diff --git a/src/pep.js b/src/pep.js
index ace178b..d8c39d8 100644
--- a/src/pep.js
+++ b/src/pep.js
@@ -13,7 +13,7 @@ njs.dump(_debug);
 
 function debug(c, s) {
   if (_debug === true) {
-    log(c, s)
+    log(c, "[DEBUG] " + s)
   }
 }
 
@@ -72,13 +72,15 @@ function enforce_legacy(r) {
         debug(context, "Authorizated user: " + userinfo.result.username)
         // debug(context, "Context again:\n" + njs.dump(context));
         context.userinfo = userinfo
-        context.record = buildAccountingRecord_legacy(context)
+        context.record = buildAccountingRecord_legacy(context);
+
         if (context.config["stripLegacyToken"] == true) {
           var subreq_args = JSON.parse(JSON.stringify(context.request.args));
           delete subreq_args["gcube-token"];
         } else {
           var subreq_args = context.request.args;
         }
+        debug(context, "subrequest args:\n" + JSON.stringify(subreq_args), null, 2);
         return context.request.subrequest("/_backend", { method: context.request.method, args: JSON.stringify(subreq_args), headers: context.request.headersIn })
       }).then(reply => {
         // debug(context, "response from backend\n" + reply.responseText);
@@ -98,6 +100,7 @@ function enforce_legacy(r) {
       }).catch(e => { error(context, "Error .... " + njs.dump(e)); context.request.return(e.message === "Unauthorized" ? 403 : 500) })
     return
   }
+  error(context, "No token provided: Unauthorized.")
   r.return(401, "Authorization required")
 }