What Chrome extensions detect a website's tech stack?

The most widely used are Wappalyzer and BuiltWith, which maintain large signature databases. onHover includes tech stack detection alongside 14+ other developer tools, scanning globals, headers, asset patterns, and meta tags for competitive research without switching extensions.

Can you really detect what JavaScript framework a website uses?

Yes, for most public sites. React exposes window.React or __REACT_DEVTOOLS_GLOBAL_HOOK__. Next.js pages include __NEXT_DATA__. Vue exposes window.Vue. Angular injects ng-version attributes. Svelte leaves specific comment nodes. Most mainstream frameworks on production apps are identifiable.

Detect Any Website's Technology Stack Instantly

Q: How do I find out what technology a website uses?

Browser-based stack detection reads signals available in the browser: JavaScript globals (window.React, __NEXT_DATA__), HTTP response headers (X-Powered-By, Server), HTML meta tags (generator tag), asset URL patterns (/wp-content/, /_next/static/), and DNS records. Chrome extensions like onHover combine all these signals for instant identification.

Q: How does Wappalyzer detect website technology?

Wappalyzer uses a signature database mapping technology fingerprints to tools. It reads HTTP headers for X-Powered-By and Server, scans HTML for generator meta tags and specific attributes, reads JavaScript globals, checks cookies for platform-specific names, and matches asset URL patterns for CDNs and frameworks.

Q: How do I find out if a website is using WordPress?

WordPress leaves several signals: /wp-content/ in asset URLs, in the HTML head, wp-json/wp/v2/ API endpoints, and specific cookies (wordpress_logged_in_). The /wp-admin/ path redirects to the login page if WordPress is present.

Q: How do I identify what CDN a website is using?

CDN detection uses HTTP headers: Cloudflare adds CF-Ray and CF-Cache-Status. Fastly adds X-Served-By. AWS CloudFront adds X-Amz-Cf-Id. Akamai adds X-Check-Cacheable. Some CDNs are identifiable by their DNS nameserver records or IP address ranges.

Q: Can I see what analytics tools a website is using?

Yes. Google Analytics exposes window.ga or window.gtag. Meta Pixel exposes window.fbq. Hotjar exposes window.hj. Segment exposes window.analytics. Stack detection extensions read these globals and network request patterns to identify analytics tools without inspecting source code.

Q: How do I find out what hosting provider a website uses?

Hosting identification uses DNS A record IP ranges, nameserver records (Vercel, Netlify, Cloudflare all have distinctive nameservers), and HTTP headers (Vercel adds x-vercel-id, Netlify adds x-nf-request-id). Reverse IP lookups against AWS, GCP, and Azure IP ranges complete the picture.

You land on a competitor's site or a client's product and the first thing you want to know is: what's this built on? Before you write a single line of integration code, before you estimate a migration, before you write a proposal — you want to detect website technology stack details without burning 30 minutes on research. The answer is usually visible in under a minute if you know what to look at.

Websites leave fingerprints at every layer

HTTP headers, HTML structure, JavaScript globals, cookie names, DNS records, asset URL patterns — each one is a signal. No single signal is definitive, but 4–5 of them together form a reliable technology map.

HTTP response headers reveal the server stack

Response headers are the richest source of server-side tech stack detection signals:

Response headers → what they reveal

x-powered-by: Express→ Node.js + Express

server: nginx→ Nginx (likely Linux VPS or cloud)

cf-ray: 8a1b2c3...→ Cloudflare CDN

x-vercel-id: iad1...→ Hosted on Vercel

x-amz-cf-id: ...→ AWS CloudFront

HTML and DOM fingerprints for framework detection

Every major framework leaves predictable traces in the DOM it generates. If you know where to look, the framework is obvious:

Next.js — __NEXT_DATA__ script tag, _next/static asset paths
Nuxt — __NUXT__ global, _nuxt/ assets
WordPress — /wp-content/ in asset URLs, wp-json REST endpoint
Shopify — Shopify.theme global, cdn.shopify.com assets
React — __reactFiber or __reactProps on DOM nodes

SSL and DNS signals for finding CMS and hosting

The SSL certificate issuer points to the hosting provider. Let's Encrypt is common on Netlify, Vercel, and self-hosted servers. AWS Certificate Manager means AWS. Cloudflare issues its own certificates for anything sitting behind their CDN.

DNS nameservers are equally specific: *.ns.cloudflare.com, dns1.p01.nsone.net (Heroku), ns*.awsdns-*.com.

Obfuscation is common

Larger companies deliberately hide their stack. They strip x-powered-by, randomize asset paths, and use Cloudflare to mask their origin. Detection confidence varies — treat results as strong hints, not hard facts.

