Once a client and server have negotiated the Token Binding protocol with HTTP/1.1 or HTTP/2, clients MUST include a Sec-Token-Binding header field in their HTTP requests and MUST include only one such header field per HTTP request. Also, the Sec-Token-Binding header field MUST NOT be included in HTTP responses. (RFC 8473: Token Binding over HTTP)


Return to list of all ( HTTP Header Fields | Web Concepts )