diff --git a/webhook/client.go b/webhook/client.go
index 9dd56ba7f9..97454cf4bc 100644
--- a/webhook/client.go
+++ b/webhook/client.go
@@ -260,13 +260,14 @@ func validatePayload(payload []byte, sigHeader string, secret string, tolerance
 	if err != nil {
 		return err
 	}
-
-	expectedSignature := ComputeSignature(header.timestamp, payload, secret)
+	
 	expiredTimestamp := time.Since(header.timestamp) > tolerance
 	if enforceTolerance && expiredTimestamp {
 		return ErrTooOld
 	}
 
+	expectedSignature := ComputeSignature(header.timestamp, payload, secret)
+
 	// Check all given v1 signatures, multiple signatures will be sent temporarily in the case of a rolled signature secret
 	for _, sig := range header.signatures {
 		if hmac.Equal(expectedSignature, sig) {