security.txt Generator
Generate RFC 9116 compliant security.txt files for your website. Include contact information, encryption, policy, and acknowledgments.
Something went wrong
More options
How to use security.txt Generator
- Fill in your contact information (email, URL, or phone).
- Add your security policy and PGP key URL.
- Set the expiration date.
- Copy the security.txt file to /.well-known/security.txt.
What is security.txt Generator?
security.txt is a proposed standard (RFC 9116) that allows websites to define security policies and contact information for security researchers. It's placed at /.well-known/security.txt on your domain.
This generator creates a properly formatted security.txt file with fields for Contact, Expires, Encryption, Policy, Acknowledgments, and Hiring. It helps security researchers report vulnerabilities responsibly.
FAQ
- Where should I put security.txt?
- Place it at https://yourdomain.com/.well-known/security.txt or at the root of your domain.
- Is security.txt required?
- It's not required but is recommended by security best practices and helps security researchers report vulnerabilities to you.
Related tools
People also use
- CSP Generator🔒 Privacy & Security Tools
Free online Content Security Policy generator. Build CSP headers to prevent XSS, clickjacking, and code injection attacks. Copy-ready policy.
- CSRF Token Generator🔒 Privacy & Security Tools
Free online CSRF token generator. Generate cryptographically secure CSRF tokens for form protection. Multiple formats and customization options.
- HTTP Security Headers Checker🔒 Privacy & Security Tools
Free online HTTP security headers checker. Audit your website's security headers including CSP, HSTS, X-Frame-Options, and more.