diff --git a/src/pentesting-web/proxy-waf-protections-bypass.md b/src/pentesting-web/proxy-waf-protections-bypass.md
index 7670fe2f6..4ecb15538 100644
--- a/src/pentesting-web/proxy-waf-protections-bypass.md
+++ b/src/pentesting-web/proxy-waf-protections-bypass.md
@@ -143,10 +143,10 @@ Practical use cases:
 
 This pairs well with header-reflection cache poisoning. See:
 
--
 {{#ref}}
 cache-deception/README.md
 {{#endref}}
+
 - [How I found a 0-Click Account takeover in a public BBP and leveraged it to access Admin-Level functionalities](https://hesar101.github.io/posts/How-I-found-a-0-Click-Account-takeover-in-a-public-BBP-and-leveraged-It-to-access-Admin-Level-functionalities/)
 
 ### Obfuscation <a href="#ip-rotation" id="ip-rotation"></a>