AI Content Disclosure Header
draft-abaris-aicdh-01
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Author | Doğu Abaris | ||
| Last updated | 2026-01-30 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-abaris-aicdh-01
Independent Submission D. Abaris
Internet-Draft Individual Contributor
Intended status: Informational 30 January 2026
Expires: 3 August 2026
AI Content Disclosure Header
draft-abaris-aicdh-01
Abstract
This document proposes a machine-readable Hypertext Transfer Protocol
(HTTP) response header field, AI-Disclosure, to disclose the presence
and degree of Artificial Intelligence (AI) generated or AI-assisted
content in web responses. The header is designed for compatibility
with HTTP structured field syntax and provides metadata for user
agents, bots, and archiving systems. It supports layered disclosure
strategies alongside human-readable and structured metadata formats.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 3 August 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abaris Expires 3 August 2026 [Page 1]
Internet-Draft AI-Disclosure Header January 2026
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 3
3. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
4. Field Definition . . . . . . . . . . . . . . . . . . . . . . 3
5. Field Syntax . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.2. Field Keys . . . . . . . . . . . . . . . . . . . . . . . 4
6. Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . 7
9.2. Informative References . . . . . . . . . . . . . . . . . 7
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
As AI-generated content proliferates across the web, users
[BV-Report], platforms, and regulators increasingly demand
transparent disclosure of algorithmic involvement in content creation
[PAI-Framework]. Existing approaches to disclosure (e.g., HTML
disclaimers) lack machine-readability [GV-Prov], making automation,
indexing, and compliance challenging.
Regulatory initiatives like the EU Artificial Intelligence Act
include transparency obligations for AI-generated or manipulated
content, and the European Commission is developing a Code of Practice
on marking and labelling AI-generated content to support compliance
with those obligations EU-AI-Act [EC-CodePractice]. A lightweight,
machine-readable HTTP signal can complement these efforts by enabling
automated detection and disclosure in web delivery.
This document defines the AI-Disclosure HTTP header field, providing
a lightweight, machine-readable mechanism focused specifically on
signaling the presence and mode of AI involvement in the generation
of an HTTP response's content. It utilizes HTTP Structured Fields
[RFC9651] to offer a simple dictionary format directly within the
HTTP response headers.
The goal of AI-Disclosure is to offer a low-overhead, easily parsable
signal primarily for automated systems like web crawlers, archiving
tools, or user agents that may need a quick indication of AI usage
without processing complex manifests. This header is intended to be
applied at the entire response level.
Abaris Expires 3 August 2026 [Page 2]
Internet-Draft AI-Disclosure Header January 2026
It is important to distinguish this mechanism from more comprehensive
content provenance and authenticity frameworks like the Coalition for
Content Provenance and Authenticity (C2PA) specification [C2PA-Spec].
C2PA provides richer, cryptographically signed assertions about
content provenance, potentially covering detailed creation/
modification history and applying to specific regions within an asset
("Regions of Interest"). C2PA information can be linked via methods
including the HTTP Link header [RFC8288] pointing to an associated
manifest.
AI-Disclosure can be seen as complementary to such systems within a
layered disclosure strategy. While C2PA offers strong, verifiable,
and granular provenance, AI-Disclosure provides a simpler, advisory
signal directly in the HTTP interaction for basic AI involvement
awareness. Systems requiring high assurance or sub-resource
granularity should utilize frameworks like C2PA.
2. Terminology
2.1. Acronyms and Abbreviations
AI: Artificial Intelligence
HTTP: Hypertext Transfer Protocol
C2PA: Content Provenance and Authenticity, refers to the
specification developed by the Coalition for Content Provenance and
Authenticity
3. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
4. Field Definition
The AI-Disclosure field is defined as a Structured Field of type
Dictionary, as described in [RFC9651].
