WebGuarder
    ← All ToolsSecurity.txt Checker

    Security.txt Generator

    Create a properly formatted RFC 9116 compliant security.txt file for your domain. Place it at /.well-known/security.txt

    Required Fields
    Required

    These fields are mandatory per RFC 9116.

    How to report vulnerabilities. Use mailto:, https://, or tel: URI.

    When this file should be considered stale. Max 1 year recommended.

    Optional Fields

    Recommended fields to enhance your security.txt.

    PGP key or encryption endpoint for secure reports.

    The official location of this security.txt file.

    Link to your vulnerability disclosure policy.

    Link to your security hall of fame.

    Comma-separated language codes (e.g. en, fr, de).

    Link to security-related job positions.

    CSAF provider metadata URL (if applicable).

    Validation
    Valid

    Adding a Canonical URL helps prevent tampering with cached copies.
    Adding an Encryption key lets researchers report securely.

    Generated security.txt

    # This is a security.txt file per RFC 9116
# https://securitytxt.org/

Contact: mailto:
Expires: 2027-03-14T23:59:59.000Z
Preferred-Languages: en

    How to Deploy

    1. Save the file

    Download or copy the generated content above.

    2. Place at the correct path

    Upload to /.well-known/security.txt on your web server. Optionally also at /security.txt for legacy compatibility.

    3. Serve over HTTPS

    The file must be accessible via HTTPS with Content-Type: text/plain.

    4. Verify with our checker

    Use the Security.txt Checker to validate your deployment.

    💡 Pro tip: Sign with PGP

    For maximum trust, sign the file with your PGP key using gpg --clearsign security.txt.

    WebGuarder

    © 2026 WebGuarder. All rights reserved.