We recently discovered the security.txt standard and wanted to know more about adoption rates for the standard.

A search for details online didn't yield much. One tweet from 2017, stating that of the top 10,000 sites from Alexa, none used the security.txt protocol.

Not convinced, we ran our own scans.

We checked the top 1,000,000 sites from Alexa, and found 1137 results. That number might seem small, but many major organizations including Facebook, Google and Github were there. As the giants adopt the standard, others were follow.

We spent some time scanning the Alexa top 1 million websites for security.txt records, parsing, and doing some basic indexing; you can see the results here.

We're running a crowdfunding campaign to improve this project. We'd like to provide:

• Live updates to the data
• Regular updates to discovered security.txt files
• Regular scans for new security.txt files
• Expand scanning beyond the top 1,000,000 websites
• Time series on adoption rates

If you enjoy this project or feel it's useful, let us know on Twitter (matix.io, connorbode).

If you don't know what security.txt is, check out securitytxt.org

Enjoy!