#!/usr/bin/env node

import https from 'https';
import http from 'http';

const testUrl = 'https://nzambello.dev';

console.log('🔒 Testing Security Headers for', testUrl);
console.log('=' .repeat(50));

const client = testUrl.startsWith('https') ? https : http;

client.get(testUrl, (res) => {
  console.log(`Status: ${res.statusCode}`);
  console.log(`Server: ${res.headers.server || 'Not disclosed'}`);
  console.log('\n📋 Security Headers:');
  console.log('-'.repeat(30));

  const securityHeaders = [
    'content-security-policy',
    'strict-transport-security',
    'x-content-type-options',
    'x-frame-options',
    'referrer-policy',
    'x-xss-protection',
    'permissions-policy'
  ];

  securityHeaders.forEach(header => {
    const value = res.headers[header];
    const status = value ? '✅' : '❌';
    console.log(`${status} ${header}: ${value || 'Not set'}`);
  });

  console.log('\n🔍 Additional Headers:');
  console.log('-'.repeat(30));
  Object.keys(res.headers).forEach(header => {
    if (!securityHeaders.includes(header.toLowerCase())) {
      console.log(`ℹ️  ${header}: ${res.headers[header]}`);
    }
  });

}).on('error', (err) => {
  console.error('❌ Error testing headers:', err.message);
  console.log('\n💡 Make sure the site is running and accessible');
});