diff --git a/exposures/configs/prometheus-flags-endpoint.yaml b/exposures/configs/prometheus-flags-endpoint.yaml
index c249c865f3..3f139d1ec3 100644
--- a/exposures/configs/prometheus-flags-endpoint.yaml
+++ b/exposures/configs/prometheus-flags-endpoint.yaml
@@ -3,9 +3,9 @@ id: prometheus-flags-endpoint
 info:
   name: Exposure of sensitive operational information via Prometheus flags API endpoint
   author: geeknik
+  severity: medium
   description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
   reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
-  severity: medium
   tags: prometheus,exposure
 
 requests:
@@ -23,6 +23,11 @@ requests:
           - '"config.file":'
         condition: and
 
+      - type: word
+        part: header
+        words:
+          - 'application/json'
+
     extractors:
       - type: regex
         name: web_admin_enabled