This happens when there is a confusion between frontend(ex:apache/nginx) & backend on which header to prioritize between content-length & transfer-encoding.
Best Explaination - https://www.youtube.com/watch?v=mijOcGLneLUImpact - Self XSS to Refected, Open Redirect, Somecases Credential Theft.
Remediation - Both Frontend & Backend must prioritize same headers.