diff --git a/curriculum/challenges/english/09-information-security/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts.md b/curriculum/challenges/english/09-information-security/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts.md
index 0e650a20f1..6bf78cfccc 100644
--- a/curriculum/challenges/english/09-information-security/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts.md
+++ b/curriculum/challenges/english/09-information-security/information-security-with-helmetjs/ask-browsers-to-access-your-site-via-https-only-with-helmet.hsts.md
@@ -16,7 +16,7 @@ HTTP Strict Transport Security (HSTS) is a web security policy which helps to pr
 
 Configure `helmet.hsts()` to use HTTPS for the next 90 days. Pass the config object `{maxAge: timeInSeconds, force: true}`. You can create a variable `ninetyDaysInSeconds = 90*24*60*60;` to use for the `timeInSeconds`. Repl.it already has hsts enabled. To override its settings you need to set the field "force" to true in the config object. We will intercept and restore the Repl.it header, after inspecting it for testing.
 
-Note: Configuring HTTPS on a custom website requires the acquisition of a domain, and a SSL/TSL Certificate.
+Note: Configuring HTTPS on a custom website requires the acquisition of a domain, and a SSL/TLS Certificate.
 
 # --hints--