diff --git a/src/quic_rx.c b/src/quic_rx.c
index b333c13ff96b1..293bda0c0d84b 100644
--- a/src/quic_rx.c
+++ b/src/quic_rx.c
@@ -915,7 +915,21 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 
 			break;
 		case QUIC_FT_NEW_TOKEN:
-			/* TODO */
+			if (qc_is_listener(qc)) {
+				TRACE_ERROR("reject NEW_TOKEN frame emitted by client",
+				            QUIC_EV_CONN_PRSHPKT, qc);
+
+				/* RFC 9000 19.7. NEW_TOKEN Frames
+				 * Clients MUST NOT send NEW_TOKEN frames. A server MUST treat receipt
+				 * of a NEW_TOKEN frame as a connection error of type
+				 * PROTOCOL_VIOLATION.
+				 */
+				quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
+				goto err;
+			}
+			else {
+				/* TODO */
+			}
 			break;
 		case QUIC_FT_STREAM_8 ... QUIC_FT_STREAM_F:
 		{