Home Services Book
§
§ · free tool

CMS detector. 15+ platforms, signature-based.

Paste any page's HTML source. We scan for 15+ CMS and static-generator signatures — WordPress, Shopify, Squarespace, Wix, Webflow, Ghost, Drupal, Magento, Hugo, Next.js, Gatsby, and more — with confidence scores per match.

See web development service

Paste page HTML source. We scan for 25+ CMS and static-generator signatures, score each match by signal weight, and surface the most-likely platform plus any secondary frameworks bundled with it. Browser-only, no upload.

How do I get HTML source?
  1. View source: right-click → 'View page source' (or Ctrl-U / Cmd-U). Select all, copy.
  2. curl: curl -L https://example.com — the -L follows redirects.
  3. DevTools (for SPAs): F12 → Elements → right-click document root → Copy → Copy outerHTML.
0 chars
primary detection
all matches · score ≥ 5
signature evidence

Privacy: detection happens in your browser. Nothing is sent or logged.

\n\n\n
Content
\n', shopify: 'Shop\n\n\n\n\nItem\n', webflow: 'Webflow site\n\n\n\n
\nClick\n
', next: 'Next App\n\n\n\n
Hello
\n\n\n', ghost: 'Ghost blog\n\n\n\n\n
Post body
\n' }; function escapeHtml(s) { return String(s).replace(/[&<>"']/g, (c) => ({ '&':'&', '<':'<', '>':'>', '"':'"', "'":''' }[c])); } function detect(html) { const matches = []; const allEvidence = []; Object.entries(platforms).forEach(([name, sigs]) => { let score = 0; const evidence = []; sigs.forEach((s) => { if (s.p.test(html)) { score += s.w; evidence.push({ weight: s.w, label: s.l }); } }); if (score >= 5) { matches.push({ name, score, evidence }); evidence.forEach((e) => allEvidence.push({ platform: name, weight: e.weight, label: e.label })); } }); matches.sort((a, b) => b.score - a.score); return { matches, allEvidence }; } function update() { const html = $('cdInput').value; $('cdInputStat').textContent = html.length.toLocaleString() + ' chars'; if (!html.trim()) { $('cdPrimary').textContent = '—'; $('cdPrimaryDetail').textContent = 'Paste HTML source to detect.'; $('cdMatches').innerHTML = '
  • No input.
    • '; $('cdEvidence').innerHTML = '
  • No evidence yet.
    • '; return; } const { matches, allEvidence } = detect(html); if (matches.length === 0) { $('cdPrimary').textContent = 'No CMS detected'; $('cdPrimary').className = 'font-heading font-bold text-2xl text-amber-300 leading-tight mb-2'; $('cdPrimaryDetail').textContent = 'No platform signatures matched above the score threshold. Could be a custom-built site, a fully client-side-rendered SPA, or a platform not in our signature set. Try the Tech Stack Detector for framework-level detection.'; $('cdMatches').innerHTML = '
  • No matches above score 5.
    • '; $('cdEvidence').innerHTML = '
  • No platform signatures matched.
    • '; return; } const top = matches[0]; $('cdPrimary').textContent = top.name; $('cdPrimary').className = 'font-heading font-bold text-2xl text-moss-300 leading-tight mb-2'; const others = matches.slice(1).map((m) => m.name); const note = others.length ? ' Also detected: ' + others.join(', ') + '.' : ''; $('cdPrimaryDetail').textContent = 'Confidence score ' + top.score + '/' + (top.evidence.length === 1 ? top.evidence[0].weight : 'mixed') + '.' + note; $('cdMatches').innerHTML = matches.map((m, i) => { const isPrimary = i === 0; const tone = isPrimary ? 'text-moss-300 font-bold' : 'text-white/85'; return '
  • ' + escapeHtml(m.name) + (isPrimary ? ' ← primary' : '') + '' + m.score + 'pts
    • '; }).join(''); $('cdEvidence').innerHTML = allEvidence.slice(0, 15).map((e) => { return '
  • +' + e.weight + 'pts ' + escapeHtml(e.platform) + ' · ' + escapeHtml(e.label) + '
    • '; }).join('') + (allEvidence.length > 15 ? '
  • … +' + (allEvidence.length - 15) + ' more signatures
    • ' : ''); } $('cdInput').addEventListener('input', update); document.querySelectorAll('.cd-sample').forEach((b) => b.addEventListener('click', () => { $('cdInput').value = samples[b.dataset.sample]; update(); })); $('cdClearBtn').addEventListener('click', () => { $('cdInput').value = ''; update(); }); update(); })();
    § 02 · signal classes

    Three signal types. Different reliability.

    Generator meta tags (10pts). The most-reliable signal — an explicit <meta name="generator" content="..."> declaration. Most CMSes ship one by default. Some hardened deployments strip it as a security measure (security through obscurity, since the platform is detectable through other signals anyway). When present, this is the canonical detection.

