diff --git a/index.bs b/index.bs
index dd18bed90..60bf401cd 100644
--- a/index.bs
+++ b/index.bs
@@ -3919,7 +3919,9 @@ Verifiers may use the following algorithm to verify an encoded {{CollectedClient
     1. A string, |type|, that contains the expected {{CollectedClientData/type}}.
     1. A byte string, |challenge|, that contains the challenge byte string that was given in the {{PublicKeyCredentialRequestOptions}} or {{PublicKeyCredentialCreationOptions}}.
     1. A string, |origin|, that contains the expected {{CollectedClientData/origin}} that issued the request to the user agent.
-    1. A boolean, |crossOrigin|, that is true if, and only if, the request should have been performed within a cross-origin <{iframe}>.
+    1. A string or null value, |expectedTopOrigin|, which contains the expected [=top-level origin=] for a cross-origin request, or else a null value to indicate that request must not have been performed in a cross-origin <{iframe}>.
+
+    Note: a non-null value for |expectedTopOrigin| will cause all {{CollectedClientData}} structures generated by previous versions of this specification to be rejected as previous versions did not serialize the [=top-level origin=].
 1. Let |expected| be an empty byte string.
 1. Append 0x7b2274797065223a (`{"type":`) to |expected|.
 1. Append [=CCDToString=](|type|) to |expected|.
@@ -3929,10 +3931,11 @@ Verifiers may use the following algorithm to verify an encoded {{CollectedClient
 1. Append 0x2c226f726967696e223a (`,"origin":`) to |expected|.
 1. Append [=CCDToString=](|origin|) to |expected|.
 1. Append 0x2c2263726f73734f726967696e223a (`,"crossOrigin":`) to |expected|.
-1. If |crossOrigin| is true:
-    1. Append 0x74727565 (`true`) to |expected|.
-1. Otherwise, i.e. |crossOrigin| is false:
+1. If |expectedTopOrigin| is null:
     1. Append 0x66616c7365 (`false`) to |expected|.
+1. Else:
+    1. Append 0x747275652c22746f704f726967696e223a (`true,"topOrigin":`) to |expected|.
+    1. Append [=CDDToString=](|expectedTopOrigin|) to |expected|.
 1. If |expected| is not a prefix of |clientDataJSON| then the verification has failed.
 1. If |clientDataJSON| is not at least one byte longer than |expected| then the verification has failed.
 1. If the byte of |clientDataJSON| at the offset equal to the length of |expected|: