← Back to Tools

📄 Security.txt Generator

Generate a RFC 9116-compliant security.txt file. This file lives at /.well-known/security.txt and tells researchers how to report vulnerabilities responsibly.

📬

Contact *

How researchers should report vulnerabilities. Can be email, URL, or phone. Required by RFC 9116.

📅

Expires *

Required. Recommend 1 year from today — prevents stale contact info from persisting.

Optional fields

security.txt

/.well-known/security.txt


          

        


        
        


        
        

          
How to deploy

          
    
            
  1. Create the directory /.well-known/ in your web root
    2. 
            
  2. Save the file as security.txt inside it
    3. 
            
  3. Verify it's accessible at https://yourdomain.com/.well-known/security.txt
    4. 
            
  4. Optionally sign it with PGP for authenticity
    5. 
          

          
Serving the file also as /security.txt (root) is recommended for backwards compatibility.