# Security vulnerability disclosure policy
# Compliant with RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)
#
# TODO: Replace all placeholder values before going live.

Contact: mailto:security@example.com
Expires: 2027-04-23T00:00:00.000Z
Canonical: https://yourdomain.example/.well-known/security.txt
Preferred-Languages: en

# Optional fields — uncomment and fill in as needed:
# Policy: https://yourdomain.example/security-policy
# Acknowledgments: https://yourdomain.example/security-acknowledgments
# Encryption: https://yourdomain.example/pgp-key.txt