Burp Suite: Accept-Encoding Header Missing

TL;DR

Burp Suite isn’t automatically sending the Accept-Encoding header, which can cause issues with some websites. This guide shows you how to fix it by configuring Burp’s message editor settings.

Solution Guide

1. Understand the Problem

The Accept-Encoding header tells a server what compression methods your client (Burp Suite in this case) supports. If it’s missing, the server might not compress responses, leading to slower performance or even compatibility problems.

2. Check Burp’s Settings

Burp doesn’t always include this header by default. You need to enable it in the message editor settings.

3. Configure Message Editor Handling
1. Go to Burp > Settings (or press Ctrl+I).
2. Select Editor under the User Interface section.
3. Click on the Message Editor tab.
4. Under Content handling, find the Automatic header generation section.
5. Ensure that Add Accept-Encoding header is checked.
6. If it’s already checked, try unchecking and rechecking it to refresh the setting.
4. Verify Header Inclusion
1. Browse a website through Burp Suite as you normally would.
2. Intercept a request (right-click > Intercept > Request to intercept).
3. Go to the Request tab in the Burp Suite editor.
4. Check if the Accept-Encoding header is present in the headers list. It should look something like this:

Accept-Encoding: gzip, deflate, br

5. If it’s still missing, proceed to the next step.
5. Check Project Options (Advanced)

Sometimes project-specific settings can override global ones.

1. Go to Project options (right-click on target host in the Target tab > Change scope… then Settings).
2. Select HTTP requests under the Proxy section.
3. Check if there are any settings related to header manipulation that might be removing or altering the Accept-Encoding header. Specifically look for anything in the ‘Request headers’ tab.
6. Restart Burp Suite

In rare cases, a restart is needed to fully apply changes.

7. Troubleshooting
• Extensions: Some Burp extensions can interfere with header handling. Try disabling any recently installed or suspicious extensions temporarily to see if that resolves the issue.
• Browser Settings: Ensure your browser isn’t explicitly setting a conflicting Accept-Encoding header. Check your browser’s settings (usually under advanced network options).