Security.txt Tester

Verify a domain's vulnerability disclosure file against RFC 9116

Security.txt Tester

Enter a domain name to fetch its security.txt and validate it against RFC 9116.

Fetches /.well-known/security.txt (and the legacy root location), then validates it against RFC 9116.
No domain tested yet

Enter a domain above and click Test security.txt to validate its disclosure file.

Tool Features

A complete RFC 9116 security.txt validation

Both Locations

Checks /.well-known/security.txt and the legacy root path

Line-by-Line Review

Annotates every field of the fetched file

RFC 9116 Checks

Clear pass / warn / fail on every requirement

Expiry Watch

Flags stale files that scanners will ignore

Learn more

Guides & explainers related to this tool

Article

What Is security.txt?

How the RFC 9116 disclosure file works, what each field means, and why the Expires date matters.

Guide

How to Sign security.txt with PGP

Generate a PGP key with GnuPG, publish it under Encryption, and cleartext-sign the file.

Tool

Security.txt Generator

Build a valid security.txt with Contact, Expires, and every optional field in seconds.

Tool

Secure Header Checker

Audit the rest of your site's security posture — CSP, HSTS, X-Frame-Options, and more.

Related Tools
Discover similar utilities
Headers & Security

Security.txt Generator