diff --git a/www/content/attributes/hx-headers.md b/www/content/attributes/hx-headers.md
index a1f139617..f622f7ba4 100644
--- a/www/content/attributes/hx-headers.md
+++ b/www/content/attributes/hx-headers.md
@@ -2,23 +2,25 @@
title = "hx-headers"
+++
-The `hx-headers` attribute allows you to add to the headers that will be submitted with an AJAX request.
+The `hx-headers` attribute allows you to add to the headers that will be submitted with an AJAX request.
-By default, the value of this attribute is a list of name-expression values in [JSON (JavaScript Object Notation)](https://www.json.org/json-en.html)
+By default, the value of this attribute is a list of name-expression values in [JSON (JavaScript Object Notation)](https://www.json.org/json-en.html)
format.
If you wish for `hx-headers` to *evaluate* the values given, you can prefix the values with `javascript:` or `js:`.
```html
Get Some HTML, Including A Custom Header in the Request
+
+ Get Some HTML, Including a Dynamic Custom Header from Javascript in the Request
```
## Security Considerations
-* By default, the value of `hx-headers` must be valid [JSON](https://developer.mozilla.org/en-US/docs/Glossary/JSON).
+* By default, the value of `hx-headers` must be valid [JSON](https://developer.mozilla.org/en-US/docs/Glossary/JSON).
It is **not** dynamically computed. If you use the `javascript:` prefix, be aware that you are introducing
- security considerations, especially when dealing with user input such as query strings or user-generated content,
- which could introduce a [Cross-Site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability.
+ security considerations, especially when dealing with user input such as query strings or user-generated content,
+ which could introduce a [Cross-Site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability.
## Notes