security.txt (Security)

The site has a security.txt file.

• Rescan
• Share
  • This page
  • LinkedIn
  • Bluesky
  • Mastodon
  • X
  • Email

Impact

(ScanGov impact)

About

security.txt is a text file located on the site root-level or /.well-known/ directory that helps improve vulnerability disclosure by giving security researchers clear contact and reporting information.

security.txt is an accepted standard (RFC 9116) by the Internet Engineering Task Force.

Why it's important

Provides contact info for reporting security issues, helping site owners fix problems quickly and keep users safe.

User stories

As a security researcher, I want to find a security.txt file on the website so that I can report vulnerabilities to the right contact securely and efficiently.

Error

(ScanGov messaging when a site fails a standard)

No available security.txt file.

Guidance

• CISA Cybersecurity Performance Goals
• RFC 9116

Indicators

• Security