Inaccurate data collection

[dguido]

twitter.com has CSP, cache-control, and STS headers but our library reports them as missing.

1. Go to twitter.com with Chrome and the RECX extension, use it to browse the headers
2. Do the same with http-security, as in the example: https://github.com/trailofbits/http-security#example
3. Information reported by both are different

Expected: parsed content security policy, cache-control, and strict transport security headers.

[postmodern]

Fixed. The README now has examples for everything except X-Permitted-Cross-Domain-Policies.