All fix guides

How to add a security.txt file

Give security researchers a clear, standard way to report vulnerabilities to you.

What it is

security.txt (RFC 9116) is a simple text file at `/.well-known/security.txt` listing how to report security issues.

Why it matters

Without it, a researcher who finds a vulnerability has no obvious way to reach you — so issues go unreported or public.

How to fix it

  1. 1Create `/.well-known/security.txt` with at least a `Contact:` line (email or a reporting URL).
  2. 2Add `Expires:` (a future date), and optionally `Policy:`, `Preferred-Languages:`, and `Canonical:`.
  3. 3Serve it over HTTPS with a `text/plain` content type.
  4. 4Re-scan to confirm security.txt is published.

Not sure if your site is affected?

Run a free scan — or let us fix it all for you.

Privacy and cookie preferences

We use strictly necessary cookies to run the site. Analytics, marketing, and AI assistant telemetry are optional and disabled until you choose. You can update consent any time in Cookie Settings.

Some infrastructure cookies, such as load balancer routing cookies, are essential for service delivery. Details: Cookie Policy