How onHover's Site Stack detector works

Open the Site Stack tool and it reads the page's response headers via the background service worker, scans the DOM for framework globals, checks asset URL patterns, and queries DNS records. Results group by category: Hosting, CDN, Framework, CMS, Analytics, and SSL.

It won't get everything right on heavily customized enterprise setups. But for the vast majority of sites you'll encounter — startups, SaaS products, e-commerce stores — it gives you an accurate technology map in under 2 seconds. That's usually enough to answer the question that prompted you to check in the first place.

Why knowing the stack matters before you start

There's a version of this where you just want to satisfy curiosity. But in practice, stack detection is a professional tool with concrete uses.

Before writing integration code, knowing the target stack lets you avoid incompatible library versions before you've written a single line. Integrating with a Next.js 13 app running the App Router is a different task than integrating with a Pages Router setup — and knowing which one in advance saves you from discovering the difference mid-PR.

Before estimating a migration, different stacks have wildly different migration costs. Moving a 200-page WordPress site to Next.js is a 2–3 month project. Moving a 200-page Webflow site to Astro is a few weeks. Stack detection is the first step in any realistic estimate — you can't scope what you don't understand.

When writing a client proposal, the stack shapes what you can recommend. If a client is already on Vercel with Next.js, recommending Gatsby makes no sense. If they're on a shared cPanel host running PHP 7.4, your recommendations look different than if they're on AWS with a containerized stack. Knowing before the discovery call makes you look prepared — because you are.

For competitive intelligence, stack decisions tell a story. A competitor switching from WordPress to Next.js signals they're investing in performance and developer experience. A move from self-hosted to Vercel suggests they're scaling and optimizing for deployment speed. onHover's Site Stack detector gives you this intel in 2 seconds rather than 20 minutes of manual investigation across DevTools, Wappalyzer, and DNS lookup tools.

JavaScript global variables: the richest detection layer

Open your browser console and type window.React on any React site. If it's there, you'll see the React object. Type window.React.version and you'll see the exact version. This is manual detection — and it works, but only if you know which globals to check.

Framework authors expose globals deliberately. React does it for React DevTools. Next.js exposes __NEXT_DATA__ so plugins and error boundaries can read routing and page props. Shopify exposes window.Shopify for theme developers and third-party app integrations. Vue keeps window.Vue accessible. Angular leaves window.angular or its version-specific equivalents.

The problem with doing this manually is you have to already know what you're looking for. You can't check every possible global for every possible framework each time. onHover's Site Stack feature in the Chrome extension systematically checks all known framework globals in one pass — so instead of manually guessing which one to try next, you get a full readout.

Once you find them, you can go deeper. window.React.version tells you whether you're looking at React 17, 18, or 19. window.__NEXT_DATA__.buildId tells you the Next.js build identifier. These details matter when you're debugging a compatibility issue or planning an integration against a specific version.

Cookie names as CMS fingerprints

Cookies are underused as a detection signal. Most people check headers and globals but skip the Application tab entirely. That's a miss.

WordPress writes specific cookie names on login: wordpress_* and wp-settings-* show up even on the frontend if a user is logged into wp-admin. Drupal has its own session cookie patterns. Shopify leaves _shopify_s and _shopify_sa_p for session and attribution. Auth systems are equally specific — next-auth.session-token and __Secure-next-auth.session-token are dead giveaways for NextAuth.js. These cookie fingerprints show up in the Application tab — or in onHover's Site Stack readout — without any network requests needed.

Analytics and marketing stack detection

The analytics and marketing tools a company uses are as revealing as their frontend framework. Each tool leaves a distinct global and often a network request to a recognizable domain.

The ones we check regularly: window.ga (Google Analytics UA — the old version), window.gtag (GA4), window._hsq (HubSpot), window.fbq (Meta Pixel), window.klaviyo, window.Intercom.

Detecting the analytics stack tells you things about a company's maturity that their marketing page won't. A site with HubSpot and Intercom has a growth team that takes pipeline seriously. A site still running UA instead of GA4 has either a low-touch analytics setup or tech debt they haven't gotten to. For sales and BD research, this is genuinely useful context — you walk into a conversation knowing what tools they're invested in before you've said hello.

A/B testing tools are equally revealing. Optimizely, VWO, and LaunchDarkly all leave recognizable globals and fire requests to their respective CDNs. A company running an A/B testing platform is actively experimenting — that tells you something about their culture and their growth stage. onHover's Chrome extension surfaces all of this in the same Site Stack readout, grouped by category, without needing to dig through the Network tab manually.

When detection fails and why

Stack detection isn't magic. There are real limits, and knowing them helps you calibrate how much to trust the results.

