diff --git a/conf.d/global.conf b/conf.d/global.conf
index fe97f485991fe8a600b9e442a8ac0fadcdbf0488..da15b04b228bb74c8440cb4012785d9adc65e447 100644
--- a/conf.d/global.conf
+++ b/conf.d/global.conf
@@ -6,3 +6,4 @@ tcp_nodelay     on;
 server_tokens   off;
 include         snippets/common-headers.conf;
 include         snippets/ads-txt.conf;
+include         snippets/security-txt.conf;
diff --git a/snippets/security-txt.conf b/snippets/security-txt.conf
new file mode 100644
index 0000000000000000000000000000000000000000..c1f0d219b5dc1f4fe2537633a0c2ed58f05f10b3
--- /dev/null
+++ b/snippets/security-txt.conf
@@ -0,0 +1,9 @@
+location = /.well-known/security.txt {
+    if ($scheme = http) {
+        return 301 https://$host$request_uri;
+    }
+    if ($scheme = https) {
+        add_header Content-Type "text/plain; charset=utf-8";
+        return 200 "Contact: mailto:security@shore.co.il\nEncryption: https://www.shore.co.il/blog/static/nimrod.asc";
+    }
+}