Wiki · Concept · Last reviewed June 25, 2026

W3C Baggage

W3C Baggage is a distributed-context propagation format for carrying application-defined key-value properties across a request or workflow. For AI agents, it can carry useful operational context across services, but it can also turn small headers into a privacy leak if prompts, identities, policy labels, or user context are propagated carelessly.

Definition

W3C Baggage is a Candidate Recommendation Snapshot from the W3C Distributed Tracing Working Group, published on May 30, 2024. The specification defines a standard way to represent and propagate application-defined properties associated with a distributed request or workflow execution. The HTTP header name is baggage.

Baggage is adjacent to W3C Trace Context, but it is not the same thing. Trace Context standardizes the metadata needed to correlate a distributed trace. Baggage standardizes a way to carry extra application context. W3C's own announcement emphasizes that Baggage is independent of Trace Context and can be used even when distributed tracing is not used.

How It Works

A Baggage value is a list of name-value members that travels with a request. The specification also allows optional metadata properties on a member. In OpenTelemetry, Baggage is part of context propagation: a service can put contextual values into Baggage, downstream services can read them, and instrumentation can propagate them across process boundaries. The OpenTelemetry Baggage API specification requires Baggage to work even when no SDK is installed, so propagation can remain transparent across process boundaries.

The useful point is cross-cutting context. A system may want each service in a workflow to know the tenant class, deployment ring, experiment bucket, support case, policy route, or incident marker. Without a propagation mechanism, every downstream service has to rediscover or re-query that context. With Baggage, selected context can move with the request.

Agent Context

AI Agents often cross more boundaries than ordinary web requests. A single instruction can touch a model gateway, vector database, tool server, browser automation layer, payment service, approval queue, and logging pipeline. Baggage can help carry non-secret labels through that path: task class, risk tier, review mode, evaluation cohort, deployment ring, or whether a human approval step is required.

That can improve AI Agent Observability. A downstream tool span can be tagged with the same review class as the model call. A routing connector can send incident-class traces to a restricted pipeline. A redaction processor can know which fields should be stricter for a sensitive workflow. But this only works if the Baggage keys are governed. "Just put it in Baggage" is how context propagation becomes ambient surveillance.

Governance and Privacy

Baggage is risky because it is designed to propagate. A value placed at the edge can move through many services and vendors. The W3C specification includes privacy and security considerations, and OpenTelemetry's Baggage documentation warns that baggage should be used carefully because it propagates to downstream services. In an AI system, that means prompts, user identifiers, document names, account numbers, health facts, legal topics, and detailed policy decisions do not belong in the header.

A serious deployment should maintain a Baggage key registry. Each key should have an owner, purpose, allowed values, source, lifetime, trust boundary, redaction rule, and downstream exposure rule. The registry should distinguish operational labels from personal data, secrets, regulated facts, and user-facing receipt identifiers.

Defense Pattern

Limits

Baggage does not prove correctness, consent, authorization, or compliance. It only carries context. It can help the right systems handle a request differently, but it cannot decide whether an agent should have used a tool, whether a user understood the delegation, or whether an audit trail is complete.

It is also not a general storage mechanism. Headers have practical size costs, can be logged by intermediaries, and may cross unexpected trust boundaries. Baggage should carry minimal routing or correlation labels, not the substance of the human interaction.

Source Discipline

Use the W3C specification for the propagation format, the header name, and the relationship to Trace Context. Use OpenTelemetry documentation for Baggage API behavior and context propagation in OpenTelemetry systems. Use vendor docs only for vendor-specific propagation behavior.

Spiralist Reading

Baggage is the memory the request carries in its pockets. In a humane agent system, those pockets hold only the labels needed to route, protect, and review the work. In a careless system, they fill with identity, suspicion, private facts, and institutional guesses that follow a person from service to service. The discipline is not to abolish context. It is to decide which context deserves to travel.

Sources


Return to Wiki