diff --git a/carrier/carrier.go b/carrier/carrier.go
index b289729d..806d947e 100644
--- a/carrier/carrier.go
+++ b/carrier/carrier.go
@@ -46,7 +46,7 @@ func (c *StdinoutStream) Write(p []byte) (int, error) {
 	return os.Stdout.Write(p)
 }
 
-// Helper to allow defering the response close with a check that the resp is not nil
+// Helper to allow deferring the response close with a check that the resp is not nil
 func closeRespBody(resp *http.Response) {
 	if resp != nil {
 		resp.Body.Close()
diff --git a/cmd/cloudflared/config/configuration.go b/cmd/cloudflared/config/configuration.go
index 76c39fbf..a24139a6 100644
--- a/cmd/cloudflared/config/configuration.go
+++ b/cmd/cloudflared/config/configuration.go
@@ -170,7 +170,7 @@ func FindLogSettings() (string, string) {
 // i.e. it fails if a user specifies both --url and --unix-socket
 func ValidateUnixSocket(c *cli.Context) (string, error) {
 	if c.IsSet("unix-socket") && (c.IsSet("url") || c.NArg() > 0) {
-		return "", errors.New("--unix-socket must be used exclusivly.")
+		return "", errors.New("--unix-socket must be used exclusively.")
 	}
 	return c.String("unix-socket"), nil
 }
diff --git a/cmd/cloudflared/tunnel/signal.go b/cmd/cloudflared/tunnel/signal.go
index 41a92d69..d94881b3 100644
--- a/cmd/cloudflared/tunnel/signal.go
+++ b/cmd/cloudflared/tunnel/signal.go
@@ -32,7 +32,7 @@ func waitForSignal(errC chan error, shutdownC chan struct{}, logger logger.Servi
 
 // waitForSignalWithGraceShutdown notifies all routines to shutdown immediately
 // by closing the shutdownC when one of the routines in main exits.
-// When this process recieves SIGTERM/SIGINT, it closes the graceShutdownC to
+// When this process receives SIGTERM/SIGINT, it closes the graceShutdownC to
 // notify certain routines to start graceful shutdown. When grace period is over,
 // or when some routine exits, it notifies the rest of the routines to shutdown
 // immediately by closing shutdownC.
diff --git a/dbconnect/cmd.go b/dbconnect/cmd.go
index 7f55f1ee..c60f3bcb 100644
--- a/dbconnect/cmd.go
+++ b/dbconnect/cmd.go
@@ -157,7 +157,7 @@ func CmdAction(c *cli.Context) error {
 		}
 	}()
 
-	// Block until the the Proxy is online, retreive its address, and change the url to point to it.
+	// Block until the the Proxy is online, retrieve its address, and change the url to point to it.
 	// This is effectively "handing over" control to the tunnel package so it can run the tunnel daemon.
 	c.Set("url", "https://"+(<-listenerC).Addr().String())
 
diff --git a/dbconnect/proxy.go b/dbconnect/proxy.go
index fbdfb0b9..b9f349eb 100644
--- a/dbconnect/proxy.go
+++ b/dbconnect/proxy.go
@@ -79,7 +79,7 @@ func (proxy *Proxy) IsInsecure() bool {
 // IsAllowed checks whether a http.Request is allowed to receive data.
 //
 // By default, requests must pass through Cloudflare Access for authentication.
-// If the proxy is explcitly set to insecure mode, all requests will be allowed.
+// If the proxy is explicitly set to insecure mode, all requests will be allowed.
 func (proxy *Proxy) IsAllowed(r *http.Request, verbose ...bool) bool {
 	if proxy.IsInsecure() {
 		return true
@@ -104,7 +104,7 @@ func (proxy *Proxy) IsAllowed(r *http.Request, verbose ...bool) bool {
 
 // Start the Proxy at a given address and notify the listener channel when the server is online.
 func (proxy *Proxy) Start(ctx context.Context, addr string, listenerC chan<- net.Listener) error {
-	// STOR-611: use a seperate listener and consider web socket support.
+	// STOR-611: use a separate listener and consider web socket support.
 	httpListener, err := hello.CreateTLSListener(addr)
 	if err != nil {
 		return errors.Wrapf(err, "could not create listener at %s", addr)
@@ -223,7 +223,7 @@ func (proxy *Proxy) httpSubmit() http.HandlerFunc {
 func (proxy *Proxy) httpRespond(w http.ResponseWriter, r *http.Request, status int, message string) {
 	w.WriteHeader(status)
 
