diff --git a/circleci/main.go b/circleci/main.go
index 38fbb49..ee4411d 100644
--- a/circleci/main.go
+++ b/circleci/main.go
@@ -52,7 +52,7 @@ func init() {
 
 			ok := false
 			for _, hook := range hooks {
-				if request.Payload.VCSURL != hook.URL {
+				if request.Payload.VCSURL != hook.Secret {
 					continue
 				}
 				logger.Infof("run hook")
diff --git a/config_example.conf b/config_example.conf
index 82fd3b7..2a4f08a 100644
--- a/config_example.conf
+++ b/config_example.conf
@@ -9,5 +9,5 @@ startup_notify_user = ["geno@fireorbit.de"]
 startup_notify_muc = []
 
 [[hooks.git]]
+secret = "github-FreifunkBremen-yanic-notShared-Secret"
 notify_user = ["geno@fireorbit.de"]
-url = "https://github.com/FreifunkBremen/yanic"
diff --git a/git/main.go b/git/main.go
index acd4acf..7d1f8e9 100644
--- a/git/main.go
+++ b/git/main.go
@@ -13,7 +13,11 @@ import (
 	"dev.sum7.eu/genofire/hook2xmpp/runtime"
 )
 
-var eventHeader = []string{"X-GitHub-Event", "X-Gogs-Event", "X-Gitlab-Event"}
+var eventHeader = map[string]string{
+	"X-GitHub-Event": "X-Hub-Signature",
+	"X-Gogs-Event": "X-Gogs-Delivery",
+	"X-Gitlab-Event": "X-Gitlab-Token",
+}
 
 const hookType = "git"
 
@@ -24,21 +28,29 @@ func init() {
 			logger := log.WithField("type", hookType)
 
 			event := ""
-			for _, head := range eventHeader {
+			secret := ""
+			for head, headSecret := range eventHeader {
 				event = r.Header.Get(head)
 
 				if event != "" {
+					secret = r.Header.Get(headSecret)
 					break
 				}
 			}
 
-			if event == "" || event == "status" {
-				return
-			}
-
 			var body map[string]interface{}
 			libHTTP.Read(r, &body)
 
+			if s, ok := body["secret"]; ok && secret == "" {
+				secret = s.(string)
+			}
+
+			if event == "" || secret == "" {
+				logger.Warnf("no secret or event found")
+				http.Error(w, fmt.Sprintf("no secret or event found"), http.StatusNotFound)
+				return
+			}
+
 			var request requestBody
 			if err := mapstructure.Decode(body, &request); err != nil {
 				logger.Errorf("no readable payload: %s", err)
@@ -52,7 +64,7 @@ func init() {
 
 			ok := false
 			for _, hook := range hooks {
-				if request.Repository.URL != hook.URL {
+				if secret != hook.Secret {
 					continue
 				}
 				logger.Infof("run hook")
diff --git a/grafana/main.go b/grafana/main.go
index b674001..214767e 100644
--- a/grafana/main.go
+++ b/grafana/main.go
@@ -46,6 +46,14 @@ func init() {
 		return func(w http.ResponseWriter, r *http.Request) {
 			logger := log.WithField("type", hookType)
 
+			_, secret, ok := r.BasicAuth()
+
+			if ok {
+				logger.Errorf("no secret found")
+				http.Error(w, fmt.Sprintf("no secret found (basic-auth password)"), http.StatusNotFound)
+				return
+			}
+
 			var body interface{}
 			libHTTP.Read(r, &body)
 
@@ -68,9 +76,9 @@ func init() {
 				return
 			}
 
-			ok := false
+			ok = false
 			for _, hook := range hooks {
-				if ruleURL.Hostname() != hook.URL {
+				if secret != hook.Secret {
 					continue
 				}
 
diff --git a/runtime/config.go b/runtime/config.go
index 0715be6..e8e862e 100644
--- a/runtime/config.go
+++ b/runtime/config.go
@@ -28,7 +28,7 @@ type Config struct {
 }
 
 type Hook struct {
-	URL        string   `toml:"url"`
+	Secret        string   `toml:"secret"`
 	NotifyUser []string `toml:"notify_user"`
 	NotifyMuc  []string `toml:"notify_muc"`
 }