Currently, outbound webhook messages can only be verified by a shared secret in a custom HTTP header. Signed messages would increase security by allowing the shared secret to be hidden, and by adding the ability to verify payload integrity.
GitHub documentation on this idea >>
https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries