diff --git a/lib/vidmoly-upload.js b/lib/vidmoly-upload.js
index 447e4e0..d465ab2 100644
--- a/lib/vidmoly-upload.js
+++ b/lib/vidmoly-upload.js
@@ -141,7 +141,8 @@ class VidmolyUploader {
     }
     return {
       uploadUrl: payload.upload_url,
-      params: { sess_id: payload.sess_id, utype: 'reg' },
+      // Classic XFS upload fields in the order the server expects.
+      params: { upload_type: 'file', sess_id: payload.sess_id, srv_tmp_url: '', utype: 'reg' },
       fileFieldName: 'file_0'
     };
   }
@@ -200,17 +201,20 @@ class VidmolyUploader {
       yield epilogueBuf;
     }
 
-    // Use undici.request for the upload (streaming body for progress)
+    // Transit server lives on a different domain (*.vmwesa.online). Browsers
+    // don't send vidmoly.me cookies across origins, so we don't either.
+    // Origin + Referer match the browser's actual upload headers.
     const { body, statusCode, headers } = await request(uploadUrl, {
       method: 'POST',
       body: generate(),
       signal,
       headers: {
         'User-Agent': USER_AGENT,
-        'Cookie': this._cookieHeader(),
+        'Accept': '*/*',
+        'Origin': BASE_URL,
+        'Referer': `${BASE_URL}/`,
         'Content-Type': `multipart/form-data; boundary=${boundary}`,
-        'Content-Length': String(totalSize),
-        'Referer': `${BASE_URL}/upload.html`
+        'Content-Length': String(totalSize)
       },
       headersTimeout: UPLOAD_TIMEOUT,
       bodyTimeout: UPLOAD_TIMEOUT