diff --git a/fetch.bs b/fetch.bs
index 35db6fee3..bf9ee8c01 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -1902,8 +1902,8 @@ for=/>request</a> <var>request</var>, run theses steps:
  <li><p>If <var>request</var>'s <a for=request>client</a> is null, return true.</p>
 
  <li><p>If <var>request</var>'s <a for=request>client</a>'s <a for="environment settings
- object">embedder policy</a> is not "<code><a for="embedder policy
- value">credentialless</a></code>", return true.</p>
+ object">embedder policy</a> is not
+ "<code><a for="embedder policy value">credentialless</a></code>", return true.</p>
 
  <li><p>If <var>request</var>'s <a for=request>origin</a> is <a>same origin</a> with
  <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a>, return true.</p>
@@ -1997,8 +1997,8 @@ being provided to an API that didn't make a range request. See the flag's usage
 description of the attack.
 
 <p>A <a for=/>response</a> has an associated <dfn for=response
-id=concept-response-request-include-credentials>request-include-credentials</dfn>, which is
-initially set.
+id=concept-response-request-include-credentials>request-include-credentials</dfn> (a boolean), which
+is initially true.
 
 <p>A <a for=/>response</a> has an associated
 <dfn for=response id=concept-response-timing-allow-passed>timing allow passed flag</dfn>, which is
@@ -4703,7 +4703,7 @@ steps. They return a <a for=/>response</a>.
 
     <p>is true; otherwise false.
 
-   <li><p>If <a>Cross-Origin-Embedder-Policy allows credentials</a> with <var>request</var> is
+   <li><p>If <a>Cross-Origin-Embedder-Policy allows credentials</a> with <var>request</var> returns
    false, set <var>includeCredentials</var> to false.</p>
 
    <li><p>Let <var>contentLength</var> be <var>httpRequest</var>'s <a for=request>body</a>'s