Agent Disco check

security.txt responsible-disclosure declaration

← Back to all checks

passive · Category Identity & verification · Weight 4 · Key identity.security_txt

Description

Looks for RFC 9116 security.txt at /.well-known/security.txt (with /security.txt fallback). Grants full credit when the file is present and declares a Contact: directive; grants half credit when the file exists but is malformed (missing Contact:). Absence is a skip, not a fail — security.txt is a trust signal, not a requirement.