diff --git a/app/controllers/api/v2/CorsProxyController.ts b/app/controllers/api/v2/CorsProxyController.ts
index e2fb597d..25759d5a 100644
--- a/app/controllers/api/v2/CorsProxyController.ts
+++ b/app/controllers/api/v2/CorsProxyController.ts
@@ -13,7 +13,7 @@ export async function proxy(ctx: Context) {
   const {
     timeout: timeoutString,
     allowedOrigins,
-    allowedURlPrefixes,
+    allowedUrlPrefixes,
     allowLocalhostOrigins,
   } = currentConfig().corsProxy;
 
@@ -48,7 +48,7 @@ export async function proxy(ctx: Context) {
   }
 
   // Check if the URL has allowed prefix
-  if (!allowedURlPrefixes.some((prefix) => url.startsWith(prefix))) {
+  if (!allowedUrlPrefixes.some((prefix) => url.startsWith(prefix))) {
     throw new ValidationException('URL not allowed');
   }
 
diff --git a/config/default.js b/config/default.js
index 7d285d76..5a660468 100644
--- a/config/default.js
+++ b/config/default.js
@@ -522,7 +522,7 @@ config.corsProxy = {
   // development).
   allowLocalhostOrigins: true,
   // The allowlist of proxied URL prefixes.
-  allowedURlPrefixes: [],
+  allowedUrlPrefixes: [],
 };
 
 module.exports = config;
diff --git a/test/functional/cors-proxy.ts b/test/functional/cors-proxy.ts
index 5b95c27a..9c9915fb 100644
--- a/test/functional/cors-proxy.ts
+++ b/test/functional/cors-proxy.ts
@@ -29,7 +29,7 @@ describe('CORS proxy', () => {
   withModifiedConfig(() => ({
     corsProxy: {
       allowedOrigins: ['none', 'http://goodorigin.net'],
-      allowedURlPrefixes: [`${server.origin}/example`],
+      allowedUrlPrefixes: [`${server.origin}/example`],
     },
   }));
 
diff --git a/types/config.d.ts b/types/config.d.ts
index 459aef56..7e799105 100644
--- a/types/config.d.ts
+++ b/types/config.d.ts
@@ -198,7 +198,7 @@ declare module 'config' {
     corsProxy: {
       timeout: ISO8601DurationString;
       allowedOrigins: string[];
-      allowedURlPrefixes: string[];
+      allowedUrlPrefixes: string[];
       allowLocalhostOrigins: boolean;
     };
   };