HSTS Non-Functional as of v0.1.5

[rykener]

As glencarl mentioned in issue #42, the Expedited SSL scanner isn't picking up HSTS with v0.1.5 installed. This comes back to the Strict-Transport-Security flag not being sent in the header, as illustrated below.

I believe this warrants opening a separate issue as it clarifies that it's not an issue with Expedited SSL's scanner but is in fact an issue with HSTS itself.

v0.1.4

curl -D - https://myapp014.herokuapp.com | head -n 20
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
1HTTP/1.1 200 OK   0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Connection: keep-alive
Server: gunicorn/19.4.5
Date: Thu, 21 Apr 2016 14:07:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8622
Strict-Transport-Security: max-age=31536000
Via: 1.1 vegur

v0.1.5

curl -D - https://myapp015.herokuapp.com | head -n 20
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
10HTTP/1.1 200 OK  0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
Connection: keep-alive
Server: gunicorn/19.4.5
Date: Thu, 21 Apr 2016 14:09:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8622
Via: 1.1 vegur