Thank you for the question! So the accept part of the header is stating what formats the client is willing to accept as a response from the server, in general this wouldn’t always indicate XXE possibility.

The main thing to look out for in the header is Content-Type: application/xml. If this is present, it means that data is being sent in XML format, so XXE is possible to obtain