diff --git a/yesod-test/README.md b/yesod-test/README.md
index f17be004..147fa4d0 100644
--- a/yesod-test/README.md
+++ b/yesod-test/README.md
@@ -50,7 +50,7 @@ This is the helloworld and kitchen sink. In this case for testing a yesod app.
 
         -- Performs the post using the current page to extract field values:
         post "url/to/post/to" $ do
-          addNonce -- Add the _nonce field with the currently shown value
+          addToken -- Add the CSRF _token field with the currently shown value
 
           -- Lookup field by the text on the labels pointing to them.
           byLabel "Email:" "gustavo@cerati.com"
diff --git a/yesod-test/Yesod/Test.hs b/yesod-test/Yesod/Test.hs
index 74dff8d9..a6ec7991 100644
--- a/yesod-test/Yesod/Test.hs
+++ b/yesod-test/Yesod/Test.hs
@@ -18,7 +18,7 @@ using CSS selectors to explore the document more easily.
 You can also easily build requests using forms present in the current page.
 This is very useful for testing web applications built in yesod, for example,
 where your forms may have field names generated by the framework or a randomly
-generated nonce value.
+generated CSRF token input.
 
 Your database is also directly available so you can use 'runDB' to set up
 backend pre-conditions, or to assert that your session is having the desired effect.
@@ -40,7 +40,7 @@ module Yesod.Test
     -- * Making requests
     -- | You can construct requests with the 'RequestBuilder' monad, which lets you
     -- set the URL and add parameters, headers, and files. Helper functions are provided to
-    -- lookup fields by label and to add the current nonce value from your forms.
+    -- lookup fields by label and to add the current CSRF token from your forms.
     -- Once built, the request can be executed with the 'request' method.
     --
     -- Convenience functions like 'get' and 'post' build and execute common requests.
@@ -66,13 +66,15 @@ module Yesod.Test
     , byLabel
     , fileByLabel
 
-    -- *** Nonces
+    -- *** CSRF Tokens
     -- | In order to prevent CSRF exploits, yesod-form adds a hidden input
     -- to your forms with the name "_token". This token is a randomly generated,
-    -- per-session value called a /nonce/.
+    -- per-session value.
     --
     -- In order to prevent your forms from being rejected in tests, use one of
-    -- these functions to add the nonce to your request.
+    -- these functions to add the token to your request.
+    , addToken
+    , addToken_
     , addNonce
     , addNonce_
 
@@ -553,24 +555,39 @@ fileByLabel label path mime = do
   name <- nameFromLabel label
   addFile name path mime
 
--- | Lookup a _token form field and add its value to the params.
--- Receives a CSS selector that should resolve to the form element containing the nonce.
+-- | An alias for 'addToken_'.
+addNonce_ :: Query -> RequestBuilder site ()
+addNonce_ = addToken_
+{-# DEPRECATED addNonce_ "Use 'addToken_' instead; 'addNonce_' will be removed in the next major version. Reasoning: Yesod's CSRF tokens are not actually nonces (one-time values), so yesod-form moved to calling them tokens instead. yesod-test is now using the word token as well. See https://github.com/yesodweb/yesod/issues/914 for details." #-}
+
+-- | An alias for 'addToken'.
+addNonce :: RequestBuilder site ()
+addNonce = addToken
+{-# DEPRECATED addNonce "Use 'addToken' instead; 'addNonce' will be removed in the next major version. Reasoning: Yesod's CSRF tokens are not actually nonces (one-time values), so yesod-form moved to calling them tokens instead. yesod-test is now using the word token as well. See https://github.com/yesodweb/yesod/issues/914 for details." #-}
+
+-- | Lookups the hidden input named "_token" and adds its value to the params.
+-- Receives a CSS selector that should resolve to the form element containing the token.
 --
 -- ==== __Examples__
 --
 -- > request $ do
--- >   addNonce_ "#formID"
-addNonce_ :: Query -> RequestBuilder site ()
-addNonce_ scope = do
+-- >   addToken_ "#formID"
+addToken_ :: Query -> RequestBuilder site ()
+addToken_ scope = do
   matches <- htmlQuery' rbdResponse $ scope <> "input[name=_token][type=hidden][value]"
   case matches of
-    [] -> failure $ "No nonce found in the current page"
+    [] -> failure $ "No CSRF token found in the current page"
     element:[] -> addPostParam "_token" $ head $ attribute "value" $ parseHTML element
-    _ -> failure $ "More than one nonce found in the page"
+    _ -> failure $ "More than one CSRF token found in the page"
 
--- | For responses that display a single form, just lookup the only nonce available.
-addNonce :: RequestBuilder site ()
-addNonce = addNonce_ ""
+-- | For responses that display a single form, just lookup the only CSRF token available.
+--
+-- ==== __Examples__
+--
+-- > request $ do
+-- >   addToken
+addToken :: RequestBuilder site ()
+addToken = addToken_ ""
 
 -- | Perform a POST request to @url@.
 --
@@ -694,7 +711,7 @@ addRequestHeader header = ST.modify $ \rbd -> rbd
 -- ==== __Examples__
 --
 -- > request $ do
--- >   addNonce
+-- >   addToken
 -- >   byLabel "First Name" "Felipe"
 -- >   setMethod "PUT"
 -- >   setUrl NameR
diff --git a/yesod-test/test/main.hs b/yesod-test/test/main.hs
index 2bd6067d..be5363e1 100644
--- a/yesod-test/test/main.hs
+++ b/yesod-test/test/main.hs
@@ -122,7 +122,7 @@ main = hspec $ do
                     setUrl ("/form" :: Text)
                     byLabel "Some Label" "12345"
                     fileByLabel "Some File" "test/main.hs" "text/plain"
-                    addNonce
+                    addToken
                 statusIs 200
                 bodyEquals "12345"
             yit "finding html" $ do