reorder comments

rack-protection/lib/rack/protection/frame_options.rb

@@ -3,14 +3,15 @@ require 'rack/protection'
 module Rack
   module Protection
     ##
-    # Sets X-Frame-Options header to tell the browser avoid embedding the page
-    # in a frame.
-    #
     # Prevented attack::   Clickjacking
     # Supported browsers:: Internet Explorer 8, Firefox 3.6.9, Opera 10.50,
     #                      Safari 4.0, Chrome 4.1.249.1042 and later
     #
+    # Sets X-Frame-Options header to tell the browser avoid embedding the page
+    # in a frame.
+    #
     # Options:
+    #
     # frame_options:: Defines who should be allowed to embed the page in a
     #                 frame. Use :deny to forbid any embedding, :sameorigin
     #                 to allow embedding from the same origin (default).

rack-protection/lib/rack/protection/xss_header.rb

@@ -3,11 +3,11 @@ require 'rack/protection'
 module Rack
   module Protection
     ##
-    # Sets X-XSS-Protection header to tell the browser to block attacks.
-    #
     # Prevented attack::   Non-permanent XSS
     # Supported browsers:: Internet Explorer 8 and later
     #
+    # Sets X-XSS-Protection header to tell the browser to block attacks.
+    #
     # Options:
     # xss_mode:: How the browser should prevent the attack (default: :block)
     class XSSHeader < Base