Two days ago, I talked about adding a robots.txt file to your site to inform web crawlers like Googlebot for better Google search indexing of your website. Today, with this PR, I have added a security.txt file to, giving security researchers a way to contact me about new web services vulnerabilities potentially affecting my site.

It’s easy to set this up yourself! You're adding two routes to your app containing information about how to contact you.

“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”

The first step is to fill out a form on The tricky part is the encryption section. It's asking for the public key of a GPG asymmetric key pair. There are smarter ways of generating keys, but I used this online PGP generator. Once you create the keys, you'll want to stash the private key somewhere safe and put your public key at a publically accessible endpoint. 

Add a security.txt file to your website and join companies like Google, Facebook, and Github to make the web safer for everyone.


Back to Home
John Solly Profile Picture
John Solly Profile Picture

John Solly

Hi, I'm John, a Software Engineer with a decade of experience building, deploying, and maintaining cloud-native geospatial solutions. I currently serve as a senior software engineer at New Light Technologies (NLT), where I work on a variety of infrastructure and application development projects.

Throughout my career, I've built applications on platforms like Esri and Mapbox while also leveraging open-source GIS technologies such as OpenLayers, GeoServer, and GDAL. This blog is where I share useful articles with the GeoDev community. Check out my portfolio to see my latest work!