diff --git a/java/ql/src/semmle/code/java/security/ResponseSplitting.qll b/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
index 3482f619414..4dcfc435819 100644
--- a/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
+++ b/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
@@ -1,21 +1,17 @@
+/** Provides classes to reason about header splitting attacks. */
+
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.frameworks.Servlets
 import semmle.code.java.frameworks.JaxWS
 
-/**
- * Header-splitting sinks. Expressions that end up in an HTTP header.
- */
+/** Header-splitting sinks. Expressions that end up in an HTTP header. */
 abstract class HeaderSplittingSink extends DataFlow::Node { }
 
-/**
- * Sources that cannot be used to perform a header splitting attack.
- */
+/** Sources that cannot be used to perform a header splitting attack. */
 abstract class SafeHeaderSplittingSource extends DataFlow::Node { }
 
-/**
- * Header-splitting sinks. Expressions that end up in an HTTP header.
- */
+/** Servlet and JaxWS sinks susceptible to header splitting. */
 private class ServletHeaderSplittingSink extends HeaderSplittingSink {
   ServletHeaderSplittingSink() {
     exists(ResponseAddCookieMethod m, MethodAccess ma |
@@ -41,6 +37,7 @@ private class ServletHeaderSplittingSink extends HeaderSplittingSink {
   }
 }
 
+/** Servlet sources considered safe regarding header splitting */
 private class ServletSafeHeaderSplittingSource extends SafeHeaderSplittingSource {
   ServletSafeHeaderSplittingSource() {
     this.asExpr().(MethodAccess).getMethod() instanceof HttpServletRequestGetHeaderMethod or