X-OODA-Action Header

🔐 Purpose

X-OODA-Action is the primary control header used by OODA-HTTP to convey adaptive decisions. It enables servers, proxies, or intermediaries to inform the recipient (client or another service) of the required security action, based on real-time analysis.

📦 Simple Format

The header may contain one of the following atomic actions:

X-OODA-Action: allow
X-OODA-Action: block
X-OODA-Action: challenge-captcha
X-OODA-Action: throttle(100ms)
X-OODA-Action: rotate-tls-key
      

🧬 Structured JSON Format

For extended logic and traceability, the header can also carry structured metadata:

X-OODA-Action: {
  "score": 82,
  "action": "challenge-captcha",
  "reason": "automated-burst-detected",
  "params": { "mode": "JS", "timeout": 30 },
  "threat_id": "ABX-2025-0091",
  "timestamp": "2025-06-30T22:45:00Z"
}
      

🛠️ Server-Side Parsing

• Parse X-OODA-Action as raw string or JSON
• Validate score range (0–100) and action name
• Apply corresponding logic (block, throttle, rotate key, etc.)

🌐 Protocol Compatibility

• HTTP/1.1, HTTP/2, and HTTP/3
• Plaintext and encrypted sessions (TLS 1.3 recommended)
• QUIC with header preservation across connection IDs

📡 Interoperability

Reverse proxies, CDN edges, or security gateways may inspect traffic, append X-OODA-Action with risk scores, and forward to backend APIs.

📛 Optional Error Header

X-OODA-Error: unsupported-action
      

X-OODA-Error: {
  "code": 501,
  "message": "Unknown X-OODA-Action: 'rotate-tls-key'",
  "received": "rotate-tls-key"
}
      

📎 Reference

• OODA-HTTP Overview
• IETF Draft
• Live Demo (Coming Soon)