Sec-Token-Binding HTTP Request HTTP Header Field
defined in the Token Binding over HTTP
Once a client and server have negotiated the Token Binding Protocol with HTTP/1.1 or HTTP/2 (see The Token Binding Protocol and Token Binding Protocol Negotiation), clients MUST include a Sec-Token-Binding header field in their HTTP Requests, and MUST include only one such header field per HTTP Request. Also, The Sec-Token-Binding field MUST NOT be included in HTTP Responses.
The ABNF of the Sec-Token-Binding header field is (in RFC 7230 style, see also RFC 7231 Section 8.3):
Sec-Token-Binding = EncodedTokenBindingMessage
The header field name is "Sec-Token-Binding" and its SINGLE-VALUE
, EncodedTokenBindingMessage, is a base64
url encoding of a single TokenBindingMessage, as defined in The Token Binding Protocol
, using the URL
- and filename-safe character set described in Section 5 of RFC 4648
, with all trailing pad characters '=' omitted and without the inclusion of any line breaks, whitespace, or other additional characters.
There might be more information for this subject on one of the following: