diff --git a/src/app.controller.ts b/src/app.controller.ts
index c766c2b..86b3312 100644
--- a/src/app.controller.ts
+++ b/src/app.controller.ts
@@ -1,47 +1,10 @@
 import { Controller, Get, Redirect } from '@nestjs/common';
-import { ConfigurationService } from './modules/config/config.service';
 
 @Controller()
 export class AppController {
-  constructor(private config: ConfigurationService) {}
-
   @Get()
   @Redirect('/account/general')
   getHello() {
     return;
   }
-
-  @Get('/.well-known/openid-configuration')
-  openidConfiguration() {
-    const base = this.config.get<string>('app.base_url');
-    return {
-      issuer: this.config.get('jwt.issuer'),
-      authorization_endpoint: `${base}/oauth2/authorize`,
-      token_endpoint: `${base}/oauth2/token`,
-      jwks_uri: `${base}/oauth2/jwks`,
-      userinfo_endpoint: `${base}/api/user`,
-      introspection_endpoint: `${base}/oauth2/introspect`,
-      response_types_supported: ['code', 'id_token'],
-      id_token_signing_alg_values_supported: [this.config.get('jwt.algorithm')],
-      subject_types_supported: ['public'],
-      scopes_supported: ['openid', 'profile', 'picture', 'email'],
-      claims_supported: [
-        'aud',
-        'exp',
-        'iat',
-        'iss',
-        'sub',
-        'name',
-        'preferred_username',
-        'nickname',
-        'profile',
-        'picture',
-        'updated_at',
-        'email',
-        'email_verified',
-      ],
-      code_challenge_methods_supported: ['plain', 'S256'],
-      grant_types_supported: ['authorization_code', 'refresh_token'],
-    };
-  }
 }
diff --git a/src/app.module.ts b/src/app.module.ts
index 174f30f..2f36219 100644
--- a/src/app.module.ts
+++ b/src/app.module.ts
@@ -11,6 +11,7 @@ import { ConfigurationModule } from './modules/config/config.module';
 import { JWTModule } from './modules/jwt/jwt.module';
 import { SSRFrontEndModule } from './modules/ssr-front-end/ssr-front-end.module';
 import { UtilityModule } from './modules/utility/utility.module';
+import { WellKnownModule } from './modules/well-known/well-known.module';
 
 @Module({
   imports: [
@@ -26,6 +27,7 @@ import { UtilityModule } from './modules/utility/utility.module';
     UtilityModule,
     JWTModule,
     SSRFrontEndModule,
+    WellKnownModule,
     ApiModule,
   ],
   controllers: [AppController],
diff --git a/src/modules/well-known/well-known.controller.ts b/src/modules/well-known/well-known.controller.ts
new file mode 100644
index 0000000..d3fb1f1
--- /dev/null
+++ b/src/modules/well-known/well-known.controller.ts
@@ -0,0 +1,64 @@
+import { Controller, Get, Redirect, Res } from '@nestjs/common';
+import { Response } from 'express';
+import { ConfigurationService } from '../config/config.service';
+
+@Controller({
+  path: '/.well-known/',
+})
+export class WellKnownController {
+  constructor(private config: ConfigurationService) {}
+
+  @Get('security.txt')
+  securityTXT(@Res({ passthrough: true }) res: Response) {
+    res.set('content-type', 'text/plain');
+    return `# If you would like to report a security issue
+# you may report it to:
+Contact: mailto:evert@lunasqu.ee
+    `;
+  }
+
+  @Get('dnt')
+  DNT() {
+    return { tracking: 'N' };
+  }
+
+  @Get('change-password')
+  @Redirect('/account/security')
+  changePassword() {
+    return;
+  }
+
+  @Get('openid-configuration')
+  openidConfiguration() {
+    const base = this.config.get<string>('app.base_url');
+    return {
+      issuer: this.config.get('jwt.issuer'),
+      authorization_endpoint: `${base}/oauth2/authorize`,
+      token_endpoint: `${base}/oauth2/token`,
+      jwks_uri: `${base}/oauth2/jwks`,
+      userinfo_endpoint: `${base}/api/user`,
+      introspection_endpoint: `${base}/oauth2/introspect`,
+      response_types_supported: ['code', 'id_token'],
+      id_token_signing_alg_values_supported: [this.config.get('jwt.algorithm')],
+      subject_types_supported: ['public'],
+      scopes_supported: ['openid', 'profile', 'picture', 'email'],
+      claims_supported: [
+        'aud',
+        'exp',
+        'iat',
+        'iss',
+        'sub',
+        'name',
+        'preferred_username',
+        'nickname',
+        'profile',
+        'picture',
+        'updated_at',
+        'email',
+        'email_verified',
+      ],
+      code_challenge_methods_supported: ['plain', 'S256'],
+      grant_types_supported: ['authorization_code', 'refresh_token'],
+    };
+  }
+}
diff --git a/src/modules/well-known/well-known.module.ts b/src/modules/well-known/well-known.module.ts
new file mode 100644
index 0000000..dff405c
--- /dev/null
+++ b/src/modules/well-known/well-known.module.ts
@@ -0,0 +1,10 @@
+import { Module } from '@nestjs/common';
+import { ConfigurationModule } from '../config/config.module';
+import { JWTModule } from '../jwt/jwt.module';
+import { WellKnownController } from './well-known.controller';
+
+@Module({
+  imports: [ConfigurationModule, JWTModule],
+  controllers: [WellKnownController],
+})
+export class WellKnownModule {}