How can I tell if a website uses MySQL?

You cannot query MySQL directly from a browser — the database never speaks HTTP. Instead, detection works by inference: identify the application platform the site runs (WordPress, Magento, PrestaShop, OpenCart, Shopware, and dozens of others) and apply the fact that the platform requires MySQL. A tech detection API like DetectZeStack does this automatically — when it detects WordPress on a domain, MySQL appears in the response under the Databases category with a CPE identifier attached.

Can MySQL be detected from outside a website?

Only indirectly. MySQL runs server-side and is never exposed to visitors, so there is no header or HTML fingerprint to match the way there is for a web server or JavaScript framework. External detection relies on implication chains: platforms that are built on MySQL reveal the database when they themselves are detected. The practical consequence is asymmetric accuracy — a positive MySQL detection is highly reliable, but a missing detection only means no MySQL-implying platform was found, not that the company avoids MySQL.

How do I build a list of companies using MySQL?

Start from a list of target domains and run them through a tech detection API, keeping the domains where MySQL appears in the results. DetectZeStack's /analyze/batch endpoint accepts up to 10 URLs per call and returns the full technology stack for each, so a short bash or Python script can filter a raw list of thousands of domains down to MySQL-confirmed prospects, each annotated with the platform that implied the database.

Which platforms indicate a site runs MySQL?

The biggest signal by far is WordPress, which requires MySQL or MariaDB and powers a large share of the web. Other MySQL-implying platforms include Magento, PrestaShop, OpenCart, Shopware, Flarum, Invision Power Board, MantisBT, BookStack, Piwigo, and Textpattern CMS. In total, dozens of detectable applications carry a MySQL implication in the fingerprint database, spanning CMS, ecommerce, forum, and self-hosted tool categories.

How to Find Companies Using MySQL: API Guide for 2026

June 12, 2026 · 10 min read

MySQL has been the default database of the web for two decades. It sits underneath WordPress, Magento, PrestaShop, and a long tail of forums, wikis, and self-hosted tools—which means a list of companies using MySQL is really a list of companies running real, database-backed applications. If you sell database tooling, managed hosting, backup services, migration consulting, or performance monitoring, that list is your pipeline.

There is a catch, and most guides skip it: you cannot detect MySQL directly from outside a website. The database never talks to the browser. This guide explains how MySQL detection actually works (inference through the application layer), how reliable those inferences are, and how to turn a raw domain list into a MySQL-confirmed prospect list with the DetectZeStack API—single checks, batch scans, and side-by-side comparison included.

Why Build a List of Companies Using MySQL

Who Uses MySQL Lists: Sales, DevRel, Security, and Migration Vendors

MySQL technographics serve a wider set of buyers than most technology filters:

Database and infrastructure vendors. Managed MySQL hosting, backup-as-a-service, replication tooling, query performance monitors—every one of these products has “runs MySQL” as its first qualifying question. A confirmed detection replaces a discovery call.
Migration and consulting shops. Teams selling PostgreSQL migrations, cloud database moves, or version-upgrade services need to find MySQL estates before they can pitch replacing or modernizing them.
DevRel and developer marketing. If your product integrates with MySQL—an ORM, a CDC pipeline, a caching layer—the companies already running it are the audience for your content and outreach.
Security teams. MySQL detections come with a CPE identifier (cpe:2.3:a:mysql:mysql), which plugs directly into vulnerability workflows. An external scan of your vendors’ domains tells you which ones run MySQL-backed platforms worth asking about in a security review. Our CPE guide for security teams covers that pipeline end to end.

The workflow below is the same one we documented for finding companies using Nginx and finding companies using Stripe—only the filter changes. What makes the MySQL version interesting is how the detection happens.

How MySQL Detection Works (and Its Limits)

A web server announces itself in the Server header. A JavaScript framework leaves fingerprints all over the HTML. MySQL does neither—it listens on port 3306 behind a firewall and speaks only to the application. There is no header, cookie, or script tag that says “MySQL.”

