diff --git a/Network/HTTP/Enumerator.hs b/Network/HTTP/Enumerator.hs
--- a/Network/HTTP/Enumerator.hs
+++ b/Network/HTTP/Enumerator.hs
@@ -60,9 +60,25 @@
     , redirectIter
       -- * Datatypes
     , Proxy (..)
-    , Request (..)
     , RequestBody (..)
     , Response (..)
+      -- ** Request
+    , Request
+    , def
+    , method
+    , secure
+    , checkCerts
+    , host
+    , port
+    , path
+    , queryString
+    , requestHeaders
+    , requestBody
+    , proxy
+    , rawBody
+    , decompress
+      -- *** Defaults
+    , defaultCheckCerts
       -- * Manager
     , Manager
     , newManager
@@ -122,6 +138,7 @@
 import System.IO (hClose, hFlush)
 import Blaze.ByteString.Builder (toByteString)
 import Data.Maybe (fromMaybe)
+import Data.Default (Default (def))
 #if !MIN_VERSION_base(4,3,0)
 import GHC.IO.Handle.Types
 import System.IO                (hWaitForInput, hIsEOF)
@@ -283,10 +300,16 @@
 -- HTTP request.
 --
 -- If you simply wish to download from a URL, see 'parseUrl'.
+--
+-- The constructor for this data type is not exposed. Instead, you should use
+-- either the 'def' method to retrieve a default instance, or 'parseUrl' to
+-- construct from a URL, and then use the records below to make modifications.
+-- This approach allows http-enumerator to add configuration options without
+-- breaking backwards compatibility.
 data Request m = Request
     { method :: W.Method -- ^ HTTP request method, eg GET, POST.
     , secure :: Bool -- ^ Whether to use HTTPS (ie, SSL).
-    , checkCerts :: [X509] -> IO TLS.TLSCertificateUsage -- ^ Check if the server certificate is valid. Only relevant for HTTPS.
+    , checkCerts :: W.Ascii -> [X509] -> IO TLS.TLSCertificateUsage -- ^ Check if the server certificate is valid. Only relevant for HTTPS.
     , host :: W.Ascii
     , port :: Int
     , path :: W.Ascii -- ^ Everything from the host to the query string.
@@ -380,8 +403,8 @@
     withConn =
         case (secure, useProxy) of
             (False, _) -> withSocketConn
-            (True, False) -> withSslConn checkCerts
-            (True, True) -> withSslProxyConn checkCerts host port
+            (True, False) -> withSslConn $ checkCerts host
+            (True, True) -> withSslProxyConn (checkCerts host) host port
     (contentLength, bodyEnum) =
         case requestBody of
             RequestBodyLBS lbs -> (L.length lbs, enumSingle $ Blaze.fromLazyByteString lbs)
@@ -546,19 +569,36 @@
   where
     s' = encodeString s
 
+defaultCheckCerts :: W.Ascii -> [X509] -> IO TLS.TLSCertificateUsage
+defaultCheckCerts host' certs =
+    case certificateVerifyDomain (S8.unpack host') certs of
+        TLS.CertificateUsageAccept -> certificateVerifyChain certs
+        _                          -> return TLS.CertificateUsageAccept
+
+instance Default (Request m) where
+    def = Request
+        { host = "localhost"
+        , port = 80
+        , secure = False
+        , checkCerts = defaultCheckCerts
+        , requestHeaders = []
+        , path = "/"
+        , queryString = []
+        , requestBody = RequestBodyLBS L.empty
+        , method = "GET"
+        , proxy = Nothing
+        , rawBody = False
+        , decompress = alwaysDecompress
+        }
+
 parseUrl2 :: Failure HttpException m
           => String -> Bool -> Bool -> String -> m (Request m')
 parseUrl2 full sec parsePath s = do
     port' <- mport
-    return Request
+    return def
         { host = S8.pack hostname
         , port = port'
         , secure = sec
-        , checkCerts = \x ->
-            case certificateVerifyDomain hostname x of
-                TLS.CertificateUsageAccept -> certificateVerifyChain x
-                _                          -> return TLS.CertificateUsageAccept
-        , requestHeaders = []
         , path = S8.pack
                     $ if null path''
                             then "/"
@@ -566,11 +606,6 @@
         , queryString = if parsePath
                             then W.parseQuery $ S8.pack qstring
                             else []
-        , requestBody = RequestBodyLBS L.empty
-        , method = "GET"
-        , proxy = Nothing
-        , rawBody = False
-        , decompress = alwaysDecompress
         }
   where
     (beforeSlash, afterSlash) = break (== '/') s
diff --git a/http-enumerator.cabal b/http-enumerator.cabal
--- a/http-enumerator.cabal
+++ b/http-enumerator.cabal
@@ -1,14 +1,14 @@
 name:            http-enumerator
-version:         0.6.7
+version:         0.7.0
 license:         BSD3
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>
 maintainer:      Michael Snoyman <michael@snoyman.com>
 synopsis:        HTTP client package with enumerator interface and HTTPS support.
 description:
-    This package uses attoparsec for parsing the actual contents of the HTTP connection. The only gotcha is the withHttpEnumerator function, otherwise should do exactly what you expect.
+    This package uses attoparsec for parsing the actual contents of the HTTP connection. It also provides higher-level functions which allow you to avoid direct usage of enumerators.
 category:        Web, Enumerator
-stability:       Experimental
+stability:       Stable
 cabal-version:   >= 1.6
 build-type:      Simple
 homepage:        http://github.com/snoyberg/http-enumerator
@@ -41,6 +41,7 @@
                  , case-insensitive      >= 0.2     && < 0.4
                  , base64-bytestring     >= 0.1     && < 0.2
                  , asn1-data             >= 0.5.1   && < 0.6
+                 , data-default          >= 0.3     && < 0.4
     if flag(network-bytestring)
         build-depends: network               >= 2.2.1   && < 2.2.3
                      , network-bytestring    >= 0.1.3   && < 0.1.4
