diff --git a/Security-Overview.md b/Security-Overview.md
index 8f3985f..f7c8565 100644
--- a/Security-Overview.md
+++ b/Security-Overview.md
@@ -47,7 +47,7 @@ To enable JWT-based access control,
 ## How JWT-based access control works
 * To upload a new file, when requesting a new fileId via `http://<master>:<port>/dir/assign`, the master will use the `jwt.signing.key` to generate and sign a JWT, and set it to response header `Authorization`. The JWT is valid for 10 seconds.
 * To update or delete a file by fileId, the JWT can be read from the response header `Authorization` of  `http://<master>:<port>/dir/lookup?fileId=xxxxx`.
-* When sending upload/update/delete HTTP operations to a volume server, the reqeust header `Authorization` should be the JWT string. The operation is authorized after the volume server validates the JWT with `jwt.signing.key`.
+* When sending upload/update/delete HTTP operations to a volume server, the request header `Authorization` should be the JWT string. The operation is authorized after the volume server validates the JWT with `jwt.signing.key`.
 
 JWT Summary:
 * JWT is set in `/dir/assign` or `/dir/lookup` response header `Authorization`