Security.txt Tester
Verify a domain's vulnerability disclosure file against RFC 9116
Security.txt Tester
Enter a domain name to fetch its security.txt and validate it against RFC 9116.
No domain tested yet
Enter a domain above and click Test security.txt to validate its disclosure file.
Tool Features
A complete RFC 9116 security.txt validation
Both Locations
Checks /.well-known/security.txt and the legacy root path
Line-by-Line Review
Annotates every field of the fetched file
RFC 9116 Checks
Clear pass / warn / fail on every requirement
Expiry Watch
Flags stale files that scanners will ignore
Learn more
Guides & explainers related to this tool
Article
What Is security.txt?
How the RFC 9116 disclosure file works, what each field means, and why the Expires date matters.
Guide
How to Sign security.txt with PGP
Generate a PGP key with GnuPG, publish it under Encryption, and cleartext-sign the file.
Tool
Security.txt Generator
Build a valid security.txt with Contact, Expires, and every optional field in seconds.
Tool
Secure Header Checker
Audit the rest of your site's security posture — CSP, HSTS, X-Frame-Options, and more.