You can still find SQL injections in User-Agent/ or other request-headers; you just need a keen eye to find it.
Make sure to include SQLi testing on headers in your methodology. Developers often tend to ignore headers. #BugBounty #SQLi #SQLInjection