diff --git a/lib/src/main/java/zeroecho/core/util/Strings.java b/lib/src/main/java/zeroecho/core/util/Strings.java
index 36dc193..6ec85d7 100644
--- a/lib/src/main/java/zeroecho/core/util/Strings.java
+++ b/lib/src/main/java/zeroecho/core/util/Strings.java
@@ -59,12 +59,7 @@ public final class Strings {
      * truncated after 32 elements, followed by an ellipsis marker: {@code [...]}.
      * </p>
      * 
-     * <p>
-     * Examples:
-     * </p>
-     * 
-     * <pre>
-     * {@code
+     * <h4>Examples</h4> <pre>{@code
      * Strings.toShortString(null)        -> "null"
      * Strings.toShortString(new byte[0]) -> "[]"
      * Strings.toShortString(new byte[]{1, 2, 3})
@@ -118,7 +113,7 @@ public final class Strings {
      * <li>If {@code a} is empty, the string {@code "[]"} is returned.</li>
      * </ul>
      *
-     * <h2>Examples</h2> <pre>{@code
+     * <h4>Examples</h4> <pre>{@code
      * toShortHexString(null)                   -> "null"
      * toShortHexString(new byte[0])            -> "[]"
      * toShortHexString(new byte[]{0x01})       -> "[0x01]"
diff --git a/lib/src/main/java/zeroecho/sdk/guard/PasswordRecipient.java b/lib/src/main/java/zeroecho/sdk/guard/PasswordRecipient.java
index b29b154..de3a777 100644
--- a/lib/src/main/java/zeroecho/sdk/guard/PasswordRecipient.java
+++ b/lib/src/main/java/zeroecho/sdk/guard/PasswordRecipient.java
@@ -78,7 +78,7 @@ public final class PasswordRecipient implements Recipient {
      * marked as a decoy to obscure the actual number of usable recipients.
      * </p>
      *
-     * <h2>Security considerations</h2>
+     * <h4>Security considerations</h4>
      * <ul>
      * <li>The caller should clear the {@code password} array after constructing the
      * recipient to minimize exposure in memory.</li>
@@ -156,4 +156,4 @@ public final class PasswordRecipient implements Recipient {
     public boolean decoy() {
         return decoy;
     }
-}
\ No newline at end of file
+}
diff --git a/lib/src/main/java/zeroecho/sdk/guard/Recipient.java b/lib/src/main/java/zeroecho/sdk/guard/Recipient.java
index 1838057..4d33668 100644
--- a/lib/src/main/java/zeroecho/sdk/guard/Recipient.java
+++ b/lib/src/main/java/zeroecho/sdk/guard/Recipient.java
@@ -48,10 +48,7 @@ import java.security.GeneralSecurityException;
  * envelope writes the identifier and a length-prefixed copy of the blob into
  * its header.
  *
- * <p>
- * Typical usage:
- * </p>
- * <pre>{@code
+ * <h2>Typical usage</h2> <pre>{@code
  * // RSA-OAEP recipient; the header will contain the id and the RSA-wrapped CEK
  * Recipient r = new MultiRecipientDataSourceBuilder.RsaOaepRecipient(rsaPublicKey);
  * byte[] entryBlob = r.buildRecipientEntry(cek);
@@ -67,7 +64,7 @@ public interface Recipient {
      * intentionally unusable for recovering the content-encryption key (CEK).
      * </p>
      *
-     * <h2>Security considerations</h2>
+     * <h4>Security considerations</h4>
      * <ul>
      * <li>Decoys prevent traffic analysis from revealing how many legitimate
      * recipients are present.</li>