When sending an authenticated request to another instance, it may be an action initiated by a local actor (on your instance), which is indicated by the X-PawPub-Actor HTTP request header, the value of which must be the URI of an actor you control (i.e. under the same hostname as what your authentication token is valid for).

For example:

POST /actor/1/follow HTTP/1.1
Host: remote-instance.example
Authorization: Bearer ...
X-PawPub-Actor: https://local-instance.example/actor/jhimmy
Content-Length: 0

When receiving an incoming request with an X-PawPub-Actor header, you should verify that an Authorization header is also present, and is valid, and that its token was issued for the same domain/port combination as the actor specified. You should also reject the request if the actor can't be resolved.