You can bypass XXE restrictions on some WAF for SSRF and file read by using a space before the protocol:
“ https://“
“ file://“

#bugbountytips