Some years ago I learned about security.txt, a proposed document that could be added to a website to let security researchers know who to contact in the event a security concern is found. It’s a really cool proposal, and you should definitely check it out. This proposal also showed me the /.well-known/ folder, since that’s where security.txt is supposed to be placed. /.well-known/, also known as RFC 8615, is a URI intended to be the store for documents/files/paths/etc. that web servers can be expected to contain. Had robots.txt come out after this RFC, I think it can be safely assumed that it would be placed in the .well-known folder.
No comments yet. Log in to reply on the Fediverse. Comments will appear here.