diff --git a/rules/S5122/javascript/rule.adoc b/rules/S5122/javascript/rule.adoc
index 66cbcf49374..fa5a47e6406 100644
--- a/rules/S5122/javascript/rule.adoc
+++ b/rules/S5122/javascript/rule.adoc
@@ -40,7 +40,7 @@ User-controlled origin:
 [source,javascript]
 ----
 function (req, res) {
-  const origin = req.header('Origin');
+  const origin = req.headers.origin;
   res.setHeader('Access-Control-Allow-Origin', origin); // Sensitive
 };
 ----
@@ -78,9 +78,9 @@ User-controlled origin validated with an allow-list:
 [source,javascript]
 ----
 function (req, res) {
-  const origin = req.header('Origin');
+  const origin = req.headers.origin;
 
-  if (trustedOrigins.indexOf(origin) >= 0) {
+  if (origin === 'trustedwebsite.com') {
     res.setHeader('Access-Control-Allow-Origin', origin);
   }
 };