diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,13 @@
+0.2.6 (2017-12-01)
+==================
+
+*   Removed ghc-7.6.3 and versions of wai<3.0 from the CI test matrix.
+    These versions are still supported in the code but cabal may need some
+    manual help to resolve dependencies.
+
+*   Fixes and improvements to the documentation. Thanks to Frederik Hanghøj
+    Iversen, Alex Collins, and Maximilian Tagher.
+
 0.2.5
 =====
 
diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -48,7 +48,6 @@
 [scotty](http://hackage.haskell.org/package/scotty) application.
 
 ```.haskell
-{-# LANGUAGE UnicodeSyntax #-}
 {-# LANGUAGE OverloadedStrings #-}
 
 module Main
@@ -58,17 +57,17 @@
 import Network.Wai.Middleware.Cors
 import Web.Scotty
 
-main ∷ IO ()
+main :: IO ()
 main = scotty 8080 $ do
     middleware simpleCors
-    matchAny  "/" $ text "Success"
+    matchAny "/" $ text "Success"
 ```
 
 The result of following curl command will include the HTTP response
 header `Access-Control-Allow-Origin: *`.
 
 ```.bash
-curl -i http://127.0.0.1:8888 -H 'Origin: 127.0.0.1' -v
+curl -i http://127.0.0.1:8080 -H 'Origin: 127.0.0.1' -v
 ```
 
