Security.txt Generator

Build a compliant security.txt file with contact details, disclosure policy, and optional metadata.

Security.txt Details

Fill in the fields below to instantly generate your compliance file.

Contact *(one per line)

Expires (ISO 8601)

Preferred Languages

Canonical URL

Policy URL

Acknowledgments URL

Encryption URL

Hiring URL

CSAF URL

Comments (optional)

Generated security.txt

Warning: At least one "Contact" directive is required by the security.txt specification (RFC 9116).

Add at least one contact to generate output.

What is a security.txt file?

A security.txt file is a standardized text file placed in the /.well-known/ directory of a website. It provides security researchers with a clear way to report vulnerabilities, contact the security team, and locate disclosure policies, as defined in RFC 9116.

How to publish

Save the generated file as security.txt and publish it at /.well-known/security.txt on your site. Make sure the URL is accessible over HTTPS.

Why it matters

A clear disclosure point reduces friction for security researchers and helps your team receive vulnerability reports with the right context. It also signals that you take security seriously.

Frequently Asked Questions

What is security.txt used for?

Security.txt is a standard file that tells security researchers how to report vulnerabilities and where to find disclosure policies.

Where should security.txt be hosted?

Publish it at https://yourdomain.com/.well-known/security.txt and keep the file accessible over HTTPS.

Which fields are required?

At least one Contact field is required. Expires is strongly recommended to indicate when the file should be refreshed.