docs/data/reusables/webhooks/secret.md

Setting a webhook secret allows you to ensure that POST requests sent to the payload URL are from {% data variables.product.product_name %}. When you set a secret, you'll receive the {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}X-Hub-Signature and X-Hub-Signature-256 headers{% elsif currentVersion ver_lt "enterprise-server@2.23" %}X-Hub-Signature header{% elsif currentVersion == "github-ae@latest" %}X-Hub-Signature-256 header{% endif %} in the webhook POST request. For more information on how to use a secret with a signature header to secure your webhook payloads, see "Securing your webhooks."