Origin Headers

This page describes how to augment requests to your origin with additional headers containing useful information about the client request.

Configuration

Origin headers are configured via the origin_headers key in your virtual host configuration. The following sections detail the available options.

Threat Intelligence Headers

When enabled, this will set the Peakhour-Blocklists origin request header if matching blocklists are found for the client IP address. The value is a comma and space separated list of blocklists.

For example: hosting, datacenters

GeoIP Headers

When enabled, this will set the following origin request headers containing geographical information about the client:

• Peakhour-Client-ASN: The client's Autonomous System Number
• Peakhour-Client-City: The client's city name (percent encoded as it may contain UTF-8 characters)
• Peakhour-Client-Country: The client's two-letter country code

Proxy Detection Headers

When enabled, this will set the Peakhour-Client-Proxy header based on heuristic detection of whether the client is using a proxy:

• 1: Client was detected as using a proxy
• 0: Client was not detected as using a proxy

This uses the same detection logic as the peakhour.client.proxy rules field.

WAF Password Detection

If the Web Application Firewall (WAF) detects an exposed password in the request, it will set the Peakhour-Exposed-Password header in the origin request.

Related Topics

• Origin Configuration
• Web Application Firewall