In order to understand the current conditions of web application security policies, 16,000 Japanese domains with high access rates were analyzed on a large scale by confirming the presence of policies for particular vulnerabilities using various parameters to ascertain the general trend. In this research project, the security policies of 16,000 Japanese domains and a total 871,339 pages were examined. Pages were examined by looking at the character output transmitted in the response body as well as the presence of known vulnerabilities resulting from meta tags. After storing the results from the examinations in MongoDB, a search and analysis was conducted. The results of this examination indicated that in terms of escape leaks, other than the blocks with the highest access frequencies, there were uniform ratios. On average, 6.52% of forms clearly experienced escape leaks. Additionally, after categorizing results based on HTTP headers and domain attributes, web sites constructed using PHP and co.jp domain sites has higher than average instances of escape leaks.