Method 1 — HTTP Response Header Analysis

HTTP headers are included with every response a web server sends. They are visible to any HTTP client — a browser, a command-line tool like curl, or a tech stack checker. The Server header identifies the underlying web server software: common values are nginx, Apache, LiteSpeed, and Microsoft-IIS. X-Powered-By identifies the server-side language or framework: PHP/8.1, ASP.NET, and Express are common values. X-Cache and CDN-specific headers (Cf-Ray for Cloudflare, X-Served-By for Fastly, X-Cache for Varnish) identify the CDN or caching layer.

Managed hosting providers often set proprietary headers that directly identify their platform: X-WP-Engine for WP Engine, X-Kinsta-Cache for Kinsta, X-Powered-By: Heroku for Heroku-hosted applications. These headers provide reliable hosting identification without any ambiguity. A web server that has been security-hardened may suppress or randomize some headers, but most servers expose the Server header at minimum.

Method 2 — HTML Source Inspection

The HTML source of a web page contains multiple technology signals. The generator meta tag (meta name='generator' content='WordPress 6.4.2') directly states the CMS and version. Script src attributes identify JavaScript frameworks and libraries — React applications include react.production.min.js or next.js in their script sources; Vue applications include vue.min.js. CSS class naming conventions identify front-end frameworks and page builders — Bootstrap uses col-md- and container-fluid; Tailwind uses utility class strings; Elementor uses elementor- prefixes throughout.

Asset URL structure is another signal source. WordPress assets load from wp-content/themes/ and wp-content/plugins/. Shopify assets load from cdn.shopify.com. Webflow assets load from uploads-ssl.webflow.com. These URL patterns are structural to each platform and appear reliably in any page using assets.

Run a full tech stack scan from a single URL
Free, no sign-up, results in seconds
Open the Tool →

Method 3 — DNS Record Analysis

DNS records reveal the infrastructure layer beneath the web server. The A record (IPv4 address) or AAAA record (IPv6) identifies the hosting IP, which can be matched against known IP ranges for major cloud providers (AWS, Google Cloud, Azure, DigitalOcean). The CNAME record may point directly to a hosting provider's domain (sites.netlify.com, username.github.io, pages.cloudflare.com). MX records identify the email service provider (Google Workspace, Microsoft 365, Fastmail). NS records identify the DNS provider and may reveal if Cloudflare is handling DNS (indicating CDN usage).

DNS analysis is the most stable detection method — DNS records change less frequently than HTML source code or server software. It is also the method that reveals infrastructure that HTTP headers and HTML source might not expose, particularly the email provider and the cloud hosting provider.

Combining All Three Methods for a Complete Stack Profile

A complete technology identification uses all three methods together. HTTP headers establish the server software, CDN, and hosting layer. HTML source reveals the CMS, front-end framework, JavaScript libraries, and page builder. DNS records confirm the hosting provider and reveal the email infrastructure. The three methods are complementary, not redundant — each exposes parts of the stack that the others do not.