diff --git a/public/.well-known/security.txt b/public/.well-known/security.txt
new file mode 100644
index 00000000000..8150b4d8fe9
--- /dev/null
+++ b/public/.well-known/security.txt
@@ -0,0 +1,2 @@
+Contact: https://crates.io/policies/security
+Expires: 2025-06-25T00:00:00.000Z
diff --git a/src/middleware/common_headers.rs b/src/middleware/common_headers.rs
index 0044e4de2cd..e304c9a4269 100644
--- a/src/middleware/common_headers.rs
+++ b/src/middleware/common_headers.rs
@@ -23,11 +23,12 @@ pub async fn add_common_headers(
 
     let path = request.uri().path();
 
-    const STATIC_FILES: [&str; 4] = [
+    const STATIC_FILES: [&str; 5] = [
         "/github-redirect.html",
         "/favicon.ico",
         "/robots.txt",
         "/opensearch.xml",
+        "/.well-known/security.txt",
     ];
     if STATIC_FILES.contains(&path) {
         expires(&mut headers, ONE_DAY);