security.txt Generator
Build an RFC 9116 security.txt file in your browser. It tells security researchers how to reach you and report vulnerabilities.
Output
/.well-known/security.txtContact: mailto:[email protected]
Expires: 2027-01-01T23:59:59.000ZLooks valid — required fields are present.
Contact & expiry
Contactrequired — mailto:, https: or tel:
Expiresrequired — converted to an RFC 3339 timestamp
Optional directives
EncryptionURL of an encryption key
AcknowledgmentsURL of a page recognising past reports
Preferred languagesRFC 5646 language tags, comma separated
Canonicalcanonical URL of this security.txt file
PolicyURL of the disclosure policy
HiringURL of a security-related job posting
About security.txt
security.txt is a standard file (RFC 9116) that helps security researchers find who to contact and how to report a vulnerability. Serve it over HTTPS at /.well-known/security.txt on your site. Everything happens in your browser — nothing you enter is sent to a server.