Security.txt Generator
Tell security researchers how to report vulnerabilities responsibly
Security.txt Generator
Fill in your contact channels and disclosure details to generate a valid RFC 9116 security.txt, ready to publish at /.well-known/security.txt.
Nothing generated yet
Fill in your contact channels above, then click Generate security.txt.
Tool Features
Everything you need to publish a valid security.txt
Valid Contact URIs
Email addresses become mailto: links automatically, as RFC 9116 requires
Sane Expiry Dates
One-click expiry presets with a warning when you exceed the recommended year
Every Optional Field
Encryption, Acknowledgments, Policy, Hiring, and Canonical — all supported
Deploy Checklist
Copy or download the file with clear steps to publish and maintain it
Learn more
Guides & explainers related to this tool
Article
What Is security.txt?
How the RFC 9116 disclosure file works, what each field means, and why the Expires date matters.
Guide
How to Sign security.txt with PGP
Generate a PGP key with GnuPG, publish it under Encryption, and cleartext-sign the file.
Tool
Security.txt Tester
Fetch and validate a live security.txt against RFC 9116 after you publish it.
Tool
Secure Header Checker
Audit the rest of your site's security posture — CSP, HSTS, X-Frame-Options, and more.