A well-known folder

Have you ever seen the .well-known folder? I had seen it before, but I did not pay much attention to what it is. It turned out to be a useful thing, especially in one case that is directly related to user experience.

But first, a shameless plug: I have two slots for UI/UX Advisory and unlimited slots for one-time review.

What is .well-known

It is a standardized hidden root URI (for example, site.com/.well-known), defined by RFC 8615, that acts as a public "passport" for your domain.

To be precise, it is not a folder but a URI.

It allows external systems to discover metadata about your site and use it for different purposes.

Why does it matter? It has many use cases, and some of them are directly related to UX.

One of them is the change-password URI. Technically, it is not really a file - it can be a redirect, a page, or anything else behind that URL.

Change password

The .well-known area might contain files, but not only files. You can set up redirects as well.

If you redirect site.com/.well-known/change-password to the page where users can actually change their password (for example, site.com/account/change-password), password managers and browsers can take users directly there.

If a password manager, browser, or another app knows a password was leaked, it can suggest changing it. When users press the "change password" button, they get redirected to the exact location they need.

Security.txt

Another useful case is putting Security.txt in the .well-known URI. It is used to tell people how to contact you if they find a vulnerability.

Example security.txt content

As you can see, it can include fields like how to contact you, when the file expires, and the preferred language.

There are dozens of defined URIs for this folder.

Practical tips for improving digital products

Learn new ways to improve your product’s design and usability with simple, practical ideas. For designers, developers, founders, and everyone who works with user interfaces

No spam or ads, unsubscribe any time.