Abaris Expires 3 August 2026 [Page 3]
Internet-Draft AI-Disclosure Header January 2026
+===============+==========+========+========+===========+=========+
| Header Field |Structured|Template|Protocol|Status |Reference|
| Name |Type | | | | |
+===============+==========+========+========+===========+=========+
| AI-Disclosure |Dictionary|(blank) |http |provisional|[this |
| | | | | |document]|
+---------------+----------+--------+--------+-----------+---------+
Table 1
5. Field Syntax
The AI-Disclosure field value MUST conform to the syntax for
Dictionary structures defined in Section 3.2 of [RFC9651]. Each key
in the dictionary conveys a distinct aspect of AI disclosure.
5.1. Example
AI-Disclosure: mode=ai-originated;
model="gpt-4";
provider="OpenAI";
reviewed-by="editorial-team";
date=@1745286896
5.2. Field Keys
+=============+========+==================================+
| Key | Type | Description |
+=============+========+==================================+
| mode | Token | Indicates the nature of AI |
| | | involvement: none, ai-modified, |
| | | ai-originated, machine-generated |
+-------------+--------+----------------------------------+
| model | String | Identifier of the AI model used |
| | | (e.g., gpt-4) |
+-------------+--------+----------------------------------+
| provider | String | Organization providing the AI |
| | | system |
+-------------+--------+----------------------------------+
| reviewed-by | String | Entity or team who reviewed the |
| | | AI content |
+-------------+--------+----------------------------------+
| date | Date | Generation timestamp as a |
| | | numeric epoch value, conforming |
| | | to RFC9651. |
+-------------+--------+----------------------------------+
Table 2
Abaris Expires 3 August 2026 [Page 4]
Internet-Draft AI-Disclosure Header January 2026
6. Semantics
The AI-Disclosure header field is an optional and advisory header
providing information about the use of AI in generating the response
content. Its presence indicates voluntary disclosure by the server.
Absence of the header implies nothing about AI usage.
The meaning of the header is primarily defined by the mode key, whose
possible values are described below:
+===================+=============================================+
| Mode Value | Description |
+===================+=============================================+
| none | Indicates that AI was not used in the |
| | creation or substantive modification of the |
| | content. |
+-------------------+---------------------------------------------+
| ai-modified | Indicates AI was used to assist with or |
| | modify content primarily created by humans. |
| | The source material was not AI-generated. |
| | Examples include AI-based grammar checking, |
| | style suggestions, or generating highlights |
| | or summaries of human-written text. |
+-------------------+---------------------------------------------+
| ai-originated | Indicates the core content was initially |
| | generated by AI but subsequently reviewed, |
| | edited, or significantly guided by humans. |
| | This suggests human oversight for accuracy |
| | or appropriateness, even if the originality |
| | for copyright purposes might be affected. |
+-------------------+---------------------------------------------+
| machine-generated | Indicates the content was primarily or |
| | entirely generated by AI with minimal or no |
| | human intervention or review post- |
| | generation. AI may be responsible for |
| | substantive assertions or conclusions. |
+-------------------+---------------------------------------------+
Table 3
Other keys like model, provider, reviewed-by, and date provide
optional, additional context about the AI model used, the provider,
human review, or the generation time, respectively.
Recipients should treat this header as informational only and refer
to the Security Considerations (Section 7) regarding its
trustworthiness.
Abaris Expires 3 August 2026 [Page 5]
Internet-Draft AI-Disclosure Header January 2026
*Note:* The AI-Disclosure header applies to the entire content of the
HTTP response payload. The ai-modified and ai-originated values
indicate AI involvement, but this header does not provide information
about specific locations or the exact nature of the partial
involvement. For expressing provenance information about specific
parts of a resource, more comprehensive mechanisms such as C2PA
[C2PA-Spec] should be used. The distinction between ai-modified and
ai-originated aims to address whether the foundational content was
human or AI, reflecting concerns about originality and the nature of
the transformation. The distinction between ai-originated and
machine-generated primarily reflects the level of human review or
intervention post-generation.
