All fix guides
How to add a security.txt file
Give security researchers a clear, standard way to report vulnerabilities to you.
What it is
security.txt (RFC 9116) is a simple text file at `/.well-known/security.txt` listing how to report security issues.
Why it matters
Without it, a researcher who finds a vulnerability has no obvious way to reach you — so issues go unreported or public.
How to fix it
- 1Create `/.well-known/security.txt` with at least a `Contact:` line (email or a reporting URL).
- 2Add `Expires:` (a future date), and optionally `Policy:`, `Preferred-Languages:`, and `Canonical:`.
- 3Serve it over HTTPS with a `text/plain` content type.
- 4Re-scan to confirm security.txt is published.
Not sure if your site is affected?
Run a free scan — or let us fix it all for you.