How to Detect What Website Builder a Site Uses (2026 Guide)
Ailiniyazi Maimaiti
Founder, AI Website Detector · 2026-04-02
With dozens of website builders available and AI-native platforms growing rapidly, knowing what platform any given site uses has become a genuinely valuable skill. Whether you are doing competitive research, auditing vendor claims, learning from a site you admire, building sales intelligence, or verifying an agency's work — this is the complete guide to every reliable detection method in 2026.
---
The Fastest Method: Use a Detection Tool
For most use cases, AIWebsiteDetector.com is the right starting point. Paste any URL and get an instant result covering:
The tool analyzes 80+ builders including every major AI-native platform. It is free, requires no account, and handles about 85–90% of sites in under five seconds.
---
Method 2: Inspect the HTML Source
When you want to verify a result, dig deeper, or investigate a site that was not identified automatically — inspecting the page source is the most reliable manual method.
Open it with Ctrl+U on Windows/Linux or Cmd+Option+U on Mac. Then use Ctrl+F to search for platform-specific strings.
WordPress
WordPress leaks its identity through script and stylesheet paths. Search for /wp-content/ in the source — this appears in virtually every WordPress site's asset URLs (themes, plugins). Also look for /wp-includes/ in script paths and a generator meta tag reading "WordPress" followed by a version number. WooCommerce adds its own scripts under /wp-content/plugins/woocommerce/.
Webflow
Webflow injects several identifiers. Look for uploads-ssl.webflow.com or webflow.com in stylesheet URLs, and data-wf-domain, data-wf-page, or data-wf-site attributes on the html element. The Cloudfront CDN URL (d3e54v103j8qbb.cloudfront.net) for jQuery is also a common Webflow signal.
Shopify
Search for cdn.shopify.com in script sources or shopify-checkout-api-token in meta tags. Shopify's checkout scripts and product API endpoints (/cart.js, /recommendations/products.json) are also reliable signals.
Squarespace
The generator meta tag reads "Squarespace" and stylesheet URLs point to static1.squarespace.com. Squarespace also exposes itself through the X-Powered-By HTTP response header.
Framer
Framer sites load images from framerusercontent.com and inject data-framer- prefixed attributes throughout the DOM. A generator meta tag reading "Framer" is present on most Framer sites. The events script at events.framer.com is another strong signal.
Wix
Wix sites load assets from static.wixstatic.com and scripts from static.parastorage.com. A generator meta tag reading "Wix.com Website Builder" is present on most Wix sites.
Ghost
Ghost sites either use a ghost.io subdomain (managed hosting) or include a generator meta tag with "Ghost" and a version number. The /ghost/api/ path appears in network requests for CMS content.
Bubble
Bubble sites load from cdn.bubble.io and include data-bubble-* attributes on interactive elements. A Bubble-specific JavaScript namespace appears in the page's global variables.
Lovable (formerly GPT Engineer)
Lovable-generated sites often include scripts from cdn.gpteng.co or reference lovable.dev in their source. Apps deployed from Lovable typically use Supabase as their backend, so supabase.co API calls in the network tab are a supporting signal.
Bolt (by StackBlitz)
Bolt-generated sites vary by framework but are often deployed on Vercel or Netlify with no platform-specific CDN. The strongest signal is the stack: React or Vue with Tailwind CSS, Supabase for data, and a Vercel deployment — all indicators of an AI-built site even without a Bolt fingerprint.
v0 by Vercel
v0 generates Next.js components and sites are deployed on Vercel. Look for _next/static/ in script paths (Next.js) combined with Vercel-specific response headers (x-vercel-id). v0-generated components often use shadcn/ui component patterns.
Carrd
Carrd sites load assets from assets.carrd.co and include a generator meta tag reading "Carrd". They are typically single-page sites with Carrd's characteristic minimal HTML structure.
Durable
Durable sites load from assets.durable.co and include a generator meta tag. The AI-generated content structure (business name, service description, contact form) is also recognizable.
---
Method 3: Check HTTP Response Headers
HTTP headers reveal the server and hosting layer before you even look at HTML. Open DevTools (F12) → Network tab → click the main document in the list → Headers section.
| Header | What It Reveals |
|--------|-----------------|
| Server: Squarespace | Squarespace |
| X-Powered-By: Squarespace | Squarespace |
| Server: Vercel | Vercel (Next.js, v0, or any Vercel deployment) |
| x-vercel-id present | Vercel |
| x-nf-request-id present | Netlify |
| x-shopify-stage present | Shopify |
| x-wix-request-id present | Wix |
| x-ghost-cache-status present | Ghost Pro (managed) |
| CF-Cache-Status present | Cloudflare CDN |
---
Method 4: Check JavaScript Console Globals
Open the browser console (F12 → Console tab) and type these variable names one by one, pressing Enter after each. A defined result (not "undefined") confirms the platform:
These globals are set by the platform's own JavaScript and cannot be removed without breaking functionality — making them among the most reliable detection signals.
---
Method 5: Inspect Network Requests
Open DevTools → Network tab → reload the page → filter by Fetch/XHR to see API calls. The endpoints a site makes often reveal its backend:
---
Method 6: Check robots.txt and sitemap.xml
Visit example.com/robots.txt and example.com/sitemap.xml directly. These files often reveal platform paths.