7. Security Considerations
The AI-Disclosure field is intended to provide advisory metadata
about AI-generated or AI-assisted content and does not include any
form of integrity protection. As such, the field can be trivially
spoofed or altered by intermediaries unless the response is delivered
over a secure transport such as HTTPS.
Clients and intermediaries MUST NOT rely on the presence, absence, or
value of the AI-Disclosure field for making security-critical
decisions. The field is not authenticated and SHOULD be treated as
untrusted input.
This document does not define any mechanisms for cryptographic
verification or provenance validation of the header's content.
Implementations that require trustworthy disclosure metadata SHOULD
rely on additional application-layer integrity mechanisms or signed
metadata systems, such as those defined by C2PA [C2PA-Spec].
8. IANA Considerations
IANA is requested to register the AI-Disclosure header field in the
"Hypertext Transfer Protocol (HTTP) Field Name Registry" maintained
at https://www.iana.org/assignments/http-fields/
(https://www.iana.org/assignments/http-fields/), according to the
procedures outlined in [RFC9110].
Abaris Expires 3 August 2026 [Page 6]
Internet-Draft AI-Disclosure Header January 2026
+==========+==========+===========+=========+==========+============+
|Header |Applicable|Status |Reference|Structured|Notes |
|Field Name|Protocol | | |Type | |
+==========+==========+===========+=========+==========+============+
|AI- |http |provisional|[this |Dictionary|Discloses |
|Disclosure| | |document]| |AI |
| | | | | |involvement |
| | | | | |in content |
| | | | | |creation |
+----------+----------+-----------+---------+----------+------------+
Table 4
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC8288] Nottingham, M., "Web Linking", RFC 8288,
DOI 10.17487/RFC8288, October 2017,
<https://www.rfc-editor.org/rfc/rfc8288>.
[RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "HTTP Semantics", STD 97, RFC 9110,
DOI 10.17487/RFC9110, June 2022,
<https://www.rfc-editor.org/rfc/rfc9110>.
[RFC9651] Nottingham, M. and P. Kamp, "Structured Field Values for
HTTP", RFC 9651, DOI 10.17487/RFC9651, September 2024,
<https://www.rfc-editor.org/rfc/rfc9651>.
9.2. Informative References
[BV-Report]
Big Valley Marketing, "AI Disclosure and Transparency:
Closing the Trust Gap", November 2024,
<https://bigvalley.co/wp-content/uploads/2024/11/BV-AI-
Research-Report.pdf>.
Abaris Expires 3 August 2026 [Page 7]
Internet-Draft AI-Disclosure Header January 2026
[C2PA-Spec]
Coalition for Content Provenance and Authenticity (C2PA),
"C2PA Specification Version 2.1", July 2024,
<https://c2pa.org/specifications/specifications/2.1/specs/
C2PA_Specification.html>.
[EC-CodePractice]
European Commission, "Code of Practice on marking and
labelling of AI-generated content", 27 January 2026,
<https://digital-strategy.ec.europa.eu/en/policies/code-
practice-ai-generated-content>.
[EU-AI-Act]
European Union, "Regulation (EU) 2024/1689 (Artificial
Intelligence Act)", 13 June 2024,
<https://eur-lex.europa.eu/eli/reg/2024/1689/oj>.
[GV-Prov] Hofmann, S., "Content Provenance and Disclosure
Requirements for AI Generated Content on Digital and
Traditional Media Platforms", 31 March 2025,
<https://www.globalvoices.org.au/post/content-provenance-
and-disclosure-requirements-for-ai-generated-content-on-
digital-and-traditional-m>.
[PAI-Framework]
Partnership on AI, "PAI's Responsible Practices for
Synthetic Media: A Framework for Collective Action", 27
February 2023,
<https://syntheticmedia.partnershiponai.org/>.
Acknowledgments
The author thanks Michael Andrews from Teradata for helpful comments
and feedback on early staging of this document.
Author's Address
Dogu Abaris
Individual Contributor
Email: abaris@null.net
Abaris Expires 3 August 2026 [Page 8]