Unusual Accept types may indicate API probing, deserialization attempts, or non-browser automation
Hunting
Statistics → Conversations → IPv4
Statistics → Endpoints → IPv4
Statistics → Protocol Hierarchy
Statistics → IO Graph
Red Flags
Accept: application/jsonagainst normal HTML siteAccept: application/xml(possible XXE context)Accept: */*repeatedly (automation default)Accept: application/x-java-serialized-objectAcceptheader missing entirely- Rapid switching between content types
Filters
# Content negotiation abuse
http.accept matches "(?i)(application|text)/\*"
# JSON probing on non-API endpoint
http.accept contains "application/json"
# XML probing (possible XXE context)
http.accept contains "application/xml"
# Java deserialization context
http.accept contains "application/x-java-serialized-object"
# Wildcard automation header
http.accept == "*/*"
# Missing Accept header
http.request and not http.accept