diff --git a/doc/configuration.txt b/doc/configuration.txt
index 2c7ada20f..324cce132 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -5085,11 +5085,14 @@ bind /<path> [, ...] [param*]
                     - 'quic6@' -> address is resolved as IPv6 and protocol UDP
                       is used. The performance note for QUIC over IPv4 applies
                       as well.
-                    - 'rhttp@' -> used for reverse HTTP. Address must be a
-                      server with the format '<backend>/<server>'. The server
-                      will be used to instantiate connections to a remote
-                      address. The listener will try to maintain "nbconn"
-                      connections.
+                    - 'rhttp@' [ EXPERIMENTAL ] -> used for reverse HTTP.
+                      Address must be a server with the format
+                      '<backend>/<server>'. The server will be used to
+                      instantiate connections to a remote address. The listener
+                      will try to maintain "nbconn" connections. This is an
+                      experimental features which requires
+                      "expose-experimental-directives" on a line before this
+                      bind.
 
                   You may want to reference some environment variables in the
                   address parameter, see section 2.3 about environment
@@ -9980,8 +9983,11 @@ server <name> <address>[:[port]] [param*]
                       one of them over the FD. The bind part will use the
                       received socket as the client FD. Should be used
                       carefully.
-                    - 'rhttp@' -> custom address family for a passive server in
-                      HTTP reverse context.
+                    - 'rhttp@' [ EXPERIMENTAL ] -> custom address family for a
+                      passive server in HTTP reverse context. This is an
+                      experimental features which requires
+                      "expose-experimental-directives" on a line before this
+                      server.
               You may want to reference some environment variables in the
               address parameter, see section 2.3 about environment
               variables. The "init-addr" setting can be used to modify the way
@@ -12904,7 +12910,7 @@ allow
   above.
 
 
-attach-srv <srv> [name <expr>]
+attach-srv <srv> [name <expr>] [ EXPERIMENTAL ]
   Usable in:  TCP RqCon| RqSes| RqCnt| RsCnt|    HTTP Req| Res| Aft
                     -  |   X  |   -  |   -  |          - |  - |  -
 
@@ -12922,6 +12928,10 @@ attach-srv <srv> [name <expr>]
   This rule is only valid for frontend in HTTP mode. Also all listeners must
   not require a protocol different from HTTP/2.
 
+  Reverse HTTP is currently still in active development. Configuration
+  mechanism may change in the future. For this reason it is internally marked
+  as experimental, meaning that "expose-experimental-directives" must appear on
+  a line before this directive.
 
 auth [realm <realm>]
   Usable in:  TCP RqCon| RqSes| RqCnt| RsCnt|    HTTP Req| Res| Aft
@@ -14750,11 +14760,16 @@ namespace <name>
   a namespace different from the default one. Please refer to your operating
   system's documentation to find more details about network namespaces.
 
-nbconn <nbconn>
+nbconn <nbconn> [ EXPERIMENTAL ]
   This setting is only valid for listener instances which uses reverse HTTP.
   This will define the count of connections which will be mounted in parallel.
   If not specified, a default value of 1 is used.
 
+  Reverse HTTP is currently still in active development. Configuration
+  mechanism may change in the future. For this reason it is internally marked
+  as expirmental, meaning that "expose-experimental-directives" must appear on
+  a line before this directive.
+
 nice <nice>
   Sets the 'niceness' of connections initiated from the socket. Value must be
   in the range -1024..1024 inclusive, and defaults to zero. Positive values
diff --git a/reg-tests/connection/reverse_connect_full.vtc b/reg-tests/connection/reverse_connect_full.vtc
index 95dd399f1..18536e081 100644
--- a/reg-tests/connection/reverse_connect_full.vtc
+++ b/reg-tests/connection/reverse_connect_full.vtc
@@ -9,6 +9,9 @@ server s1 {
 } -start
 
