When multiple Accept headers are sent, some are transferred in the introspection request.

[anestos]

If the calling client sends more than one Accept header, i.e Accept: application/json Accept: application/json, the request to the introspection endpoint done by the module will also include an extra Accept header (Accept: application/jwt, Accept: application/json). This causes the identity server to not always choose to reply with JWT.

The module should always only send one Accept header in the introspection subrequest, no matter how many the client originaly sent