Add route printer
diff --git a/src/security_headers_middleware_test.cpp b/src/security_headers_middleware_test.cpp
new file mode 100644
index 0000000..2364ab5
--- /dev/null
+++ b/src/security_headers_middleware_test.cpp
@@ -0,0 +1,74 @@
+#include <crow/app.h>
+#include <gmock/gmock.h>
+#include <security_headers_middleware.hpp>
+#include "gtest/gtest.h"
+
+using namespace crow;
+using namespace std;
+
+// Tests that the security headers are added correctly
+TEST(SecurityHeaders, TestHeadersExist) {
+  App<SecurityHeadersMiddleware> app;
+  app.bindaddr("127.0.0.1").port(45451);
+  CROW_ROUTE(app, "/")([]() { return 200; });
+  auto _ = async(launch::async, [&] { app.run(); });
+
+  asio::io_service is;
+  std::array<char, 2048> buf;
+  std::string sendmsg;
+
+  {
+    // Retry a couple of times waiting for the server to come up
+    // TODO(ed)  This is really unfortunate, and should use some form of mock
+    asio::ip::tcp::socket c(is);
+    for (int i = 0; i < 200; i++) {
+      try {
+        c.connect(asio::ip::tcp::endpoint(
+            asio::ip::address::from_string("127.0.0.1"), 45451));
+        c.close();
+        break;
+      } catch (std::exception e) {
+        // do nothing.  We expect this to fail while the server is starting up
+      }
+    }
+  }
+
+  // Test correct login credentials
+  sendmsg = "GET /\r\n\r\n";
+
+  asio::ip::tcp::socket c(is);
+  c.connect(asio::ip::tcp::endpoint(asio::ip::address::from_string("127.0.0.1"),
+                                    45451));
+  c.send(asio::buffer(sendmsg));
+  auto received_count = c.receive(asio::buffer(buf));
+  c.close();
+  auto return_code = std::string(&buf[9], &buf[12]);
+  EXPECT_EQ("200", return_code);
+  std::string response(std::begin(buf), std::end(buf));
+
+  // This is a routine to split strings until a newline is hit
+  // TODO(ed) this should really use the HTTP parser
+  std::vector<std::string> headers;
+  std::string::size_type pos = 0;
+  std::string::size_type prev = 0;
+  while ((pos = response.find("\r\n", prev)) != std::string::npos) {
+    auto this_string = response.substr(prev, pos - prev);
+    if (this_string == "") {
+      break;
+    }
+    headers.push_back(this_string);
+    prev = pos + 2;
+  }
+  headers.push_back(response.substr(prev));
+
+  EXPECT_EQ(headers[0], "HTTP/1.1 200 OK");
+  EXPECT_THAT(headers, ::testing::Contains("Strict-Transport-Security: "
+                                           "max-age=31536000; "
+                                           "includeSubdomains; preload"));
+  EXPECT_THAT(headers, ::testing::Contains("X-UA-Compatible: IE=11"));
+  EXPECT_THAT(headers, ::testing::Contains("X-Frame-Options: DENY"));
+  EXPECT_THAT(headers, ::testing::Contains("X-XSS-Protection: 1; mode=block"));
+  EXPECT_THAT(headers, ::testing::Contains(
+                           "X-Content-Security-Policy: default-src 'self'"));
+  app.stop();
+}