diff --git a/src/zap.conf b/src/zap.conf
index c1782760b..1f9e831fb 100644
--- a/src/zap.conf
+++ b/src/zap.conf
@@ -30,9 +30,9 @@
 # UNCLEAR WHY THIS ONE IS FAILING. Giving 404 error.
 10027	OUTOFSCOPE	http://app:8080/public/js/uswds-init.min.js
 # get-gov.js contains suspicious word "from" as in `Array.from()`
-10027	OUTOFSCOPE	http://app:8080/todo
-# Ignore wording of "TODO"
 10027	OUTOFSCOPE	http://app:8080/public/js/get-gov.js
+# Ignore wording of "TODO"
+10027	OUTOFSCOPE	http://app:8080/todo
 10028	FAIL	(Open Redirect - Passive/beta)
 10029	FAIL	(Cookie Poisoning - Passive/beta)
 10030	FAIL	(User Controllable Charset - Passive/beta)