Origin-Signed HTTP Exchanges

Allows sites to send HTTP request/response pairs (exchanges) that are authoritative for an origin, even when the server itself is not authoritative for that origin. This is part of Web Packaging, which will allow people to share web applications peer-to-peer, while offline, with proof that an app comes from its original author. This also shares some infrastructure with signature-based SRI.



Editor's draft

Status in Chromium


Enabled by default (tracking bug) in:

  • Chrome for desktop release 73
  • Chrome for Android release 73

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.


Last updated on 2019-09-10