Security.txt
Serves a security.txt file at /.well-known/security.txt as specified by RFC 9116, so security researchers know how to report vulnerabilities.
All values are configured in Settings > Security.txt. The required Expires field is computed automatically as a rolling "now + N months" timestamp. If no Contact is configured, the endpoint returns 404 instead of serving an RFC-invalid file. The legacy /security.txt path redirects to the well-known location.
Please log in to comment on this module