IDK if someone have told this before but, If you are trying XSS but, getting blocked by WAF try adding a “Referer” header in your request. Sometimes, it bypasses WAF.
Got one by using this method.
#bugbountytips #XSS #XSS_WAF_Bypass
Examples are in the following tweet.