Using HEAD to optimize Time Based SQL Injection

Was conducted a application pentest on a client site and found that the website is vulnerable to SQL Injection. The DBMS is MS SQL Server. The problem: There's a some sort of WAF or keyword filter looking for common SQLi...