diff --git a/doc/usage/using_webhooks.rst b/doc/usage/using_webhooks.rst
index f5127ec..34469c2 100644
--- a/doc/usage/using_webhooks.rst
+++ b/doc/usage/using_webhooks.rst
@@ -18,6 +18,7 @@ Each POST request made contains two specific headers:
 
     X-Pagure-Topic
     X-Pagure-Signature
+    X-Pagure-Signature-256
 
 
 ``X-Pagure-Topic`` is a global header giving a clue about the type of action
@@ -27,6 +28,9 @@ that just occurred. For example ``issue.edit``.
 ``X-Pagure-Signature`` contains the signature of the message allowing to
 check that the message comes from pagure.
 
+``X-Pagure-Signature-256`` contains the SHA-256 signature of the message
+allowing to check that the message comes from pagure.
+
 .. warning:: These headers are present for convenience only, they are not
         signed and therefore should not be trusted. Rely on the payload
         after checking the signature to make any decision.
diff --git a/webhook-server/pagure-webhook-server.py b/webhook-server/pagure-webhook-server.py
index 8697e0d..0be6126 100644
--- a/webhook-server/pagure-webhook-server.py
+++ b/webhook-server/pagure-webhook-server.py
@@ -71,9 +71,12 @@ def call_web_hooks(project, topic, msg):
     content = json.dumps(msg)
     hashhex = hmac.new(
         str(project.hook_token), content, hashlib.sha1).hexdigest()
+    hashhex256 = hmac.new(
+        str(project.hook_token), content, hashlib.sha256).hexdigest()
     headers = {
         'X-Pagure-Topic': topic,
-        'X-Pagure-Signature': hashhex
+        'X-Pagure-Signature': hashhex,
+        'X-Pagure-Signature-256': hashhex256
     }
     msg = json.dumps(msg)
     for url in project.settings.get('Web-hooks').split('\n'):