It's got the same functionality as an Accept-Encoding HTTP header. It's meant to provide some information to the far end so that it can drive better behaviour. You can "impersonate" a client that isn't compatible and get junk data and there's no cryptographic protection against that.