A way to specify headers for pubsub push mechanism
If developers have control over headers the client doesn't have to write anything to add security
We can just use esp.
Even though esp looks in to query parameters,
we have to rotate the token every 24 hours for better security