A security.txt file (at /.well-known/security.txt) gives security researchers a clear, official way to report a vulnerability they've found — without it, someone who discovers a real problem in your site has no idea who to contact and may post it publicly instead of reporting it responsibly.
security.txt is a standard file that tells security researchers how to responsibly disclose vulnerabilities to you. Without it, researchers may disclose publicly.
https://yoursite.com/.well-known/security.txt loads and contains a valid Contact and Expires field.
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →