Use syntax highlighting in the readme file.

README.md

@@ -11,15 +11,21 @@ The gem will automatically apply several headers that are related to security.
 
 Add to your Gemfile
 
+```ruby
 gem 'secure-headers'
+```
 
 And then execute:
 
+```console
 $ bundle
+```
 
 Or install it yourself as:
 
+```console
 $ gem install secure-headers
+```
 
 ## Usage
 
@@ -43,6 +49,7 @@ This gem makes a few assumptions about how you will use some features.  For exam
 
 **Place the following in an initializer:**
 
+```ruby
 ::SecureHeaders::Configuration.configure do |config|
   config.hsts = {:max_age => 99, :include_subdomains => true}
   config.x_frame_options = 'DENY'
@@ -59,13 +66,16 @@ This gem makes a few assumptions about how you will use some features.  For exam
 
 # and then simply include
 ensure_security_headers
+```
 
 Or simply add it to application controller
 
+```ruby
 ensure_security_headers
   :hsts => {:include_subdomains, :x_frame_options => false},
   :x_frame_options => 'DENY',
   :csp => false
+```
 
 ## Options for ensure\_security\_headers
 
@@ -77,8 +87,10 @@ header will be constructed using the supplied options.
 
 ### Widely supported
 
+```ruby
 :hsts => {:max_age => 631138519, :include_subdomain => true} # HTTP Strict Transport Security.
 :x_frame_options => {:value => 'SAMEORIGIN'}
+```
 
 ### Content Security Policy (CSP)
 
@@ -86,6 +98,7 @@ All browsers will receive the webkit csp header except Firefox, which gets its o
 See [WebKit/W3C specification](http://www.w3.org/TR/CSP/)
 and [Firefox CSP specification](https://wiki.mozilla.org/Security/CSP/Specification)
 
+```ruby
 :csp => {
   :enforce     => false,        # sets header to report-only, by default
   # default_src is required!
@@ -119,16 +132,20 @@ and [Firefox CSP specification](https://wiki.mozilla.org/Security/CSP/Specificat
   # when over http, ignored for https requests
   :http_additions => {}
 }
+```
 
 ### Only applied to IE
 
+```ruby
 :x_content_type_options => {:value => 'nosniff'}
 :x_xss_protection       => {:value => '1', :mode => false}  # set the :mode option to block
+```
 
 ### Example CSP header config
 
 **Configure the CSP header as if it were the w3c-style header, no need to supply 'options' or 'allow' directives.**
 
+```ruby
 # most basic example
 :csp => {
   :default_src => "https://* inline eval",
@@ -161,6 +178,7 @@ and [Firefox CSP specification](https://wiki.mozilla.org/Security/CSP/Specificat
 "default-src  'self'; img-src *; object-src media1.com media2.com *.cdn.com; script-src trustedscripts.example.com;"
 # Firefox
 "allow 'self'; img-src *; object-src media1.com media2.com *.cdn.com; script-src trustedscripts.example.com;"
+```
 
 ## Note on Firefox handling of CSP
 
@@ -181,13 +199,17 @@ If you need to change the route for the internal forwarding point, be sure it ma
 
 #### Rails 2
 
+```ruby
 map.csp_endpoint
+```
 
 #### Rails 3
 
 If the csp reporting endpoint is clobbered by another route, add:
 
+```ruby
 match SecureHeaders::ContentSecurityPolicy::FF_CSP_ENDPOINT => "content_security_policy#scribe"
+```
 
 ## Authors