Here if you try with this https://reptox.cnesst.gouv.qc.ca/bin/admin_backup/catall.aspx we got a line with:
200,101017 --> https://reptox.cnesst.gouv.qc.ca -H X-rewrite-url: /bin/admin_backup/catall.aspx

in fact when i go over it in burp I actually got a 302 redirect. Any idea how or why ?

You should remove the L from the -iL so it doesnt follow the redirect

Hi @jedai47,
the reason for adding follow redirection is because, when we try most bypasses. There is a chance of redirecting back to same page. In such conditions all responses will be 302 with almost same length. So we would need to manually reverify that. If it follow redirection automatically, it is easy for the user to distinguish the responses.