WordPress robots.txt typically disallows /wp-admin/ while explicitly allowing /wp-admin/admin-ajax.php.
Webflow sitemaps are hosted at the webflow.io subdomain before custom domain setup.
Shopify robots.txt disallows /admin/ and /checkout/ paths, and the sitemap URL pattern includes myshopify.com.
Ghost includes a generator comment in sitemap files and uses ghost-sitemap paths.
---
Method 7: Use DNS Records
DNS CNAME records reveal the hosting provider even when the site uses a custom domain. Use a tool like MXToolbox or run "dig CNAME example.com" in your terminal:
---
Platform Detection Reference
| Platform | Strongest HTML Signal | JS Global | Header |
|----------|----------------------|-----------|--------|
| WordPress | /wp-content/ in paths | window._wpemojiSettings | — |
| Webflow | webflow.com CDN, data-wf-* | window.Webflow | — |
| Shopify | cdn.shopify.com | window.Shopify | x-shopify-stage |
| Squarespace | squarespace.com CDN | window.squarespace | X-Powered-By: Squarespace |
| Framer | framerusercontent.com, data-framer-* | window.__framer | — |
| Wix | wixstatic.com, parastorage.com | window.wixBiSession | x-wix-request-id |
| Ghost | ghost.io hostname, generator meta | window.ghost | x-ghost-cache-status |
| Bubble | cdn.bubble.io, data-bubble-* | window.Bubble | — |
| Lovable | cdn.gpteng.co | — | — |
| Next.js | _next/static/ in paths | window.__NEXT_DATA__ | x-vercel-id |
| Angular | ng-version attribute on html tag | window.ng | — |
| Vue/Nuxt | data-v-* attributes | window.__nuxt | — |
---
Detecting Vibe-Coded Sites
"Vibe-coded" sites are built using AI coding assistants (Claude, Cursor, ChatGPT) and deployed without any platform wrapper. They have no generator tag, no platform CDN, and no builder-specific JS globals. They look like custom-built sites — because technically they are.
The signals that suggest a vibe-coded origin:
Tailwind CSS with generic component naming — Classes like "flex items-center justify-between px-4 py-2" throughout the markup are characteristic of AI-generated React code.
Supabase API calls — Nearly all AI-generated web apps use Supabase as their backend. Requests to supabase.co in the network tab are a strong signal of a vibe-coded app.
React on Vercel without a Next.js fingerprint — No _next/static/ (so not Next.js), but deployed on Vercel with React — suggests vibe coding or a bare React app.
shadcn/ui component patterns — The shadcn/ui component library is the most popular choice for AI-generated React UIs. Its characteristic class names appear throughout AI-generated code.
AIWebsiteDetector.com assigns a Yes/Maybe/No AI probability verdict to these sites based on code pattern analysis — even when no specific platform is identified.
---
When Detection Is Inconclusive
If automated tools cannot identify the stack and manual inspection is unclear:
Try different pages — The homepage might be a custom marketing page while the /blog path reveals Ghost and the /app path shows a different stack entirely.
Read the careers page — Engineering job listings routinely mention the exact tech stack in detail.
Check the company's GitHub — Many companies have public repos that directly reveal the framework and architecture.
Look at the tech blog or changelog — Many teams document their stack when launching a redesign.
Run the scan on a different page — Try /blog, /pricing, and /app/login. Inner pages often expose more than the homepage.
---
Frequently Asked Questions
Can I detect a website builder without installing anything?
Yes. AIWebsiteDetector.com works entirely in your browser — paste a URL and get a full technology profile in seconds. No extension, no account, no installation required.
What is the most reliable single signal for detecting WordPress?
The path /wp-content/ appearing in any script or stylesheet URL. This is present on virtually every WordPress site, across all themes and configurations. It is harder to remove than a generator meta tag because removing it would require restructuring the entire WordPress directory.
Is it possible to completely hide what website builder you use?
Mostly, but not entirely. Removing generator meta tags is trivial. Routing CDN assets through a custom domain requires more effort. But JavaScript globals like window.Shopify and window.Webflow cannot be removed without breaking functionality, and DOM attribute patterns are hard to eliminate at scale.
How do I identify what JavaScript framework a site uses?
Check for these signals: _next/static/ in script paths means Next.js. data-v- attributes mean Vue. ng-version attribute on the html element means Angular. data-reactroot in the DOM or the React DevTools extension can confirm React. The AIWebsiteDetector.com tool identifies all major frameworks automatically.
What is the most common website builder in 2026?
WordPress powers approximately 43% of all websites globally. Among AI-native builders, Framer has the highest detection rate in our scan database, followed by Wix, Webflow, and Lovable. Among JavaScript frameworks, React (including Next.js) is by far the most widely detected.
Can a site use multiple website builders at once?
Yes — and it is more common than people expect. A company might run their marketing site on Framer, their blog on Ghost, and their web app on Next.js — all at different subdomains or URL paths. Scanning different pages of the same site can reveal different layers of the stack.
How accurate is automated detection?
For sites hosted on known platforms (Framer, Webflow, WordPress, Shopify), automated detection via AIWebsiteDetector.com is 90–95%+ accurate. For vibe-coded sites and sites that export builder content to custom hosting, accuracy is lower — but the AI probability verdict still provides useful signal that manual inspection alone might miss.