diff --git a/autopush/endpoint.py b/autopush/endpoint.py
index e76f4a42..a051d42d 100644
--- a/autopush/endpoint.py
+++ b/autopush/endpoint.py
@@ -410,6 +410,19 @@ def put(self, api_ver="v0", token=None):
         self.start_time = time.time()
         crypto_key_header = self.request.headers.get('crypto-key')
 
+        content_encoding = self.request.headers.get('content-encoding', "")
+        if content_encoding.lower() == 'aesgcm128' and crypto_key_header:
+            self.log.debug("Invalid crypto state; aesgcm128 + Crypto-Key",
+                           **self._client_info)
+            wpe_url = ("https://developers.google.com/web/updates/2016/03/"
+                       "web-push-encryption")
+            self._write_response(
+                400,
+                110,
+                message="You're using outdated encryption; "
+                "Please update to the format described in " + wpe_url)
+            return
+
         d = deferToThread(self.ap_settings.parse_endpoint,
                           token,
                           api_ver,
diff --git a/autopush/router/apnsrouter.py b/autopush/router/apnsrouter.py
index 5737235a..7f21325b 100644
--- a/autopush/router/apnsrouter.py
+++ b/autopush/router/apnsrouter.py
@@ -66,8 +66,8 @@ def _route(self, notification, router_data):
         """Blocking APNS call to route the notification"""
         token = router_data["token"]
         custom = {
-          "Chid": notification.channel_id,
-          "Ver": notification.version,
+            "Chid": notification.channel_id,
+            "Ver": notification.version,
         }
         if notification.data:
             custom["Msg"] = notification.data
diff --git a/autopush/tests/test_endpoint.py b/autopush/tests/test_endpoint.py
index 51b39e16..f01b1fe6 100644
--- a/autopush/tests/test_endpoint.py
+++ b/autopush/tests/test_endpoint.py
@@ -207,11 +207,14 @@ def setUp(self, t):
         self.endpoint.finish = lambda: d.callback(True)
         self.endpoint.start_time = time.time()
 
-    def _check_error(self, code, errno, error):
+    def _check_error(self, code, errno, error=None, message=None):
         d = json.loads(self.write_mock.call_args[0][0])
         eq_(d.get("code"), code)
         eq_(d.get("errno"), errno)
-        eq_(d.get("error"), error)
+        if error is not None:
+            eq_(d.get("error"), error)
+        if message:
+            eq_(d.get("message"), message)
 
     def test_uaid_lookup_results(self):
         fresult = dict(router_type="test")
@@ -315,6 +318,21 @@ def handle_finish(result):
         self.endpoint.post(None, dummy_uaid)
         return self.finish_deferred
 
+    def test_webpush_malformed_encryption(self):
+
+        def handle_finish(value):
+            err_msg = ("You're using outdated encryption; Please update "
+                       "to the format described in "
+                       "https://developers.google.com/web/updates/2016/"
+                       "03/web-push-encryption")
+            self._check_error(400, 110, message=err_msg)
+        self.request_mock.headers["content-encoding"] = "aesgcm128"
+        self.request_mock.headers["crypto-key"] = "content"
+
+        self.finish_deferred.addCallback(handle_finish)
+        self.endpoint.put(None, dummy_uaid)
+        return self.finish_deferred
+
     def test_webpush_bad_routertype(self):
         fresult = dict(router_type="fred")
         self.endpoint.chid = dummy_chid