diff --git a/aio/content/guide/security.md b/aio/content/guide/security.md
index 47f6fe3222..defc6a200a 100644
--- a/aio/content/guide/security.md
+++ b/aio/content/guide/security.md
@@ -199,7 +199,7 @@ You should configure the HTTP headers for Trusted Types in the following locatio
 The following is an example of a header specifically configured for Trusted Types and Angular:
 
 <code-example language="html">
-Content-Security-Policy: trusted-types angular; required-trusted-types-for 'script';
+Content-Security-Policy: trusted-types angular; require-trusted-types-for 'script';
 </code-example>
 
 The following is an example of a header specifically configured for Trusted Types and Angular applications that use any of the methods in Angular's [DomSanitizer](api/platform-browser/DomSanitizer) that bypasses security.
@@ -309,4 +309,4 @@ post](https://security.googleblog.com/2011/05/website-security-for-webmasters.ht
 Angular applications must follow the same security principles as regular web applications, and
 must be audited as such. Angular-specific APIs that should be audited in a security review,
 such as the [_bypassSecurityTrust_](guide/security#bypass-security-apis) methods, are marked in the documentation
-as security sensitive.
\ No newline at end of file
+as security sensitive.