 Documentation for more general usage can be found in the module
diff --git a/constraints b/constraints
deleted file mode 100644
--- a/constraints
+++ /dev/null
@@ -1,82 +0,0 @@
-constraints: SHA ==1.6.4.2,
-             ansi-terminal ==0.6.2.1,
-             ansi-wl-pprint ==0.6.7.2,
-             appar ==0.1.4,
-             array ==0.5.1.0,
-             async ==2.0.2,
-             attoparsec ==0.13.0.0,
-             auto-update ==0.1.2.1,
-             base ==4.8.0.0,
-             base-unicode-symbols ==0.2.2.4,
-             base64-bytestring ==1.0.0.1,
-             binary ==0.7.3.0,
-             blaze-builder ==0.4.0.1,
-             byteorder ==1.0.4,
-             bytestring ==0.10.6.0,
-             bytestring-builder ==0.10.6.0.0,
-             case-insensitive ==1.2.0.4,
-             charset ==0.3.7.1,
-             containers ==0.5.6.2,
-             cookie ==0.4.1.5,
-             data-default-class ==0.0.1,
-             deepseq ==1.4.1.1,
-             directory ==1.2.2.0,
-             easy-file ==0.2.1,
-             entropy ==0.3.6,
-             exceptions ==0.8.0.2,
-             fast-logger ==2.3.1,
-             filepath ==1.4.0.0,
-             ghc-prim ==0.4.0.0,
-             hashable ==1.2.3.2,
-             http-date ==0.0.6.1,
-             http-types ==0.8.6,
-             integer-gmp ==1.0.0.0,
-             iproute ==1.4.0,
-             lifted-base ==0.2.3.6,
-             mmorph ==1.0.4,
-             monad-control ==1.0.0.4,
-             mtl ==2.2.1,
-             nats ==1,
-             network ==2.6.1.0,
-             old-locale ==1.0.0.7,
-             old-time ==1.1.0.3,
-             optparse-applicative ==0.11.0.2,
-             parsec ==3.1.9,
-             parsers ==0.12.2.1,
-             pretty ==1.1.2.0,
-             process ==1.2.3.0,
-             random ==1.1,
-             regex-base ==0.93.2,
-             regex-tdfa-rc ==1.1.8.3,
-             resourcet ==1.1.5,
-             rts ==1.0,
-             scientific ==0.3.3.8,
-             semigroups ==0.16.2.2,
-             simple-sendfile ==0.2.20,
-             stm ==2.4.4,
-             streaming-commons ==0.1.12.1,
-             stringsearch ==0.3.6.6,
-             tagged ==0.8.0.1,
-             tasty ==0.10.1.2,
-             tasty-hunit ==0.9.2,
-             template-haskell ==2.10.0.0,
-             text ==1.2.1.0,
-             time ==1.5.0.1,
-             transformers ==0.4.2.0,
-             transformers-base ==0.4.4,
-             transformers-compat ==0.4.0.4,
-             unbounded-delays ==0.1.0.9,
-             unix ==2.7.1.0,
-             unix-compat ==0.4.1.4,
-             unix-time ==0.3.5,
-             unordered-containers ==0.2.5.1,
-             vault ==0.3.0.4,
-             void ==0.7,
-             wai ==3.0.2.3,
-             wai-extra ==3.0.7.1,
-             wai-logger ==2.2.4,
-             wai-websockets ==3.0.0.5,
-             warp ==3.0.13.1,
-             websockets ==0.9.5.0,
-             word8 ==0.1.2,
-             zlib ==0.5.4.2
diff --git a/examples/ServantWai.hs b/examples/ServantWai.hs
new file mode 100644
--- /dev/null
+++ b/examples/ServantWai.hs
@@ -0,0 +1,49 @@
+{-# LANGUAGE DataKinds         #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE TemplateHaskell   #-}
+{-# LANGUAGE TypeOperators     #-}
+
+import           Data.Aeson
+import           Data.Aeson.TH
+import           Network.Wai
+import           Network.Wai.Handler.Warp
+import           Network.Wai.Middleware.Cors
+import           Servant
+
+data User = User
+  { userId        :: Int
+  , userFirstName :: String
+  , userLastName  :: String
+  } deriving (Eq, Show)
+
+$(deriveJSON defaultOptions ''User)
+
+type API = "users" :> Get '[JSON] [User]
+
+-- | Configure an Application with a CORS policy
+app :: Application
+app = (cors (const policy)) $ serve api server
+  where policy = Just CorsResourcePolicy {
+        corsOrigins = Nothing
+        , corsMethods = ["GET"]
+        , corsRequestHeaders = ["authorization", "content-type"]
+        , corsExposedHeaders = Nothing
+        , corsMaxAge = Just $ 60*60*24 -- one day
+        , corsVaryOrigin = False
+        , corsRequireOrigin = True
+        , corsIgnoreFailures = False
+      }
+
+api :: Proxy API
+api = Proxy
+
+server :: Server API
+server = return users
+
+users :: [User]
+users = [ User 1 "Isaac" "Newton"
+        , User 2 "Albert" "Einstein"
+        ]
+
+main :: IO ()
+main = run 8080 app
diff --git a/examples/Wai.hs b/examples/Wai.hs
new file mode 100644
--- /dev/null
+++ b/examples/Wai.hs
@@ -0,0 +1,26 @@
+{-# LANGUAGE UnicodeSyntax #-}
+
+-- |
+-- Module: Wai
+-- Description: Example for using wai-cors with a plain wai app
+-- Copyright: Copyright © 2017 Lars Kuhtz <lakuhtz@gmail.com>.
+-- License: MIT
+-- Maintainer: Lars Kuhtz <lakuhtz@gmail.com>
+-- Stability: experimental
+--
+module Wai
+( main
+) where
+
+import Network.HTTP.Types.Status
+import Network.Wai
+import Network.Wai.Middleware.Cors
+import Network.Wai.Handler.Warp
+
+main ∷ IO ()
+main = run 8080 $ simpleCors $ echo
+
+echo ∷ Application
+echo req respond =
+    respond . responseLBS ok200 [] =<< lazyRequestBody req
+
diff --git a/src/Network/Wai/Middleware/Cors.hs b/src/Network/Wai/Middleware/Cors.hs
--- a/src/Network/Wai/Middleware/Cors.hs
+++ b/src/Network/Wai/Middleware/Cors.hs
@@ -30,7 +30,7 @@
 -- complying with the CORS standard it enables the client (i.e. the web
 -- browser) to enforce the CORS policy. For application authors it is strongly
 -- recommended to take into account the security considerations in section 6.3
--- of <http://wwww.w3.org/TR/cors>. In particular the application should check
+-- of <http://www.w3.org/TR/cors>. In particular the application should check
 -- that the value of the @Origin@ header matches it's expectations.
 --
 -- = Websockets
@@ -137,7 +137,7 @@
     --
     -- A value of 'Nothing' indicates unrestricted cross-origin sharing and
     -- results in @*@ as value for the @Access-Control-Allow-Origin@ HTTP
-    -- response header.
+    -- response header. Note if you send @*@, credentials cannot be sent with the request.
     --
     -- A value other than 'Nothing' is a tuple that consists of a list of
     -- origins each with a Boolean flag that indicates if credentials are used
@@ -148,6 +148,10 @@
     -- particular the string @*@ is not a valid origin (but the string @null@
     -- is).
     --
+    -- Credentials include cookies, authorization headers and TLS client certificates.
+    -- For credentials to be sent with requests, the @withCredentials@ setting of
+    -- @XmlHttpRequest@ in the browser must be set to @true@.
+    --
        corsOrigins ∷ !(Maybe ([Origin], Bool))
 
