- Require timestamp and nonce headers in signed requests - Reject requests with old timestamps or duplicate nonces
