Clarifying that X-GitHub-Delivery is unique per event, not per delivery

content/webhooks/using-webhooks/best-practices-for-using-webhooks.md

@@ -52,7 +52,7 @@ If your server goes down, you should redeliver missed webhooks once your server
 
 ## Use the `X-GitHub-Delivery` header
 
-In a replay attack, a bad actor intercepts a webhook delivery and re-sends the delivery. To protect against replay attacks, you can use the `X-GitHub-Delivery` header to ensure that each delivery is unique.
+In a replay attack, a bad actor intercepts a webhook delivery and re-sends the delivery. To protect against replay attacks, you can use the `X-GitHub-Delivery` header to ensure that each delivery is unique per event.
 
 {% note %}
 

content/webhooks/webhook-events-and-payloads.md

@@ -37,7 +37,7 @@ HTTP POST payloads that are delivered to your webhook's configured URL endpoint
 
 - `X-GitHub-Hook-ID`: The unique identifier of the webhook.
 - `X-GitHub-Event`: The name of the event that triggered the delivery.
-- `X-GitHub-Delivery`: A globally unique identifier (GUID) to identify the delivery.{% ifversion ghes %}
+- `X-GitHub-Delivery`: A globally unique identifier (GUID) to identify the event.{% ifversion ghes %}
 - `X-GitHub-Enterprise-Version`: The version of the {% data variables.product.prodname_ghe_server %} instance that sent the HTTP POST payload.
 - `X-GitHub-Enterprise-Host`: The hostname of the {% data variables.product.prodname_ghe_server %} instance that sent the HTTP POST payload.{% endif %}
 - `X-Hub-Signature`: This header is sent if the webhook is configured with a `secret`. This is the HMAC hex digest of the request body, and is generated using the SHA-1 hash function and the `secret` as the HMAC `key`. `X-Hub-Signature` is provided for compatibility with existing integrations. We recommend that you use the more secure `X-Hub-Signature-256` instead.