The X-Signature-Timestamp header seems to be a handy way to discourage replay attacks and make old signatures worthless after enough time has passed. I'd love to verify that the timestamp is within an ...