SiteAlertAI SiteAlertAI
⬡ Web Scan 🔒 SSL/TLS 📬 MX Record ✉ Email Header 🎣 URL Check 🌍 IP Geo
⬡ Web Scan 🔒 SSL/TLS 📬 MX Record ✉ Email Header 🎣 URL Check 🌍 IP Geo
← All guides

security.txt: How Researchers Report Vulnerabilities to You

security.txt is a small text file, standardised in RFC 9116, that tells security researchers how to report a vulnerability they find in your site. It is a simple maturity signal that shortens the path to responsible disclosure.

Where it goes

Place the file at /.well-known/security.txt over HTTPS. A legacy /security.txt location is also recognised, but the well-known path is canonical.

What to include

At minimum a Contact: line (an email or reporting URL) and an Expires: date. You can also add Policy:, Encryption: (a PGP key), Acknowledgments:, and Preferred-Languages:.

🛰 Check for security.txt →

Related guides

  • What Is HSTS and How Do I Enable It?
  • Content-Security-Policy Explained (and How to Fix a Weak One)
  • Mixed Content: Why Your HTTPS Padlock Breaks
SiteAlertAI · © 2026 All rights reserved · Built for security professionals and developers.
Blog Guides Privacy Terms About Contact Social

⚠ For authorised security testing only. Scanning domains you do not own may violate laws in your jurisdiction. SiteAlertAI accepts no liability for misuse. CVE data is indicative — verify with NVD.