Set up security.txt

Wikipedia may not yet provide current information:


How my hosted sites use .htaccess:
Redirect 302 /.well-known/security.txt

And if legacy functionality is a requirement:
Redirect 302 /security.txt

For developers:

  • A CMS can generate security.txt daily.
  • A CMS could delete security.txt if still directly under public_html.
  • In case of required legacy retrieval, redirection works.

I have asked to report about a legacy security.txt anyway.
A file can contain previous confidential information. could may be show test results such as:

  • Information for legacy does not exist
  • Only information for legacy exists
  • The information for legacy is identical
  • The information for legacy is not identical

Newly arisen issue:

‘Who is’ of a domain and DNS settings may happen to be someone else’s responsibility.
In this situation, security.txt might not point correctly.