Contact: mailto:security@sleepy.place
Canonical: https://sleepy.place/.well-known/security.txt
Preferred-Languages: en

A few notes first:
- I run the sleepy.place website for free by myself, and I don't really have any big incentives to keep it "alive" - the stuff on it is backed up in various ways & places, and the site itself is not critical for anything. As such, any actual attacks would be solved by a delete + rebuild from scratch of the website with no cost on my side, or just taking it down entirely from my side and redirecting people to other places where they can find me.
- Please don't try to test for social engineering and/or DDOS attacks. The site should be "protected" against both of these to the best of my ability, but they're also annoying to deal with and they don't have much technical interest for me (though the people at Cloudflare are having fun protecting against DDOS stuff, I'm just using their solution!)
- If you want things to report, don't just rely on a raw dump from common security scanners. A lot of 'reports' wouldn't apply due to the custom code that's running on some endpoints, so they'd almost always be false positives - you can investigate them further and see if there's an actual issue, but my main point is that "the tool said this was an issue" isn't really a good report and would be ignored.
- I do like having secure stuff and security is fun to mess with, so if you want to play around with the website and report issues, feel free to do so!

If you've found a security issue and you would like me to see it and/or address it, send me an email at the address mentioned above (security@sleepy.place) with your findings!