diff --git a/readme.md b/readme.md
index b1113238e..3368fae6c 100644
--- a/readme.md
+++ b/readme.md
@@ -809,6 +809,31 @@ Type: `string`
 
 The IP address used to send the request from.
 
+##### rejectUnauthorized
+
+Type: `boolean`\
+Default: `true`
+
+If set to `false`, all invalid SSL certificates will be ignored and no error will be thrown.\
+If set to `true`, it will throw an error whenever an invalid SSL certificate is detected.
+
+We strongly recommend to have this set to `true` for security reasons.
+
+```js
+const got = require('got');
+
+(async () => {
+	// Correct:
+	await got('https://example.com', {rejectUnauthorized: true});
+
+	// You can disable it when developing an HTTPS app:
+	await got('https://localhost', {rejectUnauthorized: false});
+
+	// Never do this:
+	await got('https://example.com', {rejectUnauthorized: false});
+})();
+```
+
 #### Response
 
 The response object will typically be a [Node.js HTTP response stream](https://nodejs.org/api/http.html#http_class_http_incomingmessage), however, if returned from the cache it will be a [response-like object](https://github.com/lukechilds/responselike) which behaves in the same way.