Methodology

If you discovered the bug using a particular tool, tell them (and don't use a scanner if they explicitly said not to!). It can help the team fielding your report validate your finding if they use something similar and can incorporate that into reproducing the issue. In this case, we would just say that we submitted the snippet and verified the bug manually.

It's also useful to list some basic info about the environment in which the vulnerability was discovered: your operating system, browser type and version (plus any add-ons or extensions if they're relevant), and any miscellaneous information you think is relevant (for example, was it discovered in an incognito window? If using curl, Postman, or another tool, did you use any particular headers?).