Security.txt Checker — Security Contact Finder avatar

Security.txt Checker — Security Contact Finder

Pricing

from $0.50 / 1,000 checked domains

Go to Apify Store
Security.txt Checker — Security Contact Finder

Security.txt Checker — Security Contact Finder

Check websites for security.txt, extract security contacts, expiry, policy, hiring and compliance fields.

Pricing

from $0.50 / 1,000 checked domains

Rating

0.0

(0)

Developer

Q Services

Q Services

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

2 days ago

Last modified

Categories

Share

Check any list of websites for security.txt and extract structured security contact data.

Use it for vendor security reviews, bug bounty intake audits, compliance monitoring, agency reports, and scheduled checks that alert you when a site's security contact file disappears or expires.

Example result:

{
"domain": "securitytxt.org",
"checkedUrl": "https://securitytxt.org/.well-known/security.txt",
"status": "found",
"hasSecurityTxt": true,
"contacts": ["mailto:security@example.com"],
"expiresAt": "2027-01-01T00:00:00.000Z",
"isExpired": false,
"policy": ["https://example.com/security-policy"],
"scrapedAt": "2026-07-09T10:30:00.000Z"
}

How to use it

  1. Paste one or more domains or URLs.
  2. Keep the root fallback enabled if you also want to check /security.txt.
  3. Start the Actor and export the Dataset as JSON, CSV or Excel.

Pricing

Pay per result, no subscription:

EventPrice
Run start$0.005
Per checked domain$0.0005

1,000 checked domains cost about $0.505 before Apify platform usage.

Output fields

FieldTypeAlways present
domainstringYes
checkedUrlURLYes
statusstring: found, expired, missingYes
hasSecurityTxtbooleanYes
statusCodenumber or nullNo
contactsarrayYes
expiresAtISO date or nullNo
isExpiredboolean or nullNo
encryptionarrayYes
acknowledgmentsarrayYes
preferredLanguagesarrayYes
canonicalarrayYes
policyarrayYes
hiringarrayYes
csafarrayYes
unknownFieldsarrayYes
attemptsarrayYes
scrapedAtISO dateYes

Limitations

  • It reads public security.txt files only.
  • It does not validate cryptographic signatures.
  • Missing files are returned as normal results because the absence is useful audit data.

FAQ

Why do missing files appear in the dataset? For compliance and monitoring workflows, "missing" is an actionable status.

Can I schedule it? Yes. Schedule it weekly or monthly to monitor a portfolio of domains.

Does it call private APIs? No. It only requests public website URLs.