Security.txt Generator

Generate security.txt, privacy meta tags, and robots.txt rules for your site.

Your Details

Security contact email

Contact URL (optional)

Policy expiry date

Preferred languages

Encryption (PGP key URL)

Acknowledgments URL

Bug bounty / hiring URL (optional)

Privacy Options

Add referrer-policy meta tag Add permissions-policy meta tag Generate privacy-focused robots.txt Block known AI scrapers in robots.txt

security.txt is a proposed standard (RFC 9116) that tells security researchers how to report vulnerabilities in your website. It's a plain text file placed at /.well-known/security.txt containing your security contact email, PGP key, and disclosure policy.

Without a security.txt, researchers who find vulnerabilities in your site have no clear way to report them. They might try generic emails like info@ or support@, post publicly on social media, or simply give up. A security.txt file takes 2 minutes to create and can prevent a public disclosure disaster.

Major companies including Google, Facebook, GitHub, and Dropbox all publish security.txt files. The Expires field ensures the contact information stays current — set it to one year from now and update annually. This tool also generates privacy-focused robots.txt rules and security-related meta tags for your HTML head.

This tool in other languages:

Français:
Générateur de security.txt

Español:
Generador de security.txt

Deutsch:
Security.txt Generator

Português:
Gerador de security.txt

日本語:
Security.txt ジェネレーター

中文:
Security.txt 生成器

한국어:
Security.txt 생성기

العربية:
مولد ملف security.txt