Latest Draft
The latest IETF Internet-Draft for OODA-HTTP (v01) has been submitted.
It introduces protocol extensions and adaptive logic over HTTP/1.1, HTTP/2, and HTTP/3.
View Draft on IETF Datatracker
What is OODA-HTTP?
OODA-HTTP transforms each HTTP request into an observation signal and decision vector. By applying the Observe–Orient–Decide–Act (OODA) loop at the application layer, it empowers endpoints, proxies, and security agents to become adaptive defenders against classical, behavioral, and quantum threats.
🛡️ OODA-HTTP is the first cybersecurity protocol to establish a unified, adaptive grammar for full-stack defense — from DOM structure to encrypted transport.
Key Features
- ✔ Real-time threat scoring
- ✔ Integration with TLS and QUIC
- ✔ Semantic vector engines and temporal memory
- ✔ New header:
X-OODA-Action - ✔ Resilient to Shor-based and behavioral attacks
🔍 How It Works
Observe: Each HTTP request becomes a telemetry point — capturing TLS handshake data, HTTP headers, user-agent, timing patterns, and more.
Orient: This data is processed by local rules or machine learning models to assign a contextual threat score.
Decide: Based on the score, an action is determined: allow, throttle, challenge (e.g., CAPTCHA), block, rotate TLS keys, or log. The result is sent via a dedicated header: X‑OODA‑Action.
Act: The server or intermediary applies the response action in real time — adapting the behavior of the communication channel intelligently.
📄 Learn More
📦 Header Format: X-OODA-Action
The X-OODA-Action header carries the contextual decision made by the server or intermediary.
It may include values such as allow, block, challenge-captcha,
rotate-tls-key, or structured JSON like:
X-OODA-Action: {
"score": 78,
"action": "challenge-captcha",
"reason": "anomaly-detected"
}
👉 For full header specifications, supported formats, and interoperability rules, read the full reference page here: X-OODA-Action Reference →
🌐 Deployment Models
OODA-HTTP can be deployed at various points in the HTTP pipeline:
- Client-side: Adaptive response to server decisions
- Server-side: Embedded logic + response headers
- Reverse proxies: Pre-scan & tagging at edge (e.g., CDN)
- Middleware: Integrated into backend routing (Flask, FastAPI, etc.)
🛡️ Real-World Use Cases
- Mitigating bot traffic with adaptive CAPTCHA
- Throttling abusive APIs without blocking good users
- Detecting automated scraping via behavioral telemetry
- Rotating TLS keys during suspicious banking sessions
- Redirecting stealth bots to honeypots
📌 In Summary
This draft received early interest and constructive feedback from recognized experts such as Rich Salz (TLS/cybersecurity expert and active IETF member) and Eric Rescorla (co-author of TLS 1.3 and Security Area Director at the IETF).
“Thank You for Your Thoughtful Input on the OODA-HTTP Draft.”
— Rich Salz, active IETF member and cybersecurity expert
- Invented by: Rachid Bouziane – IETF Draft
- Inspired by: Colonel John Boyd’s OODA Loop (Observe, Orient, Decide, Act)
- Delivered via:
X‑OODA‑Actionheader carrying threat scores and recommended actions - Scope: Applicable across client, server, proxy, and TLS layers
Get Involved
OODA-HTTP is open for collaboration, review, and feedback.
If you're a developer, researcher, or organization interested in adaptive security,
you are welcome to contribute.
Contact us at contact@secroot.io