diff --git a/content/webhooks/using-webhooks/best-practices-for-using-webhooks.md b/content/webhooks/using-webhooks/best-practices-for-using-webhooks.md index a87562150986..94a53a129994 100644 --- a/content/webhooks/using-webhooks/best-practices-for-using-webhooks.md +++ b/content/webhooks/using-webhooks/best-practices-for-using-webhooks.md @@ -52,7 +52,7 @@ If your server goes down, you should redeliver missed webhooks once your server ## Use the `X-GitHub-Delivery` header -In a replay attack, a bad actor intercepts a webhook delivery and re-sends the delivery. To protect against replay attacks, you can use the `X-GitHub-Delivery` header to ensure that each delivery is unique. +In a replay attack, a bad actor intercepts a webhook delivery and re-sends the delivery. To protect against replay attacks, you can use the `X-GitHub-Delivery` header to ensure that each delivery is unique per event. {% note %} diff --git a/content/webhooks/webhook-events-and-payloads.md b/content/webhooks/webhook-events-and-payloads.md index c7638a785186..0842a4321e2c 100644 --- a/content/webhooks/webhook-events-and-payloads.md +++ b/content/webhooks/webhook-events-and-payloads.md @@ -37,7 +37,7 @@ HTTP POST payloads that are delivered to your webhook's configured URL endpoint - `X-GitHub-Hook-ID`: The unique identifier of the webhook. - `X-GitHub-Event`: The name of the event that triggered the delivery. -- `X-GitHub-Delivery`: A globally unique identifier (GUID) to identify the delivery.{% ifversion ghes %} +- `X-GitHub-Delivery`: A globally unique identifier (GUID) to identify the event.{% ifversion ghes %} - `X-GitHub-Enterprise-Version`: The version of the {% data variables.product.prodname_ghe_server %} instance that sent the HTTP POST payload. - `X-GitHub-Enterprise-Host`: The hostname of the {% data variables.product.prodname_ghe_server %} instance that sent the HTTP POST payload.{% endif %} - `X-Hub-Signature`: This header is sent if the webhook is configured with a `secret`. This is the HMAC hex digest of the request body, and is generated using the SHA-1 hash function and the `secret` as the HMAC `key`. `X-Hub-Signature` is provided for compatibility with existing integrations. We recommend that you use the more secure `X-Hub-Signature-256` instead.