// tool reference · Governance & Advisory
security.txt Generator Free
Generate a valid RFC 9116 security.txt, a disclosure policy, and a triage email in seconds.
What it does
Generates an RFC 9116 compliant security.txt so researchers know where to report a vulnerability instead of tweeting it.
When to use it
- Any public-facing site. It takes two minutes and materially improves disclosure outcomes.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| (form fields) | text | required | Contact, policy URL, expiry, languages. |
What you get back
A ready file for /.well-known/security.txt.
Worked example
Input
contact: security@yourdomain.com · policy: /responsible-disclosure · languages: en, ja
Output (abridged)
Contact: mailto:security@yourdomain.com Expires: 2027-07-09T01:16:07Z Preferred-Languages: en, ja Canonical: https://yourdomain.com/.well-known/security.txt Policy: https://yourdomain.com/responsible-disclosure
How it works
Deterministic generation to the RFC 9116 grammar.
Limits
Read live from the platform configuration.
| Rate limit | 15 requests / 5 minutes |
Privacy
Nothing is stored.
Standards
RFC 9116