• Cloudflare and web browsers to develop new internet protocol
• PACT protocol will help to verify legitimate web access from human and bots
• Users will be given an anonymized "personhood" token to show they have a real reason to access a website

Now that bot traffic on the internet has officially surpassed human HTTP requests, both web browsers and web infrastructure providers agree something needs to be done, especially as AI agents enter the fray.

Today, Cloudflare has announced a joint initiative with Mozilla Firefox, Google Chrome, and Microsoft Edge to launch a new internet protocol designed to verify if web access is legitimate or malicious - without intruding on user privacy.

Private Access Control Tokens (PACT) will act as anonymous tokens that verify legitimate access by both humans and authorized agents without the need for user logins or CAPTCHAs that cause friction and harm the browsing experience.

Cloudflare establishes PACT with web browsers

To start, PACT won’t deny access to automated traffic completely. According to Cloudflare, the protocol is designed to recognize legitimate access from certain bots. As consumers and businesses turn to new automations provided by AI agents, there is still a legitimate case for allowing certain bots to access websites.

For many AI agents, there is still a human at some point in the loop with a real reason for accessing a website. PACT offers an anonymous “personhood” token that is attached to the user’s browser. This token uses “trusted information from contexts that have authentic relationships with people” to verify legitimate access “while keeping that information private.”

StatCounter places the combined market share of Chrome, Firefox, and Edge at around 77%, meaning that the PACT protocol will likely roll out to the majority of internet users.

“PACT will further empower businesses to identify genuine visitors, ensuring they can focus their resources on the traffic that matters to them,” CloudFlare said in the announcement. “Using PACT on Cloudflare’s network raises the bar for trustworthiness and integrity online without the traditional costs.”

“In commerce, every extra challenge, delay, or false positive can turn a purchase into an abandoned cart. Merchants need effective protections against automated abuse, but buyers shouldn’t have to pay for them with unnecessary friction or invasive tracking,” said Ilya Grigorik, Distinguished Engineer at Shopify.

“Shopify is proud to help develop PACT as an open, privacy-preserving standard that can help the millions of businesses on our platform distinguish legitimate shoppers and authorized agents from abusive traffic while preserving buyer privacy."