Have all signature information be stored within HTTP request or response headers.

Notice that unlike in the encryption example, the original entry information is still present; the signature has just been added to it.

The signature consists of information on how the information was processed so someone trying to verify the signature can duplicate the steps exactly in order to get the same result.