Security.txt Generator

security.txt 生成器

按 RFC 9116 输出，可直接部署到 /.well-known/security.txt。

披露信息配置

Contact（每行一条）

Encryption

Acknowledgments

Policy

Hiring

Expires

生成结果

Contact: mailto:security@geekformat.com
Contact: https://geekformat.com/security
Encryption: https://geekformat.com/.well-known/pgp-key.txt
Acknowledgments: https://geekformat.com/hall-of-fame
Policy: https://geekformat.com/security-policy
Hiring: https://geekformat.com/careers/security
Expires: 2027-12-31T23:59:59Z
Preferred-Languages: en, zh-CN

Generate security.txt online, give security researchers a formal entry point.

Security Headers Checker

Robots.txt Checker

Cache-Control Parser

Content-Disposition Parser

Base64 Encoder

JWT Decoder

Use Cases

When official websites or SaaS platforms need a formal vulnerability reporting entry point, generate a standard security.txt first
Publish encryption keys and acknowledgment policies to security researchers to improve site credibility
Meet RFC 9116 specification to improve vulnerability response process and security contact channels
Configure standard security.txt for open source projects or developer platforms for security community contact

Features

Security contact info generated centrally: Contact, Policy, Encryption fields without manual writing
More professional official disclosure: Clear vulnerability reporting channels and descriptions for external parties
Reduce manual omissions: Lower format errors and non-standard field deployment risks
Generate and copy instantly: Results ready for /.well-known/security.txt or specified security disclosure paths

How to Use

1.Fill in security contact email, vulnerability report URL, and expiration time
2.Optionally configure security policy descriptions, PGP encryption key URLs, acknowledgment pages, and preferred languages
3.Tool generates RFC 9116 compliant security.txt content
4.Copy content and deploy to /.well-known/security.txt path in website root directory

FAQ

What is a security.txt file for?

security.txt publicly discloses security contact emails, vulnerability reporting channels, and related policies so researchers know where to report issues.

Is it suitable for corporate websites and product sites?

Yes. Whether SaaS official sites, developer platforms, or corporate websites, configuring security.txt helps establish more standardized vulnerability reporting entry points.

Can I configure contact info, policy URLs, and encryption keys?

Yes. The generator organizes common fields, making it easy to generate standardized security disclosure file content all at once.

Why use a generator instead of writing manually?

Manual writing is prone to missing fields, having non-standard formats, or placing paths incorrectly. A generator helps you get standardized content suitable for deployment faster.