DPoP[1] is on its way and already starting to see adoption by identity providers like Okta[2] (oh, the comedy). It's unfortunately specific to OAuth, so narrower in terms of application, but will cover how most web apps work today.
I see this as a complementary form of DPoP for first-party browser sessions. I took a lot of inspiration from DPoP, with the main novel construction being HMAC signatures over an interactively-negotiated shared secret vs. new elliptic curve signatures for every request.