Sec-Token-Binding HTTP Request HTTP Header Field defined in the Token Binding over HTTP

Once a client and server have negotiated the Token Binding Protocol with HTTP/1.1 or HTTP/2 (see The Token Binding Protocol and Token Binding Protocol Negotiation), clients MUST include a Sec-Token-Binding header field in their HTTP Requests, and MUST include only one such header field per HTTP Request. Also, The Sec-Token-Binding field MUST NOT be included in HTTP Responses.

The ABNF of the Sec-Token-Binding header field is (in RFC 7230 style, see also RFC 7231 Section 8.3):

Sec-Token-Binding = EncodedTokenBindingMessage
The header field name is "Sec-Token-Binding" and its SINGLE-VALUE, EncodedTokenBindingMessage, is a base64url encoding of a single TokenBindingMessage, as defined in The Token Binding Protocol, using the URL- and filename-safe character set described in Section 5 of RFC 4648, with all trailing pad characters '=' omitted and without the inclusion of any line breaks, whitespace, or other additional characters.

More Information#

There might be more information for this subject on one of the following: