diff --git a/network-services-pentesting/pentesting-web/nextjs.md b/network-services-pentesting/pentesting-web/nextjs.md
index 6f8d8123f..bfce5089f 100644
--- a/network-services-pentesting/pentesting-web/nextjs.md
+++ b/network-services-pentesting/pentesting-web/nextjs.md
@@ -845,9 +845,9 @@ Attackers can craft malicious websites that make requests to your API, potential
 [cors-bypass.md](../../pentesting-web/cors-bypass.md)
 {% endcontent-ref %}
 
-## Server code exposure in Client Side
+### Server code exposure in Client Side
 
-It's can easy to **use code used by the server also in code exposed and used by the client side**, the best way to ensure that a file of code is never exposed in the client side is by using this import at the beggining of the file:
+It's can easy to **use code used by the server also in code exposed and used by the client side**, the best way to ensure that a file of code is never exposed in the client side is by using this import at the beginning of the file:
 
 ```js
 import "server-only";