Webhook Signature Validates

If TLS termination happens upstream (e.g., Cloudflare ), can modified headers affect webhook signature validation for providers like Stripe?

Describe the problem/error/question

What is the error message (if any)?

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

• n8n version:
• Database (default: SQLite):
• n8n EXECUTIONS_PROCESS setting (default: own, main):
• Running n8n via (Docker, npm, n8n cloud, desktop app):
• Operating system:

Yes.

Many providers compute webhook signatures using:

• Raw request body
• Exact header values
• Protocol consistency

If your reverse proxy:

• Rewrites X-Forwarded-Proto
• Modifies request body encoding
• Alters header casing or strips headers

Signature validation may fail.

Ensure:

• Raw body passthrough is enabled
• No body parsing occurs before n8n
• Forwarded headers remain intact

This is a very common production misconfiguration.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.