List of /.well-known/ services offered by webservers

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

It is increasingly common for web-based protocols to require certain services or information be available at URLs consistent across servers, regardless of the way URL paths are organized on a particular host. The specification, RFC 8615, designates a path prefix for these "well-known locations": such paths start with /.well-known/.

For example, if an application hosts the service 'example', the corresponding well-known URIs on would start with

Specifications that need to define a resource for such site-wide metadata can register their use with Internet Assigned Numbers Authority (IANA) to avoid collisions and minimize impingement upon sites' URI space.

The path well-known URI begins with the characters "/.well-known/", and whose scheme is "HTTP", "HTTPS", or another scheme that has explicitly been specified to use well-known URIs.

Well-known URIs[edit]

URI suffix Description Reference Date of IANA registration
acme-challenge Automated Certificate Management Environment (ACME) RFC8555 2019-03-01
apple-app-site-association An Apple service that enables secure data exchange between iOS and a website. web
apple-developer-merchantid-domain-association Apple Pay web
ashrae BACnet - A Data Communication Protocol for Building Automation and Control Networks PDF 2016-01-22
assetlinks.json AssetLinks protocol used to identify one or more digital assets (such as web sites or mobile apps) that are related to the hosting web site in some fashion. Google 2015-09-28
autoconfig/mail Mozilla Thunderbird mail autoconfiguration service web
browserid Mozilla Persona web
caldav Locating Services for Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV) RFC6764
carddav Locating Services for Calendaring Extensions to WebDAV (CalDAV) and vCard Extensions to WebDAV (CardDAV) RFC6764
change-password Helps password managers find the URL for the change password section. web
coap CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets RFC8323 2017-12-22
core Constrained RESTful Environments (CoRE) Link Format RFC6690
csvm CSV metadata, Model for Tabular Data and Metadata on the Web W3C 2015-09-28
dat Links domain to Dat identifier, used by Beaker web browser.[1] web
dnt Site-wide tracking status resource W3C 2015-08-19
dnt-policy.txt A privacy-friendly Do Not Track (DNT) Policy EFF 2015-08-19
est Enrollment over Secure Transport (EST) RFC7030 2013-08-16
genid The Resource Description Framework (RDF) Skolem IRIs RDF 1.1 2012-11-15
gpc Global Privacy Control (GPC) GPC Draft
hoba HTTP Origin-Bound Authentication (HOBA) RFC7486, Section 6 2015-01-20
host-meta Web Host Metadata RFC6415
host-meta.json Web Host Metadata RFC6415
http-opportunistic Opportunistic Security for HTTP/2 RFC8164, Section 2.3 2017-03-20
keybase.txt Used by the Keybase project to identify a proof that one or more people whose public keys may be retrieved using the Keybase service have administrative control over the origin server from which it is retrieved. 2014-04-08
matrix Provides discovery for both client and server APIs to the Matrix federated protocol.
mercure Discovery of mercure hubs. Mercure is a protocol enabling the pushing of data updates to web browsers and other HTTP clients in a fast, reliable and battery-efficient way. web
mta-sts.txt SMTP MTA Strict Transport Security Policy RFC8461, Section 2.3 2018-06-21
ni Naming Things with Hashes RFC6920
nodeinfo Metadata for federated social networking servers web
openid-configuration OpenID Connect OpenID 2013-08-27
openorg Organisation Profile Document web 2015-05-29
openpgpkey OpenPGP Web Key Service RFC draft
pki-validation CA/Browser Forum’s Baseline Requirements Certificate Policy for the Issuance and Management of Publicly-Trusted Certificates PDF 2017-02-06
posh PKIX over Secure HTTP (POSH) RFC7711 2015-09-20
pubvendors.json The IAB pubvendors.json tech spec, which provide a standard for publishers to publicly declare the vendors that they work with, and their respective data rights/configuration. web 2020-09-07
reload-config REsource LOcation And Discovery (RELOAD) Base Protocol RFC6940
repute-template A Reputation Query Protocol RFC7072 2013-09-30
resourcesync ResourceSync Framework Specification ANSI/NISO Z39.99-2017 2017-05-26
security.txt Standard to help organizations define the process for security researchers to disclose security vulnerabilities web 2018-08-20
stun-key Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization RFC7635 2015-06-12
time Time over HTTPS specification web 2015-12-09
timezone Time Zone Data Distribution Service RFC7808 2015-08-03
uma2-configuration User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization UMA 2.0 Grant for OAuth 2.0, Section 2 2017-06-20
void Describing Linked Datasets with the VoID Vocabulary W3C 2011-05-11
webfinger WebFinger RFC7033 2013-03-15, 2013-09-06


  1. ^ "Use a domain name with dat://". Retrieved 2020-08-24.