Debug Headers: X-G8KEPR-* Headers for Instant Troubleshooting
G8KEPR adds debug headers to every response, giving you instant visibility into what happened: which rule triggered, what mode you're in, request ID for tracing, and gateway version. No more black box security.
The Debug Headers
Every response from G8KEPR includes these headers:
| Header | Description | Example Value |
|---|---|---|
X-G8KEPR-Request-ID | Unique ID for request tracing | req_a3f7d8e2b1c4 |
X-G8KEPR-Mode | Current security mode | monitor or block |
X-G8KEPR-Version | Gateway version | 1.0.0 |
X-G8KEPR-Rule-Match | Rule that triggered (if any) | sql_injection_HIGH |
X-G8KEPR-Blocked-By | Threat type (403 only) | xss |
Inspecting Headers in Browser
See debug headers in your browser DevTools:
Chrome / Firefox / Edge
- 1. Open DevTools (
F12) - 2. Go to Network tab
- 3. Make a request to your API
- 4. Click the request in the list
- 5. Click Headers tab
- 6. Scroll to Response Headers
- 7. See all
X-G8KEPR-*headers
Using Headers in Code
Access debug headers programmatically:
JavaScript / Fetch
const response = await fetch('/api/checkout', { method: 'POST' });
console.log('Request ID:', response.headers.get('X-G8KEPR-Request-ID'));
console.log('Mode:', response.headers.get('X-G8KEPR-Mode'));
console.log('Version:', response.headers.get('X-G8KEPR-Version'));
if (response.status === 403) {
console.log('Blocked by:', response.headers.get('X-G8KEPR-Blocked-By'));
console.log('Rule match:', response.headers.get('X-G8KEPR-Rule-Match'));
}Python / Requests
response = requests.post('https://api.example.com/checkout')
print(f"Request ID: {response.headers.get('X-G8KEPR-Request-ID')}")
print(f"Mode: {response.headers.get('X-G8KEPR-Mode')}")
if response.status_code == 403:
print(f"Blocked by: {response.headers.get('X-G8KEPR-Blocked-By')}")Troubleshooting with Debug Headers
Use Case 1: Check if Monitor Mode is Active
You deployed monitor mode but want to verify it's working:
curl -I https://your-api.com/api/test
HTTP/1.1 200 OK
X-G8KEPR-Request-ID: req_b4e8c9d3a2f5
X-G8KEPR-Mode: monitor ← Confirmed: Monitor mode active
X-G8KEPR-Version: 1.0.0Use Case 2: Identify Why Request Was Blocked
Customer getting 403, need to know why:
HTTP/1.1 403 Forbidden
X-G8KEPR-Request-ID: req_c5f9d0e4b3g6
X-G8KEPR-Mode: block
X-G8KEPR-Rule-Match: sql_injection_HIGH ← This is why
X-G8KEPR-Blocked-By: sql_injection ← Attack type
X-G8KEPR-Version: 1.0.0Now search logs for req_c5f9d0e4b3g6 to see exact payload that triggered it.
Use Case 3: Verify Gateway Version
Debugging a reported issue, need to know which version customer is hitting:
X-G8KEPR-Version: 1.0.0 ← Customer is on old version
# Check if issue is fixed in 1.1.0Automated Monitoring with Headers
Use headers for monitoring and alerting:
// Monitor mode alert
if (response.headers.get('X-G8KEPR-Mode') === 'monitor' &&
response.headers.get('X-G8KEPR-Rule-Match')) {
// This WOULD have been blocked
alert(`Security rule triggered: ${response.headers.get('X-G8KEPR-Rule-Match')}`);
// Log for review before enabling block mode
logMonitorModeHit(response.headers.get('X-G8KEPR-Request-ID'));
}Troubleshoot Instantly with Debug Headers
Every response includes full debugging context. No more guessing.
Start Free Trial60 days free • No credit card required
Related Features
- ← Monitor Mode - Test rules without blocking
- ← Request IDs - End-to-end request tracing
- → Full Documentation - Complete debugging guide
Ready to Secure Your APIs?
Deploy enterprise-grade API security in 5 minutes. No credit card required.
Start Free Trial