The following regular expression used for parsing the HTTP header is vulnerable to ReDoS:

/(?:charset|encoding)\s*=\s*['"]? *([\w\-]+)/i

The slowdown is moderate: for 30.000 characters around 4 seconds matching time. I would suggest one of the following:

• remove the regex,
• anchor the regex,
• limit the number of characters that can be matched by the repetition,
• limit the input size.

If needed, I can provide an actual example showing the slowdown.