README.md in secure_headers-3.7.1 vs README.md in secure_headers-3.7.2

- old
+ new

@@ -101,9 +101,10 @@
     media_src: %w(utoob.com),
     object_src: %w('self'),
     plugin_types: %w(application/x-shockwave-flash),
     script_src: %w('self'),
     style_src: %w('unsafe-inline'),
+    worker_src: %w('self'),
     upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
     report_uri: %w(https://report-uri.io/example-csp)
   }
   # This is available only from 3.5.0; use the `report_only: true` setting for 3.4.1 and below.
   config.csp_report_only = config.csp.merge({