Technology Lookup

Detect a website's technology stack — CMS, frameworks, JavaScript libraries, web server, language, CDN, analytics, payment and more — via fingerprinting of headers, cookies, meta tags and HTML.

Enter a domain or full URL to see what it is built with.

What does Technology Lookup do?

This tool inspects a website and tries to identify what it is built with — which CMS it runs (e.g. WordPress, Joomla, Shopify), which frameworks and JavaScript libraries it uses (React, Vue, jQuery, Laravel), the web server and backend language, plus CDNs, analytics, payment systems, captchas and more. It's the same idea as Wappalyzer or BuiltWith, implemented server-side.

How does detection work?

We make a normal HTTP request to the page (following any redirects) and analyse four sources of fingerprints:

  • HTTP response headers — e.g. Server: nginx, X-Powered-By: PHP/8.2, CF-RAY (Cloudflare).
  • Cookies — e.g. laravel_session → Laravel, PHPSESSID → PHP, csrftoken → Django.
  • Meta tags — mainly the <meta name="generator"> tag that many CMSs leave behind (often with the version).
  • HTML & script URLs — patterns in the markup and in <script src>, e.g. /wp-content/, cdn.shopify.com, googletagmanager.com/gtm.js.

Each technology has a set of rules (regular expressions). When a rule matches, the technology is flagged as detected and — where possible — its version is extracted. Some technologies imply others (e.g. WooCommerce → WordPress → PHP): those appear tagged as "implied".

Why are some technologies missing?

Detection relies only on the initial HTML the server returns — it does not execute JavaScript. So technologies loaded dynamically after the initial render (e.g. via a tag manager or lazy-loaded scripts) may not show up. Sites behind a strict WAF/CDN, or pages that block bots, may also return different or minimal markup.

How reliable are the results?

The fingerprints are intentionally conservative to avoid false positives, but no detection is ever 100% certain: some technologies deliberately remove their traces (e.g. hide the Server header or generator meta), while others share common patterns. Treat the results as a strong signal, not absolute proof.

Frequently Asked Questions

How is it different from Wappalyzer?
The logic is the same (fingerprinting from headers, cookies, meta and HTML). The difference is that this runs entirely server-side using our own curated pattern database — no browser extension is needed and no data is sent to third parties.
Can I enter just a domain or do I need a full URL?
Both work. If you enter a bare example.com, we check https://example.com. You can also enter a full URL with a path to inspect a specific page.
Why does it show "PHP" or "MySQL" when they are not visible anywhere?
These are implied technologies: if WordPress is detected, it is safe to infer that PHP and (typically) MySQL run underneath. They are tagged as "implied".
Why don't I see a version for each technology?
A version is only extracted when it is explicitly exposed somewhere — e.g. in the generator meta, a header, or a script filename (jquery-3.7.1.min.js). Many sites do not expose it, so only the name is shown.
Is the result stored anywhere?
The result is briefly cached so repeated checks of the same URL are faster. It is not published or shared with third parties.
📖 Read the full guide: How to See What a Website Is Built With →
Ranking & SEO
Meta tags & SEO analysis
Redirect Checker
Redirect chain with latency per hop
Robots & LLMs Checker
robots.txt & llms.txt analysis
Security Headers
HSTS, CSP, X-Frame-Options and other HTTP security headers