No security.txt

A security.txt file is a simple standard text file published at a specific address on your website that tells security researchers how to contact you if they discover a vulnerability. None was found. Without it, a well-intentioned researcher who finds a security issue on your site has no clear way to report it to you responsibly. Vulnerabilities may go unreported or be disclosed publicly before you have a chance to fix them. Create a plain text file and publish it at /.well-known/security.txt. Include a security contact email address and an expiry date. The generator at securitytxt.org can build one in under a minute.

Why this matters

Without it, a well-intentioned researcher who finds a security issue on your site has no clear way to report it to you responsibly. Vulnerabilities may go unreported or be disclosed publicly before you have a chance to fix them.

How to fix it

Create a plain text file and publish it at /.well-known/security.txt. Include a security contact email address and an expiry date. The generator at securitytxt.org can build one in under a minute.