Security.txt Generator

Free online security.txt generator with RFC 9116 compliance check, PGP signing, deployment configs for Nginx/Apache, batch export, and live domain verification.

100% Private: Everything runs in your browser. PGP signing, validation, file generation — nothing leaves your device.
Ctrl + Enter to copy output · Ctrl + S to download

1. Define Security Policy

Quick Fill

Email or URL where researchers report vulnerabilities.

RFC 9116 requires expiry. Defaults to 1 year from today.

Link to your public PGP key for encrypted reports.

Link to your security researchers hall-of-fame.

Link to your full vulnerability disclosure policy.

Adds a hidden base64 puzzle at the bottom for researchers to discover.

0
Compliance Score
Fill in required fields to begin
0 / 6

2. security.txt Output

0 B
# Loading...

Live RFC 9116 Audit

Deployment Config

Multi-Domain Batch Export

Generate a .zip bundle with per-domain security.txt files.

Scan My Live Domain

Installation Guide

  1. Save the generated content as security.txt.
  2. Upload to /.well-known/security.txt on your server.
  3. Ensure the MIME type is text/plain.
  4. Optionally also place a copy at /security.txt as fallback.

How it works

About the Security.txt Generator

Generate a valid security.txt file in seconds with RFC 9116 compliance checks, optional PGP signing, and ready-to-deploy Nginx, Apache, and Cloudflare Workers configs. Fill in your contact, encryption, policy, and hiring fields, then download the file or copy it directly to your clipboard.

The built-in validator checks required fields, expiration dates, and Fingerprint format before you deploy. Use presets for startups, enterprises, open-source projects, or bug bounty programs. Batch export multiple security.txt files, verify live domains, and generate both plaintext and PGP-signed versions — all running locally in your browser with zero data uploads.