diff --git a/h5bp/ssl/policy_modern.conf b/h5bp/ssl/policy_modern.conf
index e89cbd4..399fa83 100644
--- a/h5bp/ssl/policy_modern.conf
+++ b/h5bp/ssl/policy_modern.conf
@@ -5,7 +5,7 @@
 # For services that want to be on the bleeding edge, the parameters below
 # sacrifice compatibility for the highest level of security and performance.
 #
-# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
+# (!) TLSv1.3 and its 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
 #     to be installed.
 #
 # (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
@@ -23,8 +23,9 @@
 #
 # (!) Requests sent within early data are subject to replay attacks.
 #     To protect against such attacks at the application layer, the
-#     $ssl_early_data variable should be used:
-#       proxy_set_header Early-Data $ssl_early_data;
+#     `$ssl_early_data` variable should be used:
+#
+#         proxy_set_header Early-Data $ssl_early_data;
 #
 #     The application should return response code 425 "Too Early" for anything
 #     that could contain user supplied data.