What is security.txt?
security.txt file acts as a formal protocol, allowing organizations to define how to report security issues affecting their websites. It offers a quick and efficient way for security researchers to find the appropriate contact within an organization and understand the accepted reporting procedures.
- Contact Information: Clearly define the method for reporting security issues.
- Expiration Date: Specify when the information in the
security.txtfile will be considered outdated.
- Encryption: Provide a URL to a public PGP key to enable secure communications.
- Acknowledgments: Include a link to a page that recognizes the contributions of security researchers.
- Policy: Direct users to your vulnerability disclosure policy with a URL.
- Hiring: If you’re hiring in the security field, include a link to your job listings.
- Signature: Add a digital signature for verification of the
- Preferred Languages: State which languages you prefer for security reports.
- Canonical: Checkbox indicating that the security.txt file is located in the site’s root directory.
- Additional Directives: Allows you to add custom directives not predefined in the plugin.
- Oct, 04 2023
Requirements and compatibility
- Edge, Firefox, Chrome, Safari, Opera
- Publii 0.43 and up