Description
Looks for RFC 9116 security.txt at /.well-known/security.txt (with /security.txt fallback). Grants full credit when the file is present and declares a Contact: directive; grants half credit when the file exists but is malformed (missing Contact:). Absence is a skip, not a fail — security.txt is a trust signal, not a requirement.