Detect what any site runs, track changes over time, compare competitors side by side, and get alerted when stacks shift. One API, full visibility.
Instant single-URL checks. For batch lookups or programmatic use, grab an API key.
Paste any URL — see whether the site uses Cloudflare, Fastly, Akamai, AWS CloudFront, Vercel, Netlify, or another CDN.
Paste a competitor's URL — see their full tech stack: frameworks, CMS, analytics, CDN, ad networks, A/B testing.
WhatRuns has no API. Here's the documented equivalent — endpoint catalog, request/response examples, OpenAPI spec.
curl "https://detectzestack.com/analyze?url=github.com" \ -H "X-API-Key: YOUR_KEY"
Every scan diffs against the previous snapshot. Added React? Dropped jQuery? Version bumped? The /changes API gives you a queryable feed of every technology change, with tier-gated history up to 365 days.
Register webhooks per domain. When a stack changes, you get an HMAC-signed payload within minutes. HTTPS only, automatic retries.
Side-by-side tech comparison of 2–10 sites in one request. Spot shared infrastructure, identify differentiators, benchmark against competitors.
Wappalyzer fingerprinting plus DNS CNAME detection (200+ signatures), TLS certificate analysis, and custom header matching.
Batch up to 10 URLs in a single request. Concurrent processing, ordered results. Add ?format=csv for spreadsheet-ready export.
Same domain, cached response under 5ms. X-Cache headers let your code know when data is fresh. 24-hour TTL keeps results current.
Does this site use Shopify? The /check endpoint returns a simple true/false answer with zero noise. Perfect for lead qualification and filtering.
Find sites using a specific technology. The /lookup endpoint returns domains running Shopify, React, Cloudflare, or any of 7,300+ technologies from our scan database.
Detect CVEs in detected technologies via CPE matching against the NVD database. The /vulnerability endpoint flags known vulnerabilities with severity scores.
One call, full picture. The /site endpoint returns tech stack, DNS records, TLS certificate, security headers, and vulnerability data in a single response.
Check SPF, DMARC, and DKIM configuration with A+ to F grades. The /dns endpoint probes 8 common DKIM selectors in parallel and grades your email authentication posture.
First-party time-series of which sites added, removed, or upgraded technologies this week. Free dashboard + RSS feed. Updated daily.
Inspect certificate issuer, expiry, chain validity, TLS version, and cipher suite. The /certificate/check endpoint catches expiring certs before they take your site down.
| Plan | Requests / mo | Price | Change History | /lookup results | /site access |
|---|---|---|---|---|---|
| Basic | 100 | $0 | 7 days | 2 | — |
| Pro | 1,000 | $9 | 30 days | 50 | — |
| Ultra Popular | 10,000 | $29 | 90 days | 200 | Included |
| Mega | 50,000 | $79 | 365 days | 800 | Included |
| Feature | DetectZeStack | BuiltWith API | Wappalyzer API |
|---|---|---|---|
| Free tier | 100 req/mo | No | 50 req/mo |
| Paid API from | $9/mo | $995/mo | $450/mo |
| Batch analysis | Up to 10 URLs | No | No |
| Stack comparison | Built-in | No | No |
| DNS fingerprinting | 200+ signatures | Yes | No |
| TLS cert detection | 8 issuers | No | No |
| Webhook alerts | HMAC-signed | No | No |
| Result caching | 24h TTL | No | 30 days |
| Change history | Up to 365 days | Yes | No |
| Vulnerability scanning | CPE/CVE via NVD | No | No |
| Security header grading | A+ to F | No | No |
| Reverse tech lookup | Built-in | Yes | Yes |
Looking for a WhatRuns API? No public WhatRuns API exists — here's the free alternative.
Sign up at detectzestack.com/signup — 100 free requests per month, no credit card. Or use the RapidAPI marketplace.
Pass any URL to /analyze and get back every technology, from frameworks to CDNs, with confidence scores.
Set up /history tracking, register webhooks for change alerts, and use /compare for competitive intelligence. The platform grows with you.
Get API updates, new features, and tech detection tips.