# Delivery headers

HTTP POST payloads that are delivered to your webhook's configured URL endpoint will contain several special headers:

^ Header ^ Description ^
| [[X-GitHub-Event]] | Name of the event that triggered the delivery |
| [[X-GitHub-Delivery]] | A [[GUID]] to identify the delivery |
| [[X-Hub-Signature]] | This header is sent if the webhook is configured with a [[secret]]. This is the [[HMAC]] hex digest of the request body, and is generated using the [[SHA-1]] hash function and the [[scret]] as the HMAC key. [[X-Hub-Signature]] is provided for compatibility with existing integrations, and we recommend that you use the more secure [[X-Hub-Signature-256]] instead |
| [[X-Hub-Signature-256]] | This header is sent if the webhook is configured with a [[secret]]. This is the HMAC hex digest of the request body, and is generated using the [[SHA-256]] hash function and the secret as the HMAC key. |

Also, the [[User-Agent]] for the requests will have the prefix [[GitHub-Hookshot/]].

### Example delivery

<code json>
> POST /payload HTTP/2

> Host: localhost:4567
> X-GitHub-Delivery: 72d3162e-cc78-11e3-81ab-4c9367dc0958
> X-Hub-Signature: sha1=7d38cdd689735b008b3c702edd92eea23791c5f6
> X-Hub-Signature-256: sha256=d57c68ca6f92289e6987922ff26938930f6e66a2d161ef06abdf1859230aa23c
> User-Agent: GitHub-Hookshot/044aadd
> Content-Type: application/json
> Content-Length: 6615
> X-GitHub-Event: issues

> {
>   "action": "opened",
>   "issue": {
>     "url": "https://api.github.com/repos/octocat/Hello-World/issues/1347",
>     "number": 1347,
>     ...
>   },
>   "repository" : {
>     "id": 1296269,
>     "full_name": "octocat/Hello-World",
>     "owner": {
>       "login": "octocat",
>       "id": 1,
>       ...
>     },
>     ...
>   },
>   "sender": {
>     "login": "octocat",
>     "id": 1,
>     ...
>   }
> }
</code>