    Asset path patterns (5-9pts). URLs that follow a CMS's known directory structure: /wp-content/ for WordPress, cdn.shopify.com for Shopify, /_next/static/ for Next.js. Hard to fake (would require remapping the entire asset pipeline) and consistent across deployments. Combined with a generator tag, gives high confidence.

    DOM and class-name patterns (2-6pts). Characteristic class names (wp-block-*, w-nav), data attributes (data-w-id, data-stencil-*), or DOM hooks (__NEXT_DATA__, astro-island). Lower individual confidence because they can be replicated by other tools, but in combination provide strong corroboration. The scoring system weights these accordingly.

    § 03 · when to use this

    Four jobs this tool covers.

    Job 1: Migration scoping. Before pitching a Shopify migration to a prospect, paste their current site's HTML source into this tool. The detected platform tells you what export format they have, what plugins / apps you'll need to replace, what URL structure to redirect. Pair with our Shopify migration service for the engagement side.

    Job 2: Sales prospecting. Agency targeting WordPress-to-Shopify-Plus or Magento-to-Shopify-Plus migration leads can pre-qualify prospects by detecting their current platform. Saves the discovery call from being a "what platform are you on" interrogation. Knowing they're on Magento 1 vs Magento 2 vs Shopify Standard tells you everything about the engagement scope.

    Job 3: Vendor diligence. Before signing with a vendor, partner, or acquisition target, knowing their stack tells you about their operating-cost profile, platform-lock-in risk, and time-to-rebuild if you needed to replace them. A vendor on Webflow is a different operational profile from one on Next.js + Vercel from one on bespoke PHP.

    Job 4: Competitive intelligence. Knowing competitor stack reveals their constraints — a competitor on Shopify Standard can't do certain checkout customizations; one on Webflow can't ship custom JavaScript at scale; one on bespoke Next.js has full flexibility but pays for it in maintenance. Pair with our Tech Stack Detector for framework-level detection on top of the CMS layer.

    § 04 · questions

    Six questions users ask.

    How do I get a page's HTML source?

    Three ways. (1) Browser: right-click → 'View page source' (Cmd-U on Mac, Ctrl-U on Windows / Linux), select all, copy, paste. (2) curl: curl https://example.com (without flags returns the body). (3) DevTools: F12 → Elements → right-click the document root → Copy → Copy outerHTML. Method 1 is the simplest for most users; method 3 is required for client-side-rendered apps where the initial HTML is sparse and the DOM is built by JavaScript.

    Which CMS platforms does it detect?

    Hosted CMSes: WordPress, Shopify, Squarespace, Wix, Webflow, Ghost. Open-source CMSes: Drupal, Joomla. E-commerce platforms: Magento, BigCommerce, WooCommerce. Static generators: Hugo, Jekyll, Eleventy, Next.js, Gatsby, Astro, Hugo, Nuxt, SvelteKit, Remix. Plus signal detection for Cloudflare Pages, Vercel, Netlify, GitHub Pages hosting. Total ~25 distinct platform signatures with weight-based confidence scoring.

    How does the confidence score work?

    Each platform has 3-8 signature patterns of varying weight. A meta generator tag is high-confidence (10pts) — explicit declaration. A characteristic asset URL pattern is medium-confidence (5pts) — strong signal but can be replicated. A class-name pattern or DOM hint is low-confidence (2pts) — weak signal that could match other platforms. Scores sum across all matches; we report platforms with score >= 5pts and flag the highest-scoring as the primary detection. A site can match multiple platforms (WooCommerce on WordPress, Shopify with custom theme bundling Bootstrap).

    What if no CMS is detected?

    Three possibilities. (1) Custom-built site or framework not in our signature set. (2) The platform stripped its identifying signatures (some hardened sites do this for security — though it's considered security theater because the patterns are still detectable in many other ways). (3) Client-side-rendered single-page app where the initial HTML is mostly empty; copy the rendered DOM from DevTools instead. For custom apps and CSR apps, our Tech Stack Detector tool is more useful — it scans for framework signals rather than CMS signals.

    Why detect a competitor's CMS?

    Three legitimate use cases. (1) Migration scoping — when planning to move from CMS A to CMS B, knowing the source platform tells you what export format is available, what plugins might need replacement, what URL patterns to redirect. (2) Vendor / partner diligence — knowing a vendor's stack tells you about their operating-cost profile and platform-lock-in risk. (3) Sales prospecting — agencies targeting Shopify Plus migration leads can pre-qualify prospects by detecting their current platform before the call.

    Is the HTML I paste sent anywhere?

    No. Detection happens entirely in your browser. The page is static HTML; the only network request is the initial page load. Safe for HTML from internal apps, staging environments, or any source you don't want to share with a third party. We never see your input.

    Published · Last updated .