Skip to content

CONCEPT Cited by 1 source

Transitive trust

Transitive trust in the context of automated web traffic refers to the problem of establishing trustworthiness when the entity at a site's door is not run by the company that built it. The trust chain is: site owner → bot-owning platform → end user/operator. A site owner might trust Stripe, but not everyone who wired Stripe's tools into a weekend project.

Definition

Transitive trust is the ability for a trusted intermediary to vouch for the operator behind a request, carrying identity and intent through multiple layers of proxying or orchestration. The trust is "transitive" because it flows: if A trusts B, and B vouches for C, then A can conditionally extend trust to C.

Protocol Mechanism

Cloudflare proposes using the existing RFC 7239 Forwarded header (which "allows proxy components to disclose information lost in the proxying process"):

Forwarded: for="openai"

Combined with content-use signaling:

Forwarded: for="openai";use="reference"

This parallels what X-Forwarded-For does for IP addresses and X-Forwarded-Host does for original host preservation — extending the pattern to carry operator identity and intent.

Properties

  • Portable: Trust is something you carry with you — same identity works whether the operator comes directly or through three intermediaries.
  • Revocable: Losing Verified status across >20% of web domains (behind Cloudflare) creates a meaningful deterrent. Trust becomes something you can lose.
  • Composable with taxonomy: The use parameter on the Forwarded header lets the operator declare content-use intent alongside identity.

Limitations

  • Privacy gap: Small operators who need privacy cannot afford to be identifiable. The mechanism favors known, established entities.
  • Relies on honest propagation: Intermediaries must faithfully propagate the header; adversarial actors can forge it.
  • Not universal: As bot traffic blends with human traffic, identity-based trust won't cover the full web — complementary mechanisms like private rate limiting are needed.

Seen In

Last updated · 564 distilled / 1,671 read