Take the community feedback survey now.

K Khan
Jan 15, 2024
  5143
(2 votes)

Toptip - what is .well-known folder

Within your ~/public folder, you may come across a directory named ".well-known." This directory is frequently employed in web-based protocols to retrieve "site-wide metadata" related to a host before initiating a request. It's important to note that the absence of this folder doesn't necessarily indicate an issue; it simply means it hasn't been utilized or generated yet.

Here are some examples of what you might find in the ".well-known" directory:

  1. .well-known/security.txt: Contains information about a website's security policies and contact information for security researchers.
    Please read some helpful blogs on this topic.
    https://www.gulla.net/en/blog/security.txt
    https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core
  2. .well-known/apple-app-site-association (AASA): Used for associating iOS apps with websites, enabling features like Universal Links. This file doesn't have an extension.

  3. .well-known/assetlinks.json: Used in the context of Android App Links. Android App Links are a way to associate a website with a specific Android app, allowing the app to open when certain links are clicked, even if the app is not currently installed on the device.
Jan 15, 2024

Comments

Scott Reed
Scott Reed Jan 15, 2024 01:25 PM

I'll be honest it wasn't very clear to me that the link on security.txt was a link to another blog post that covered it in more detail, can you make that clearer.

Also (and I mentioned this on Tomas's blog) it might be worth a link to as well to https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core too as there's some more code exmples and explanation on the security.txt

K Khan
K Khan Jan 15, 2024 01:38 PM

Thanks for the feedback, I have updated the contents.

Scott Reed
Scott Reed Jan 15, 2024 05:49 PM

Super, great work :-)

Please login to comment.
Latest blogs
Optimizely CMS Mixed Auth - Okta + ASP.NET Identity

Configuring mixed authentication and authorization in Optimizely CMS using Okta and ASP.NET Identity.

Damian Smutek | Oct 27, 2025 |

Optimizely: Multi-Step Form Creation Through Submission

I have been exploring Optimizely Forms recently and created a multi-step Customer Support Request Form with File Upload Functionality.  Let’s get...

Madhu | Oct 25, 2025 |

How to Add Multiple Authentication Providers to an Optimizely CMS 12 Site (Entra ID, Google, Facebook, and Local Identity)

Modern websites often need to let users sign in with their corporate account (Entra ID), their social identity (Google, Facebook), or a simple...

Francisco Quintanilla | Oct 22, 2025 |

Connecting the Dots Between Research and Specification to Implementation using NotebookLM

Overview As part of my day to day role as a solution architect I overlap with many clients, partners, solutions and technologies. I am often...

Scott Reed | Oct 22, 2025

MimeKit Vulnerability and EPiServer.CMS.Core Dependency Update

Hi everyone, We want to inform you about a critical security vulnerability affecting older versions of the EPiServer.CMS.Core  package due to its...

Bien Nguyen | Oct 21, 2025

Speeding Up Local Development with a Fake OpenID Authentication Handler

When working with OpenID authentication, local development often grinds to a halt waiting for identity servers, clients, and users to be configured...

Eric Herlitz | Oct 20, 2025 |