← Back to release summary

Token Binding

Category

Security

Type

New or changed feature

Status

Removed (Chrome 70)

Intent stage

None

Summary

Token binding allows servers to cryptographically bind bearer tokens (such as cookies) to the TLS layer, to prevent attacks where an attacker exports a bearer token from the user's machine to present to a web service and impersonate the user.

Standards & signals

• Specification: https://tools.ietf.org/html/rfc8473
• Firefox: No signal
• Safari: No signal
• Web developers: No signals
• Tracking bug: https://bugs.chromium.org/p/chromium/issues/detail?id=596699

Docs: https://docs.google.com/document/d/1Ta3GlT_LrqAOLV217Kutn3B2trvifStxB0CThQ_kk78/edit?pli=1#heading=h.e51v5eatk0f3

View on chromestatus.com