We added the Referer header and pasted the Burp Collaborator payload into it, and also added http before the URL, then sent the request.
After sending the request, we were able to poll the requests using Burp and see the request, confirming the vulnerability.
We were able to solve the lab after refreshing the page.
