Update docs/specification/draft/basic/security_best_practices.mdx

Co-authored-by: Stephen Halter <[email protected]>

Author: localden

docs/specification/draft/basic/security_best_practices.mdx

@@ -207,7 +207,7 @@ When you have multiple stateful HTTP servers that handle MCP requests, the follo
 1. **Server A** sends the malicious payload to the client as an asynchronous or resumed response.
 1. The client receives and acts on the malicious payload, leading to potential compromise.
 
-**Session Impersonation Hijack**
+**Session Hijack Impersonation**
 
 1. The MCP client authenticates with the MCP server, creating a persistent session ID.
 2. The attacker obtains the session ID.