Modern bundlers tree-shake aggressively. A React app compiled with certain webpack or esbuild configs may not leave window.React on the global scope at all. Custom framework forks with renamed globals won't match any known pattern. Cloudflare Workers can completely rewrite response headers before they reach the browser — you might see clean generic headers on a site that's actually running a complex origin stack. Bespoke enterprise CMSs built entirely in-house have no public fingerprints to match against. White-labeled Shopify apps sometimes mask their Shopify origin well enough that the usual signals don't appear.

The practical rule we use: treat detection results as strong hints for startups and SMBs, and as uncertain hints for large enterprise. Smaller companies haven't invested in the security engineering effort required to actively obscure their stack. Large enterprises often have. The Site Stack detector in onHover's developer toolkit is excellent for the 80–90% of sites where obfuscation isn't a priority — and for the rest, you at least know to dig deeper rather than assuming the surface-level result is the full picture.

Tech stack detection is a core part of SEO competitive research — how it fits into a broader SEO workflow is covered on the onHover for SEO Specialists page.

Frequently asked questions

How do I find out what technology a website uses?

Browser-based stack detection tools read signals available in the browser context: JavaScript global variables (React, Vue, __NEXT_DATA__, window.Webflow), HTTP response headers (X-Powered-By, Server, X-Generator), HTML meta tags (generator tag used by WordPress and other CMS platforms), asset URL patterns (/wp-content/, /_next/static/), and DNS records. Chrome extensions like onHover's tech stack detector combine all these signals to identify the framework, CMS, CDN, and analytics tools in seconds.

What Chrome extensions can detect a website's tech stack?

The most widely used stack detection extensions are Wappalyzer and BuiltWith, which maintain large signature databases. onHover includes tech stack detection as one feature in its developer toolkit, scanning JavaScript globals, HTTP headers, asset patterns, and meta tags. For competitive research where you want stack data alongside SEO analysis, screenshot capture, and element inspection in the same workflow, an all-in-one extension reduces tool switching.

Can you really tell what JavaScript framework a website uses?

Yes, for most public websites. React-based sites expose window.React or __REACT_DEVTOOLS_GLOBAL_HOOK__. Next.js pages include __NEXT_DATA__ in the HTML. Vue apps expose window.Vue or __VUE__. Angular apps inject ng-version attributes. Svelte leaves specific comment nodes. Nuxt includes __NUXT_DATA__. The detection isn't foolproof — heavily obfuscated builds or custom frameworks can evade it — but most production apps running mainstream frameworks are identifiable.

How does Wappalyzer detect website technology?

Wappalyzer uses a signature database that maps technology fingerprints to tools. It reads HTTP response headers for X-Powered-By, Server, and other headers that reveal backend technology. It scans HTML for generator meta tags, specific attributes, and DOM structures. It reads JavaScript global variables exposed in the page's main world. It checks cookies (some platforms set platform-specific cookie names). It matches asset URL patterns for CDNs and frameworks.

How do I find out if a website is using WordPress?

WordPress leaves several signals: a /wp-content/ path in asset URLs, a <meta name='generator' content='WordPress ...'> tag in the HTML head, wp-json/wp/v2/ API endpoints, and specific cookies (wordpress_logged_in_). The admin panel at /wp-admin/ will redirect to the login page if WordPress is present. Most stack detection extensions identify WordPress reliably from these combined signals.

How do I identify what CDN a website is using?

CDN detection uses HTTP response headers: Cloudflare adds CF-Ray and CF-Cache-Status headers. Fastly adds X-Served-By and X-Cache. AWS CloudFront adds X-Amz-Cf-Id and Via. Akamai adds X-Check-Cacheable. Some CDNs are identifiable by the IP address ranges their DNS resolves to. Stack detection tools combine header inspection with DNS record analysis to identify the CDN with high accuracy.

Can I see what analytics tools a website is using?

Yes. Google Analytics loads from googletagmanager.com or analytics.google.com and exposes window.ga or window.gtag. Meta Pixel loads from connect.facebook.net and exposes window.fbq. Hotjar loads from static.hotjar.com and exposes window.hj. Segment exposes window.analytics. Mixpanel exposes window.mixpanel. Stack detection extensions read these global variables and network request patterns to identify analytics tools without inspecting the source code.

How do I find out what hosting provider a website uses?

Hosting identification combines multiple signals: DNS A record IP addresses (mapped to known hosting provider IP ranges), DNS nameserver records (Cloudflare, Route 53, Vercel, and Netlify all have distinctive nameserver patterns), HTTP response headers (Vercel adds x-vercel-id, Netlify adds x-nf-request-id), and SSL certificate issuer and SAN entries. For cloud providers, tools like reverse IP lookups against AWS, GCP, and Azure IP ranges complete the picture.

Full-Page Screenshots Without Browser Extensions Cutting Off Content The Responsive Design Testing Workflow That Saves Hours