README.md in secure_headers-3.5.0.pre vs README.md in secure_headers-3.5.0

- old
+ new

@@ -18,14 +18,10 @@
 
 It can also mark all http cookies with the Secure, HttpOnly and SameSite attributes (when configured to do so).
 
 `secure_headers` is a library with a global config, per request overrides, and rack middleware that enables you customize your application settings.
 
-## Use
-
-`gem install secure_headers`
-
 ## Configuration
 
 If you do not supply a `default` configuration, exceptions will be raised. If you would like to use a default configuration (which is fairly locked down), just call `SecureHeaders::Configuration.default` without any arguments or block.
 
 All `nil` values will fallback to their default values. `SecureHeaders::OPT_OUT` will disable the header entirely.
@@ -46,11 +42,11 @@
   config.x_download_options = "noopen"
   config.x_permitted_cross_domain_policies = "none"
   config.referrer_policy = "origin-when-cross-origin"
   config.csp = {
     # "meta" values. these will shaped the header, but the values are not included in the header.
-    report_only: true,      # default: false [DEPRECATED: instead, configure csp_report_only]
+    report_only: true,      # default: false [DEPRECATED from 3.5.0: instead, configure csp_report_only]
     preserve_schemes: true, # default: false. Schemes are removed from host sources to save bytes and discourage mixed content.
 
     # directive values: these values will directly translate into source directives
     default_src: %w(https: 'self'),
     base_uri: %w('self'),
@@ -67,10 +63,11 @@
     script_src: %w('self'),
     style_src: %w('unsafe-inline'),
     upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
     report_uri: %w(https://report-uri.io/example-csp)
   }
+  # This is available only from 3.5.0; use the `report_only: true` setting for 3.4.1 and below.
   config.csp_report_only = config.csp.merge({
     img_src: %w(somewhereelse.com),
     report_uri: %w(https://report-uri.io/example-csp-report-only)
   })
   config.hpkp = {
@@ -118,11 +115,9 @@
   config.csp_report_only = {
     default_src: %w('self')
   }
 end
 ```
-
-If **
 
 ## Named Appends
 
 Named Appends are blocks of code that can be reused and composed during requests. e.g. If a certain partial is rendered conditionally, and the csp needs to be adjusted for that partial, you can create a named append for that situation. The value returned by the block will be passed into `append_content_security_policy_directives`. The current request object is passed as an argument to the block for even more flexibility.
 