diff --git a/docs/webhooks/example.go b/docs/webhooks/example.go
index b5584e012..7a70ad52a 100644
--- a/docs/webhooks/example.go
+++ b/docs/webhooks/example.go
@@ -9,6 +9,7 @@ package webhooks
 import (
 	"crypto/hmac"
 	"crypto/sha256"
+	"crypto/subtle"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
@@ -95,7 +96,7 @@ func verifyWebhookSignature(req *http.Request, secret string) (events []event, e
 	// Verify that the signatures match.
 	var match bool
 	for _, signature := range signatures[currentVersion] {
-		if signature == want {
+		if subtle.ConstantTimeCompare([]byte(signature), []byte(want)) == 1 {
 			match = true
 			break
 		}