Clarify ambiguous documentation in default security section

Closes gh-16033

spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -3332,8 +3332,8 @@ The basic features you get by default in a web application are:
 bean with in-memory store and a single user with a generated password (see
 {dc-spring-boot}/autoconfigure/security/SecurityProperties.User.html[`SecurityProperties.User`]
 for the properties of the user).
-* Form-based login or HTTP Basic security (depending on Content-Type) for the entire
-application (including actuator endpoints if actuator is on the classpath).
+* Form-based login or HTTP Basic security (depending on the `Accept` header in the request) for
+the entire application (including actuator endpoints if actuator is on the classpath).
 * A `DefaultAuthenticationEventPublisher` for publishing authentication events.
 
 You can provide a different `AuthenticationEventPublisher` by adding a bean for it.