Webhook integration - more detailed headers?

I've set up webhook integration for an actor to fire upon success. It works fine, however, I'm concerned about api security. Is there any way I can send more headers via the webhook (or get more reliable, static information)? I'd like to have a condition set up on my server to only accept the webhook if for example; a token matches, or the origin/refer is an apify domain. The couple of keys and Id sent in the headers as they are currently, don't seem to be static or retrievable. I know I can create variables in the actual payload itself, but I'm wanting to stop the webhook at the header level, before I parse the payload