eli-389 more spelling issues

eddalmond1 · eddalmond1 · commit 02cc4bcafbc5 · 2025-11-05T15:02:06.000Z
diff --git a/docs/security-headers.md b/docs/security-headers.md
@@ -7,7 +7,7 @@ This document describes the implementation of security headers for the Eligibili
 Security headers have been implemented using a two-layer approach:
 
 1. **API Gateway Responses** (Terraform) - For error responses (4xx, 5xx) generated by API Gateway
-2. **Flask Middleware** (Python) - For all successful responses (200, 201, etc.) from the Lambda function
+2. **Flask middleware** (Python) - For all successful responses (200, 201, etc.) from the Lambda function
 
 This ensures security headers are present on **all** responses, regardless of where they originate.
 
@@ -37,12 +37,12 @@ The following response types have been configured:
 - `ACCESS_DENIED` (403)
 - `THROTTLED` (429)
 
-### 2. Flask Middleware
+### 2. Flask middleware
 
 Files:
 
-- `src/eligibility_signposting_api/middleware/security_headers.py` - Middleware implementation
+- `src/eligibility_signposting_api/middleware/security_headers.py` - middleware implementation
 - `src/eligibility_signposting_api/middleware/__init__.py` - Package exports
-- `src/eligibility_signposting_api/app.py` - Middleware registration
+- `src/eligibility_signposting_api/app.py` - middleware registration
 
 The middleware uses Flask's `after_request` hook to add security headers to all responses from the Lambda function. It's non-overriding: Allows specific endpoints to override headers if needed
