Security.txt Generator

Tell security researchers how to report vulnerabilities responsibly

Security.txt Generator

Fill in your contact channels and disclosure details to generate a valid RFC 9116 security.txt, ready to publish at /.well-known/security.txt.

Configuration
ContactRequired
Email addresses become mailto: links automatically. The first contact is the preferred channel.
ExpiresRequired
After this date the file is considered stale and must be re-issued. RFC 9116 recommends less than a year.
Preferred languages
Encryption keyoptional
Acknowledgmentsoptional
Security policyoptional
Hiringoptional
Canonical URLoptional
Nothing generated yet

Fill in your contact channels above, then click Generate security.txt.

Tool Features

Everything you need to publish a valid security.txt

Valid Contact URIs

Email addresses become mailto: links automatically, as RFC 9116 requires

Sane Expiry Dates

One-click expiry presets with a warning when you exceed the recommended year

Every Optional Field

Encryption, Acknowledgments, Policy, Hiring, and Canonical — all supported

Deploy Checklist

Copy or download the file with clear steps to publish and maintain it

Learn more

Guides & explainers related to this tool

Article

What Is security.txt?

How the RFC 9116 disclosure file works, what each field means, and why the Expires date matters.

Guide

How to Sign security.txt with PGP

Generate a PGP key with GnuPG, publish it under Encryption, and cleartext-sign the file.

Tool

Security.txt Tester

Fetch and validate a live security.txt against RFC 9116 after you publish it.

Tool

Secure Header Checker

Audit the rest of your site's security posture — CSP, HSTS, X-Frame-Options, and more.

Related Tools
Discover similar utilities
Config

Security.txt Tester