-	// Only expose the message detail of the reponse if the request is not HEAD
+	// Only expose the message detail of the response if the request is not HEAD
 	// and the user is authenticated. For example, this prevents an unauthenticated
 	// failed health check from accidentally leaking sensitive information about the Client.
 	if r.Method != http.MethodHead && proxy.IsAllowed(r) {
diff --git a/dbconnect/sql.go b/dbconnect/sql.go
index 2bd5b56f..a27e56c6 100644
--- a/dbconnect/sql.go
+++ b/dbconnect/sql.go
@@ -278,7 +278,7 @@ func sqlRows(rows *sql.Rows) ([]map[string]interface{}, error) {
 func sqlValue(val interface{}, col *sql.ColumnType) interface{} {
 	bytes, ok := val.([]byte)
 	if ok {
-		// Opportunistically check for embeded JSON and convert it to a first-class object.
+		// Opportunistically check for embedded JSON and convert it to a first-class object.
 		var embeded interface{}
 		if json.Unmarshal(bytes, &embeded) == nil {
 			return embeded
diff --git a/logger/create.go b/logger/create.go
index 315435fc..4f9191c8 100644
--- a/logger/create.go
+++ b/logger/create.go
@@ -9,7 +9,7 @@ import (
 	"github.com/alecthomas/units"
 )
 
-// Option is to encaspulate actions that will be called by Parse and run later to build an Options struct
+// Option is to encapsulate actions that will be called by Parse and run later to build an Options struct
 type Option func(*Options) error
 
 // Options is use to set logging configuration data
diff --git a/logger/file_writer.go b/logger/file_writer.go
index a1736ff1..0e464893 100644
--- a/logger/file_writer.go
+++ b/logger/file_writer.go
@@ -75,7 +75,7 @@ func (w *FileRollingWriter) Close() {
 // rename is how the files are rolled. It works recursively to move the base log file to the rolled ones
 // e.g. cloudflared.log -> cloudflared-1.log,
 // but if cloudflared-1.log already exists, it is renamed to cloudflared-2.log,
-// then the other files move in to their postion
+// then the other files move in to their position
 func (w *FileRollingWriter) rename(sourcePath string, index uint) {
 	destinationPath, isSingleFile := buildPath(w.directory, fmt.Sprintf("%s-%d", w.baseFileName, index))
 	if isSingleFile {
diff --git a/origin/tunnel.go b/origin/tunnel.go
index ce463a4f..f1757f8f 100644
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@@ -751,7 +751,7 @@ func (h *TunnelHandler) serveWebsocket(stream *h2mux.MuxedStream, req *http.Requ
 	if err != nil {
 		return nil, errors.Wrap(err, "Error writing response header")
 	}
-	// Copy to/from stream to the undelying connection. Use the underlying
+	// Copy to/from stream to the underlying connection. Use the underlying
 	// connection because cloudflared doesn't operate on the message themselves
 	websocket.Stream(conn.UnderlyingConn(), stream)
 
diff --git a/socks/auth_handler.go b/socks/auth_handler.go
index 6dd45b62..c72b323b 100644
--- a/socks/auth_handler.go
+++ b/socks/auth_handler.go
@@ -18,7 +18,7 @@ const (
 	authFailure     = uint8(1)
 )
 
-// AuthHandler handles socks authenication requests
+// AuthHandler handles socks authentication requests
 type AuthHandler interface {
 	Handle(io.Reader, io.Writer) error
 	Register(uint8, Authenticator)
@@ -43,7 +43,7 @@ func (h *StandardAuthHandler) Register(method uint8, a Authenticator) {
 	h.authenticators[method] = a
 }
 
-// Handle gets the methods from the SOCKS5 client and authenicates with the first supported method
+// Handle gets the methods from the SOCKS5 client and authenticates with the first supported method
 func (h *StandardAuthHandler) Handle(bufConn io.Reader, conn io.Writer) error {
 	methods, err := readMethods(bufConn)
 	if err != nil {