More and more websites contain a security.txt file. Basically it's intended to supply contact info to who researchers can report found security vulnerabilities in your (hosted) website(s). You can find more information about security.txt here: https://www.digitaltrustcenter.nl/securitytxt (Dutch) https://securitytxt.org/ https://www.rfc-editor.org/rfc/rfc9116 I've created a PHP based way to dynamically create the file and implement it into all your hosted websites. It uses a config file so you can easily set the desired contact info. Your customers will still be able to overrule the file with one of their own in their documentroot. It can be installed into both Apache and Nginx. Here you find my files and how to install them onto your webserver: https://github.com/remkohat/dynamic-security.txt The last part of the installation "Server-wide", both Apache and Nginx, will now be explained for ISPConfig: Apache: Copy vhost.conf.master to create your own custom vhost template for your websites. Code: cp /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/ !Skip this step if you already have your own custom vhost template! Find these lines in /usr/local/ispconfig/server/conf-custom/vhost.conf.master: Code: <tmpl_if name="rewrite_enabled"> RewriteEngine on Insert this next line: Code: RewriteOptions Inherit Nginx: Copy nginx_vhost.conf.master to create your own custom vhost template for your websites. Code: cp /usr/local/ispconfig/server/conf/nginx_vhost.conf.master /usr/local/ispconfig/server/conf-custom/ !Skip this step if you already have your own custom vhost template! Find these lines in /usr/local/ispconfig/server/conf-custom/nginx_vhost.conf.master: Code: root <tmpl_var name='web_document_root_www'>; disable_symlinks if_not_owner from=$document_root; Insert this next line: Code: include /etc/nginx/snippets/securitytxt.conf; ISPConfig: To also implement security.txt into already existing websites you need to resync them. Go to: Tools >> Sync Tools >> Resync Check Websites, select your webserver and click Start. Test your website: You can test your website at https://en.internet.nl/ to see if the installation was successful. If on the result page Security.txt is checked green under Security options >> Other security options then all has gone well.