security.txt Checker
Verify responsible disclosure policy publication via security.txt and validate formatting freshness.
Best for organizations formalizing disclosure policy, preparing for vendor reviews, or checking whether public security contact information is current and correctly published.
What This Tool Checks
- RFC-style field validation
- Stale policy detection
- Disclosure policy fix template
Why It Matters
A working security.txt does not harden the application directly, but it improves disclosure readiness and signals operational maturity to researchers, partners, and enterprise buyers.
Best For
Best for organizations formalizing disclosure policy, preparing for vendor reviews, or checking whether public security contact information is current and correctly published.
What To Do Next
Use the output to confirm whether you only need formatting fixes or whether the underlying disclosure workflow, contacts, and policy freshness need an update too.
Related Resources
What does the security.txt Checker look for?
security.txt Checker focuses on rfc-style field validation, stale policy detection, disclosure policy fix template. It is designed to help teams identify this category of weakness quickly and then move into broader workflows if deeper follow-up is needed.
What is the difference between Quick and Comprehensive mode?
Quick mode stays public for focused diagnostics. Comprehensive mode is intended for authenticated workflows where users need saved history, richer follow-up, and broader account-linked execution.
When should I use the full Vulnify platform instead?
Use the full platform when you need more than one focused diagnostic, want to keep reports and history, or need scheduled scans, exports, and broader vulnerability coverage beyond security.txt checker.