     -- | HTTP methods that are allowed in CORS requests.
@@ -156,16 +160,19 @@
 
     -- | Field names of HTTP request headers that are allowed in CORS requests.
     -- Header names that are included in 'simpleHeaders', except for
-    -- @content-type@, are implicitely included an thus optional in this list.
+    -- @content-type@, are implicitly included and thus optional in this list.
     --
     , corsRequestHeaders ∷ ![HTTP.HeaderName]
 
-    -- | Field names of HTTP headers that are exposed on the client.
+    -- | Field names of HTTP headers that are exposed to the client in the response.
     --
     , corsExposedHeaders ∷ !(Maybe [HTTP.HeaderName])
 
-    -- | Number of seconds that the response may be cached by the client.
+    -- | Number of seconds that the OPTIONS preflight response may be cached by the client.
     --
+    -- Tip: Set this to 'Nothing' while testing your CORS implementation, then increase
+    -- it once you deploy to production.
+    --
     , corsMaxAge ∷ !(Maybe Int)
 
     -- | If the resource is shared by multiple origins but
@@ -203,6 +210,8 @@
     -- * an response with HTTP status 400 (bad request) and short
     --   error message is returned if this field is 'False'.
     --
+    -- Note: Your application needs to will receive preflight OPTIONS requests if set to 'True'.
+    --
     -- @since 0.2
     --
     , corsIgnoreFailures ∷ !Bool
@@ -285,7 +294,7 @@
 -- a preflight request in cases when it wouldn't be required.
 --
 -- For application authors it is strongly recommended to take into account the
--- security considerations in section 6.3 of <http://wwww.w3.org/TR/cors>.
+-- security considerations in section 6.3 of <http://www.w3.org/TR/cors>.
 --
 -- /TODO/
 --
@@ -445,9 +454,9 @@
 --
 -- This middleware does not check if the resource corresponds to the
 -- restrictions for simple requests. This is in accordance with
--- <http://www.w3.org/TR/cors/>. The client (user-agent) is supposed to
--- enforcement CORS policy. The role of the server is to provide the client
--- with the respective policy constraints.
+-- <http://www.w3.org/TR/cors/>. It is the responsibility of the 
+-- client (user-agent) to enforce CORS policy. The role of the server
+-- is to provide the client with the respective policy constraints.
 --
 -- It is out of the scope of the this module if the server chooses to
 -- enforce rules on its resources in relation to CORS policy itself.
@@ -458,7 +467,7 @@
 -- -------------------------------------------------------------------------- --
 -- Definition from Standards
 
--- | Simple HTTP response headers as defined in <http://www.w3.org/TR/cors/>
+-- | Simple HTTP response headers as defined in <https://www.w3.org/TR/cors/#simple-response-header>
 --
 simpleResponseHeaders ∷ [HTTP.HeaderName]
 simpleResponseHeaders =
@@ -470,6 +479,7 @@
     , "Pragma"
     ]
 
+-- | Simple HTTP headers are defined in <https://www.w3.org/TR/cors/#simple-header>
 simpleHeaders ∷ [HTTP.HeaderName]
 simpleHeaders =
     [ "Accept"
@@ -478,6 +488,7 @@
     , "Content-Type"
     ]
 
