diff --git a/weed/s3api/policy_engine/README_POLICY_ENGINE.md b/weed/s3api/policy_engine/README_POLICY_ENGINE.md
index ddd872cfd..9a5ab3b3c 100644
--- a/weed/s3api/policy_engine/README_POLICY_ENGINE.md
+++ b/weed/s3api/policy_engine/README_POLICY_ENGINE.md
@@ -195,7 +195,7 @@ This allows anonymous access only to objects that have a tag `status=public`.
 Tag-based conditions (`s3:ExistingObjectTag/<key>`) are evaluated for the following operations:
 - `s3:GetObject` (GET object)
 - `s3:GetObjectVersion` (GET object with versionId)
-- `HeadObject` (HEAD object)
+- `s3:HeadObject` (HEAD object)
 
 Note: For these conditions to be evaluated, the object must exist and the policy engine re-checks access after fetching the object metadata.