Skip to content
uxTools
Security & Crypto

security.txt Generator

Build an RFC 9116 security.txt file in your browser. It tells security researchers how to reach you and report vulnerabilities.

Output/.well-known/security.txt
Contact: mailto:[email protected]
Expires: 2027-01-01T23:59:59.000Z

Looks valid — required fields are present.

Contact & expiry

Contactrequired — mailto:, https: or tel:
Expiresrequired — converted to an RFC 3339 timestamp

Optional directives

EncryptionURL of an encryption key
AcknowledgmentsURL of a page recognising past reports
Preferred languagesRFC 5646 language tags, comma separated
Canonicalcanonical URL of this security.txt file
PolicyURL of the disclosure policy
HiringURL of a security-related job posting

About security.txt

security.txt is a standard file (RFC 9116) that helps security researchers find who to contact and how to report a vulnerability. Serve it over HTTPS at /.well-known/security.txt on your site. Everything happens in your browser — nothing you enter is sent to a server.