 haproxy h_edge -conf {
+global
+	expose-experimental-directives
+
 defaults
 	log global
 	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
@@ -29,6 +32,9 @@ frontend priv
 } -start
 
 haproxy h_dev -conf {
+global
+	expose-experimental-directives
+
 defaults
 	log global
 	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
diff --git a/reg-tests/connection/reverse_server.vtc b/reg-tests/connection/reverse_server.vtc
index ec631f6e2..50fe8ceb8 100644
--- a/reg-tests/connection/reverse_server.vtc
+++ b/reg-tests/connection/reverse_server.vtc
@@ -6,6 +6,9 @@ feature ignore_unknown_macro
 barrier b1 cond 2
 
 haproxy h_edge -conf {
+global
+	expose-experimental-directives
+
 defaults
 	log global
 	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
diff --git a/reg-tests/connection/reverse_server_name.vtc b/reg-tests/connection/reverse_server_name.vtc
index 667b15f84..0fd850fe8 100644
--- a/reg-tests/connection/reverse_server_name.vtc
+++ b/reg-tests/connection/reverse_server_name.vtc
@@ -7,6 +7,9 @@ feature ignore_unknown_macro
 barrier b1 cond 2
 
 haproxy h_edge -conf {
+global
+	expose-experimental-directives
+
 defaults
 	log global
 	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
diff --git a/src/listener.c b/src/listener.c
index 6ce5deaa8..86d0945da 100644
--- a/src/listener.c
+++ b/src/listener.c
@@ -2259,6 +2259,14 @@ static int bind_parse_nbconn(char **args, int cur_arg, struct proxy *px, struct
 	int val;
 	const struct listener *l;
 
+	/* TODO duplicated code from check_kw_experimental() */
+	if (!experimental_directives_allowed) {
+		memprintf(err, "'%s' is experimental, must be allowed via a global 'expose-experimental-directives'",
+		          args[cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+	mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
+
 	l = LIST_NEXT(&conf->listeners, struct listener *, by_bind);
 	if (l->rx.addr.ss_family != AF_CUST_RHTTP_SRV) {
 		memprintf(err, "'%s' : only valid for reverse HTTP listeners.", args[cur_arg]);
diff --git a/src/tcp_act.c b/src/tcp_act.c
index a6898cb4a..8b44047d5 100644
--- a/src/tcp_act.c
+++ b/src/tcp_act.c
@@ -468,6 +468,14 @@ static enum act_parse_ret tcp_parse_attach_srv(const char **args, int *cur_arg,
 	char *srvname;
 	struct sample_expr *expr;
 
+	/* TODO duplicated code from check_kw_experimental() */
+	if (!experimental_directives_allowed) {
+		memprintf(err, "parsing [%s:%d] : '%s' action is experimental, must be allowed via a global 'expose-experimental-directives'",
+		          px->conf.args.file, px->conf.args.line, args[2]);
+		return ACT_RET_PRS_ERR;
+	}
+	mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
+
 	rule->action      = ACT_CUSTOM;
 	rule->action_ptr  = tcp_action_attach_srv;
 	rule->release_ptr = release_attach_srv_action;
diff --git a/src/tools.c b/src/tools.c
index a7f4ff13c..0b951e15c 100644
--- a/src/tools.c
+++ b/src/tools.c
@@ -1104,6 +1104,13 @@ struct sockaddr_storage *str2sa_range(const char *str, int *port, int *low, int
 		ss.ss_family = AF_CUST_SOCKPAIR;
 	}
 	else if (strncmp(str2, "rhttp@", 3) == 0) {
+		/* TODO duplicated code from check_kw_experimental() */
+		if (!experimental_directives_allowed) {
+			memprintf(err, "Address '%s' is experimental, must be allowed via a global 'expose-experimental-directives'", str2);
+			goto out;
+		}
+		mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
+
 		str2 += 4;
 		ss.ss_family = AF_CUST_RHTTP_SRV;
 	}