CMS detector. 15+ platforms, signature-based.
Paste any page's HTML source. We scan for 15+ CMS and static-generator signatures, WordPress, Shopify, Squarespace, Wix, Webflow, Ghost, Drupal, Magento, Hugo, Next.js, Gatsby, and more, with confidence scores per match.
A free online tool by Digital HeroesPaste page HTML source. We scan for 25+ CMS and static-generator signatures, score each match by signal weight, and surface the most-likely platform plus any secondary frameworks bundled with it. Browser-only, no upload.
How do I get HTML source?
- View source: right-click → 'View page source' (or Ctrl-U / Cmd-U). Select all, copy.
- curl:
curl -L https://example.com, the -L follows redirects. - DevTools (for SPAs): F12 → Elements → right-click document root → Copy → Copy outerHTML.
- ,
- ,
Privacy: detection happens in your browser. Nothing is sent or logged.
Three signal types. Different reliability.
Generator meta tags (10pts). The most-reliable signal, an explicit <meta name="generator" content="..."> declaration. Most CMSes ship one by default. Some hardened deployments strip it as a security measure (security through obscurity, since the platform is detectable through other signals anyway). When present, this is the canonical detection.
Asset path patterns (5-9pts). URLs that follow a CMS's known directory structure: /wp-content/ for WordPress, cdn.shopify.com for Shopify, /_next/static/ for Next.js. Hard to fake (would require remapping the entire asset pipeline) and consistent across deployments. Combined with a generator tag, gives high confidence.
DOM and class-name patterns (2-6pts). Characteristic class names (wp-block-*, w-nav), data attributes (data-w-id, data-stencil-*), or DOM hooks (__NEXT_DATA__, astro-island). Lower individual confidence because they can be replicated by other tools, but in combination provide strong corroboration. The scoring system weights these accordingly.
Four jobs this tool covers.
Job 1: Migration scoping. Before pitching a Shopify migration to a prospect, paste their current site's HTML source into this tool. The detected platform tells you what export format they have, what plugins / apps you'll need to replace, what URL structure to redirect. Pair with our Shopify migration service for the engagement side.
Job 2: Sales prospecting. Agency targeting WordPress-to-Shopify-Plus or Magento-to-Shopify-Plus migration leads can pre-qualify prospects by detecting their current platform. Saves the discovery call from being a "what platform are you on" interrogation. Knowing they're on Magento 1 vs Magento 2 vs Shopify Standard tells you everything about the engagement scope.
Job 3: Vendor diligence. Before signing with a vendor, partner, or acquisition target, knowing their stack tells you about their operating-cost profile, platform-lock-in risk, and time-to-rebuild if you needed to replace them. A vendor on Webflow is a different operational profile from one on Next.js + Vercel from one on bespoke PHP.
Job 4: Competitive intelligence. Knowing competitor stack reveals their constraints, a competitor on Shopify Standard can't do certain checkout customizations; one on Webflow can't ship custom JavaScript at scale; one on bespoke Next.js has full flexibility but pays for it in maintenance. Pair with our Tech Stack Detector for framework-level detection on top of the CMS layer.
Six questions users ask.
How do I get a page's HTML source?
Three ways. (1) Browser: right-click → 'View page source' (Cmd-U on Mac, Ctrl-U on Windows / Linux), select all, copy, paste. (2) curl: curl https://example.com (without flags returns the body). (3) DevTools: F12 → Elements → right-click the document root → Copy → Copy outerHTML. Method 1 is the simplest for most users; method 3 is required for client-side-rendered apps where the initial HTML is sparse and the DOM is built by JavaScript.
Which CMS platforms does it detect?
Hosted CMSes: WordPress, Shopify, Squarespace, Wix, Webflow, Ghost. Open-source CMSes: Drupal, Joomla. E-commerce platforms: Magento, BigCommerce, WooCommerce. Static generators: Hugo, Jekyll, Eleventy, Next.js, Gatsby, Astro, Hugo, Nuxt, SvelteKit, Remix. Plus signal detection for Cloudflare Pages, Vercel, Netlify, GitHub Pages hosting. Total ~25 distinct platform signatures with weight-based confidence scoring.
How does the confidence score work?
Each platform has 3-8 signature patterns of varying weight. A meta generator tag is high-confidence (10pts), explicit declaration. A characteristic asset URL pattern is medium-confidence (5pts), strong signal but can be replicated. A class-name pattern or DOM hint is low-confidence (2pts), weak signal that could match other platforms. Scores sum across all matches; we report platforms with score >= 5pts and flag the highest-scoring as the primary detection. A site can match multiple platforms (WooCommerce on WordPress, Shopify with custom theme bundling Bootstrap).
What if no CMS is detected?
Three possibilities. (1) Custom-built site or framework not in our signature set. (2) The platform stripped its identifying signatures (some hardened sites do this for security, though it's considered security theater because the patterns are still detectable in many other ways). (3) Client-side-rendered single-page app where the initial HTML is mostly empty; copy the rendered DOM from DevTools instead. For custom apps and CSR apps, our Tech Stack Detector tool is more useful, it scans for framework signals rather than CMS signals.
Why detect a competitor's CMS?
Three legitimate use cases. (1) Migration scoping, when planning to move from CMS A to CMS B, knowing the source platform tells you what export format is available, what plugins might need replacement, what URL patterns to redirect. (2) Vendor / partner diligence, knowing a vendor's stack tells you about their operating-cost profile and platform-lock-in risk. (3) Sales prospecting, agencies targeting Shopify Plus migration leads can pre-qualify prospects by detecting their current platform before the call.
Is the HTML I paste sent anywhere?
No. Detection happens entirely in your browser. The page is static HTML; the only network request is the initial page load. Safe for HTML from internal apps, staging environments, or any source you don't want to share with a third party. We never see your input.
Published · Last updated .