+-- | Simple content types are defined in <https://www.w3.org/TR/cors/#simple-header>
 simpleContentTypes ∷ [CI.CI B8.ByteString]
 simpleContentTypes =
     [ "application/x-www-form-urlencoded"
@@ -486,7 +497,7 @@
     ]
 
 
--- | Simple HTTP methods as defined in <http://www.w3.org/TR/cors/>
+-- | Simple HTTP methods as defined in <https://www.w3.org/TR/cors/#simple-method>
 --
 simpleMethods ∷ [HTTP.Method]
 simpleMethods =
@@ -495,6 +506,9 @@
     , "POST"
     ]
 
+-- | Whether the given method and headers constitute a simple request,
+-- i.e. the method is simple, all headers are simple, and, if a POST request,
+-- the content-type is simple.
 isSimple ∷ HTTP.Method → HTTP.RequestHeaders → Bool
 isSimple method headers
     = method `elem` simpleMethods
diff --git a/wai-cors.cabal b/wai-cors.cabal
--- a/wai-cors.cabal
+++ b/wai-cors.cabal
@@ -1,10 +1,10 @@
 -- ------------------------------------------------------ --
--- Copyright © 2015-2016 Lars Kuhtz <lakuhtz@gmail.com>
+-- Copyright © 2015-2017 Lars Kuhtz <lakuhtz@gmail.com>
 -- Copyright © 2014 AlephCloud Systems, Inc.
 -- ------------------------------------------------------ --
 
 Name: wai-cors
-Version: 0.2.5
+Version: 0.2.6
 Synopsis: CORS for WAI
 
 Description:
@@ -20,20 +20,21 @@
 Author: Lars Kuhtz <lakuhtz@gmail.com>
 Maintainer: Lars Kuhtz <lakuhtz@gmail.com>
 Copyright:
-    (c) 2015-2016 Lars Kuhtz <lakuhtz@gmail.com>,
+    (c) 2015-2017 Lars Kuhtz <lakuhtz@gmail.com>,
     (c) 2014 AlephCloud Systems, Inc.
 Category: HTTP, Network, Web, Yesod
 Build-type: Simple
 Cabal-version: >= 1.14.0
-tested-with: GHC == 7.6.3, GHC == 7.8.4, GHC == 7.10.3, GHC == 8.0.1
+tested-with: GHC == 7.8.4, GHC == 7.10.3, GHC == 8.0.2, GHC == 8.2.1, GHC == 8.2.2
 
 data-files:
     README.md
     CHANGELOG.md
-    constraints
     test/index.html
     test/phantomjs.js
     examples/Scotty.hs
+    examples/Wai.hs
+    examples/ServantWai.hs
 
 source-repository head
     type: git
@@ -43,7 +44,7 @@
 source-repository this
     type: git
     location: https://github.com/larskuhtz/wai-cors
-    tag: 0.2.5
+    tag: 0.2.6
 
 flag transformers-3
     description: use transformers<0.3 (this is set automatically)
@@ -120,9 +121,13 @@
         text >= 1.2,
         wai-cors
 
-    -- we only build the tests suite with the most recent wai version
-    -- cabal fails to resolves the old dependencies otherwise.
-    if flag (wai-1) || flag (wai-2)
+    if impl(ghc < 7.8)
+        build-depends:
+            filepath < 1.4.1.2
+
+    -- We only build the tests suite with the more recent versions of wai and ghc.
+    -- Cabal fails to resolves the old dependencies otherwise.
+    if flag (wai-1) || flag (wai-2) || impl(ghc < 7.10)
         buildable: False
     else
         build-depends:
@@ -147,9 +152,9 @@
         tasty-hunit >= 0.9,
         wai-cors
 
-    -- we only build the tests suite with the most recent wai version
-    -- cabal fails to resolves the old dependencies otherwise.
-    if flag (wai-1) || flag (wai-2)
+    -- We only build the tests suite with the more recent versions of wai and ghc.
+    -- Cabal fails to resolves the old dependencies otherwise.
+    if flag (wai-1) || flag (wai-2) || impl(ghc < 7.10)
         buildable: False
     else
         build-depends:
