Comment by ivan_gammel

Yes, browser can do that. A browser starts with GET and gets new HTTP 1xx or 3xx response with “Age-Verification: required <age>” header. Browser calls your AVP (defined once in preferences) and gets short-lived certificate of age (expires in 30 seconds), then passes it to website in “Age: <age> <certificate>” header. The website uses known public keys to verify “at least certain age” claim in certificate. AVP public keys can be published in some registry and cached by websites.