Glossary
Timestamp Tolerance
The acceptable age (usually 5 minutes) of a signed webhook. Anything older is rejected to prevent replay attacks.
When a webhook signature includes a timestamp (Stripe, Slack), the receiver should compare it against the current time and reject events outside a tolerance window — typically 5 minutes.
Too narrow (1 minute): legitimate retries during clock skew get rejected. Too wide (1 hour): replay attacks become easier. 300 seconds is the de facto standard.
Server clocks need to be reasonably accurate (NTP). A receiver whose clock is off by 10 minutes will reject *all* webhooks because every timestamp looks 'too old' or 'in the future.' Drift here is a silent killer.
How HookSense helps
When HookSense replays a captured webhook to your endpoint, the original timestamp is preserved by default — useful for confirming your tolerance window actually rejects stale requests.
Get a free webhook URL