security.txt Generator (RFC 9116)

Build a valid RFC 9116 /.well-known/security.txt file. Add Contact, Expires, Encryption, Canonical, Policy and more, with live validation of required fields and URI formats.

X LinkedIn Reddit

Generates a /.well-known/security.txt per RFC 9116. Publish only on domains you own or are authorized to test. Required fields: Contact, Expires.

Contact (required, one or more)

Expires (required, < 1 year)

Preferred-Languages (comma-separated)

Encryption

Acknowledgments

Canonical

Policy

Hiring

Valid security.txt

# security.txt — RFC 9116
# Generated for authorized vulnerability disclosure on systems you own or are permitted to test.

Contact: mailto:[email protected]
Expires: 2026-12-19T06:27:00Z

Host at https://example.com/.well-known/security.txt (a legacy copy at /security.txt is also permitted). Sign it with PGP for integrity when handling sensitive disclosures.

Related Tools

Security Header Scanner

Scan any URL for missing security headers with A+ to F grade.

HTTP Header Analyzer

Analyze HTTP headers for security issues with A+ to F grading.

OWASP Top 10 Checklist

Generate custom OWASP Top 10 test checklists by stack.

DNS Record Lookup

Query DNS records with security insights for SPF/DMARC/DKIM.

$loading...