Introduction
X511 is a ZK-proof age-verification gateway for Node.js HTTP servers. It intercepts requests to protected routes and serves a verification challenge (HTTP 511) until the user proves their age using a supported zero-knowledge proof provider.
What is HTTP 511?
RFC 6585 defines 511 Network Authentication Required as a status code for situations where the client must authenticate to gain network access - most commonly used by captive portals. X511 repurposes this semantics for age-gating: instead of network credentials, the client must provide a zero-knowledge age proof.
When an unauthenticated request hits a protected route, the server responds with:
HTTP/1.1 511 Network Authentication Required
Content-Type: text/htmlThe response body is an interactive HTML page that guides the user through the verification flow.
Zero-Knowledge Proofs
A zero-knowledge proof (ZKP) lets one party (the prover) convince another party (the verifier) that a statement is true without revealing any information beyond the truth of the statement itself.
In the context of age verification:
- The prover is the user's mobile app (Self or ZKPassport)
- The verifier is the X511 backend
- The statement is "I am over 18 years old"
The backend learns only that the user meets the minimum age threshold - not their date of birth, name, passport number, or any other identifying information.
Supported Providers
| Provider | Description |
|---|---|
| Self | Privacy-preserving identity verification using NFC passport reading and ZK proofs |
| ZKPassport | Passport-based ZK identity proofs with programmable age queries |
Both providers follow the same broad pattern: the user scans a QR code with their mobile app, the app generates a ZK proof, and the backend verifies it without learning the underlying data.