Cloudflare and the three major browser makers want to prove there is a human behind your traffic. They announced how on June 22, as more and more of that traffic comes from agents with no human behind it at all. PACT answers the case where a person is in the loop. The case the web is moving toward, an agent acting on its own, is something PACT doesn't touch.
On June 22, Cloudflare announced PACT, Private Access Control Tokens, with Mozilla Firefox, Google Chrome, Microsoft Edge, and Shopify. The idea: a website that has, in Cloudflare's words, "strong knowledge of personhood" issues an anonymous token, and your browser carries that token to other websites to prove a human is in the loop, or that a bot is an authorized agent. It is meant to replace CAPTCHAs and forced logins. Cloudflare's reason is the agentic shift itself: the Internet is moving from human-driven clicks to agent activity, and the old binary of block-or-allow no longer fits.
If this sounds like a tracking nightmare, one website vouching for you and the proof trailing you around the web, it is the exact thing PACT is built to avoid. The tokens are anonymous and unlinkable by design, the same approach behind the privacy-preserving tokens that already stand in for CAPTCHAs on much of the web: the website that issues one cannot see where you spend it, the website you hand it to cannot tie it back to you, and two uses cannot be linked. The aim is to prove a human is present without the logins, CAPTCHAs, and fingerprinting that do that invasively today. The harder question is who gets to be a trusted issuer of personhood, which is real power over who counts as human online, and it concentrates with the same few infrastructure companies.
GET WEEKLY WEB STRATEGY TIPS FOR THE AI AGE
Practical strategies for making your website work for AI agents and the humans using it. Podcast episodes, articles, videos. Plus exclusive tools, free for subscribers. No spam.
Three rival browsers backing one protocol is the signal
Getting Chrome, Firefox, and Edge into the same room on anything at the access layer is rare, and adding Cloudflare and Shopify means the proposal spans the browser, the network edge, and a major commerce platform at once. When that group commits to a shared protocol, it tends to become real eventually, the way Privacy Pass and passkeys did. So PACT is worth watching.
It is also, today, only a proposal. The collaborators have committed to developing it and submitting it for standardization. Nothing has been released, there is no origin trial, and there is no version your website can check against this quarter. That gap between a serious coalition and a usable protocol is usually measured in years.
PACT answers whether a human is present, not whether an agent is allowed
PACT verifies that a human is present. That is the human-directed case: a person clicks something, or points an agent at a task, and there is a person in the loop to vouch for. It is a real case, and proving it cleanly without CAPTCHAs or tracking would be a genuine improvement.
Detecting a real human is worth doing, and as bots flood the web it gets more valuable, not less. A clean human signal is what anyone fighting fraud, fake accounts, or manipulated reviews wants, and the rarer real people get in the traffic, the more that signal is worth. But PACT answers only one of the two questions the agentic web is splitting along. Once no human is driving, you still have to know whether the autonomous agent is allowed to be here, acting for whom, permitted to do what. PACT does not answer that. By design, it answers the other one.
That second question has its own track, and other people are building it. Google registered its web agent under a verifiable identity. Web Bot Auth lets identifiable crawlers sign their requests. This week Estonia moved to issue agents state-backed ID codes with scoped permissions, view, edit, or pay, up to a limit. Those are all attempts to identify and authorize the agent itself. PACT is the personhood track. The access layer is splitting into two, and they are not interchangeable.
Decide which track your traffic needs
There is nothing to implement, because nothing is live yet. The useful move while this is still a proposal is to figure out which track your traffic actually needs, because they are different problems with different infrastructure. If your risk is fraud and abuse from traffic pretending to be people, you want the personhood track, and PACT is the thing to follow. If your future is agents transacting on your website on a customer's behalf, you want the authorization track, and PACT will not help you. Most websites have never had to separate those two, because until this year a visitor was a person by default.
PACT is a real answer to a real question: is there a person here. The mistake will be reading it as an answer to the question the agentic web actually turns on, which is what to do with an agent when there is no person behind it. That one is still open, and it is the one worth watching.