CONCEPT Cited by 1 source
Transitive trust¶
Transitive trust in the context of automated web traffic refers to the problem of establishing trustworthiness when the entity at a site's door is not run by the company that built it. The trust chain is: site owner → bot-owning platform → end user/operator. A site owner might trust Stripe, but not everyone who wired Stripe's tools into a weekend project.
Definition¶
Transitive trust is the ability for a trusted intermediary to vouch for the operator behind a request, carrying identity and intent through multiple layers of proxying or orchestration. The trust is "transitive" because it flows: if A trusts B, and B vouches for C, then A can conditionally extend trust to C.
Protocol Mechanism¶
Cloudflare proposes using the existing RFC 7239 Forwarded header (which "allows proxy components to disclose information lost in the proxying process"):
Combined with content-use signaling:
This parallels what X-Forwarded-For does for IP addresses and X-Forwarded-Host does for original host preservation — extending the pattern to carry operator identity and intent.
Properties¶
- Portable: Trust is something you carry with you — same identity works whether the operator comes directly or through three intermediaries.
- Revocable: Losing Verified status across >20% of web domains (behind Cloudflare) creates a meaningful deterrent. Trust becomes something you can lose.
- Composable with taxonomy: The
useparameter on the Forwarded header lets the operator declare content-use intent alongside identity.
Limitations¶
- Privacy gap: Small operators who need privacy cannot afford to be identifiable. The mechanism favors known, established entities.
- Relies on honest propagation: Intermediaries must faithfully propagate the header; adversarial actors can forge it.
- Not universal: As bot traffic blends with human traffic, identity-based trust won't cover the full web — complementary mechanisms like private rate limiting are needed.
Seen In¶
- sources/2026-07-01-cloudflare-ai-traffic-options — proposal and design rationale