Take the community feedback survey now.

AI OnAI Off
K Khan
K Khan
Jan 15, 2024
  4836
(2 votes)

Toptip - what is .well-known folder

Within your ~/public folder, you may come across a directory named ".well-known." This directory is frequently employed in web-based protocols to retrieve "site-wide metadata" related to a host before initiating a request. It's important to note that the absence of this folder doesn't necessarily indicate an issue; it simply means it hasn't been utilized or generated yet.

Here are some examples of what you might find in the ".well-known" directory:

  1. .well-known/security.txt: Contains information about a website's security policies and contact information for security researchers.
    Please read some helpful blogs on this topic.
    https://www.gulla.net/en/blog/security.txt
    https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core

  2. .well-known/apple-app-site-association (AASA): Used for associating iOS apps with websites, enabling features like Universal Links. This file doesn't have an extension.

  3. .well-known/assetlinks.json: Used in the context of Android App Links. Android App Links are a way to associate a website with a specific Android app, allowing the app to open when certain links are clicked, even if the app is not currently installed on the device.
Jan 15, 2024

Comments

Scott Reed
Scott Reed Jan 15, 2024 01:25 PM

I'll be honest it wasn't very clear to me that the link on security.txt was a link to another blog post that covered it in more detail, can you make that clearer.

Also (and I mentioned this on Tomas's blog) it might be worth a link to as well to https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core too as there's some more code exmples and explanation on the security.txt

K Khan
K Khan Jan 15, 2024 01:38 PM

Thanks for the feedback, I have updated the contents.

Scott Reed
Scott Reed Jan 15, 2024 05:49 PM

Super, great work :-)

Please login to comment.
Latest blogs
Dynamic CSP Management for Headless and Hybrid Optimizely CMS with Next.js

In the evolving realm of web security, Content Security Policy (CSP) is essential for defending against XSS and injection attacks. Traditional...

Minesh Shah (Netcel) | Sep 8, 2025

Create a Simple home page in Optimizely CMS

  Introduction In this blog post, I will walk you through a step by step process to create a very basic home page on a Optimizley CMS Empty site....

Ratish | Sep 7, 2025 |

AEO, GEO and SEO with Epicweb AI-Assistant in Optimizely

As search evolves beyond traditional SEO, businesses must adapt to Answer Engine Optimization (AEO) and Generative Engine Optimization (GEO). This...

Luc Gosso (MVP) | Sep 7, 2025 |

Meet the newest OMVPs – summer 2025 cohort

We’re excited to welcome the latest group of Optimizely Most Valuable Professionals (OMVPs) into the program! This summer’s cohort highlights a ble...

Satata Satez | Sep 5, 2025

See all blogs