If TLS termination happens upstream (e.g., Cloudflare or Traefik), can modified headers affect webhook signature validation for providers like Stripe?
Describe the problem/error/question
What is the error message (if any)?
Please share your workflow
(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)
Share the output returned by the last node
Information on your n8n setup
- n8n version:
- Database (default: SQLite):
- n8n EXECUTIONS_PROCESS setting (default: own, main):
- Running n8n via (Docker, npm, n8n cloud, desktop app):
- Operating system:
Yes, reverse proxies can definitely break webhook signature validation. The core issue is raw body integrity ā most providers like Stripe sign the exact bytes of the incoming payload, so if your proxy does anything to the body (decompressing gzip, normalizing encoding, buffering and re-streaming it), the HMAC check will fail even if the signature header gets forwarded correctly. Cloudflare in particular can modify the request body in some configurations. The safest pattern is to make your proxy completely transparent on webhook routes ā no body modifications, just pass the raw bytes through unchanged.
Hi @Ogunmokun_Adeyemi , welcome to the n8n community 
!
Iād also check forwarded headers like content-encoding and transfer-encoding. If the proxy alters these without matching the body, it can cause subtle signature mismatches. Keeping headers and payload consistent is just as important as raw body integrity.