So external detection works by implication. The fingerprint database knows that certain applications are built on MySQL. When one of those applications is detected through its own (very visible) fingerprints, MySQL is added to the result as an implied technology. Detect WordPress, and you have detected MySQL, because WordPress does not run without it.

Indirect Signals: CMS and Ecommerce Platform Implications

Dozens of detectable platforms carry a MySQL implication. The ones you will encounter most in real scans:

Platform	Category	What It Means for Your List
WordPress	CMS / Blogs	The single biggest MySQL signal on the web—every WordPress site is a MySQL (or MariaDB) site
Magento	Ecommerce	Larger ecommerce operations with real database load—prime targets for performance tooling
PrestaShop	Ecommerce	SMB ecommerce, heavily represented in Europe
OpenCart	Ecommerce	Self-hosted SMB stores, often on shared or VPS hosting
Shopware	Ecommerce	Mid-market ecommerce, strong in the DACH region
Flarum / Invision Power Board	Forums	Community-run infrastructure with long-lived databases
BookStack / MantisBT / Piwigo	Self-hosted tools	Teams that self-host internal tooling—a strong “runs own infrastructure” signal

Two honest caveats before you build a pipeline on this:

MySQL vs MariaDB is invisible from outside. WordPress and most of the platforms above run equally well on MariaDB, a drop-in replacement. External detection cannot tell which fork is actually installed—treat the detection as “MySQL-compatible database” when precision matters.
Not every MySQL-implying platform is in the chain. Notably, Drupal supports several databases and therefore does not imply MySQL in the fingerprint data, even though many Drupal sites do run it. The implication list is deliberately conservative: it only includes platforms where MySQL is a hard requirement.

Why Server-Side Databases Are Harder to Detect Than Frontend Tech

This inference model has an asymmetry you need to internalize before trusting your lead list:

Positives are strong. If the API reports MySQL, a MySQL-requiring platform was detected at full confidence. The implication is definitional, not statistical—there is no such thing as a WordPress site without a MySQL-compatible database behind it.
Negatives are unknowns. A custom Laravel app, a Rails monolith, or a Django site can all run MySQL without exposing any platform fingerprint that implies it. No detection does not mean no MySQL—it means no visible evidence. Score these domains as “unknown,” not “disqualified.”

This is the database equivalent of the CDN-masking problem we covered in the Nginx guide: external scanning gives you high-precision positives and ambiguous negatives. Good pipelines keep the two piles separate.

Find MySQL-Backed Sites with the DetectZeStack API

The API runs the full detection pass—HTTP fingerprints, DNS records, and TLS certificates—in one call, resolves the implication chains, and returns structured JSON. You can try it right now against the public demo endpoint, no API key required (it is IP-rate-limited, so use it for spot checks, not bulk scans):

$ curl -s "https://detectzestack.com/demo?url=wordpress.org" \
  | jq '.technologies[] | select(.name == "MySQL")'
{
  "name": "MySQL",
  "categories": ["Databases"],
  "confidence": 100,
  "description": "MySQL is an open-source relational database management system.",
  "website": "https://mysql.com",
  "icon": "MySQL.svg",
  "cpe": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
  "source": "http"
}

That is a real response. MySQL appears under the Databases category at confidence 100—the implying platform (WordPress, in this case) was an HTTP-layer match, and the implication inherits its confidence. The cpe field is ready for vulnerability tooling. Note there is no version field: an implied database carries no version information, because the version lives server-side where no scanner can see it.

The top-level categories map gives you a shortcut—you can check for any database without iterating the technologies array:

$ curl -s "https://detectzestack.com/demo?url=wordpress.org" \
  | jq '.categories["Databases"]'
[
  "MySQL"
]

Single Domain Check with /analyze

With an API key, /analyze is the authenticated equivalent—same response shape, your own rate limits, and results cached for repeat lookups:

$ curl -s "https://detectzestack.p.rapidapi.com/analyze?url=example-store.com" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
  | jq '{domain, mysql: (.categories["Databases"] // [] | contains(["MySQL"])), via: .categories["CMS"], tech_count: .meta.tech_count}'
{
  "domain": "example-store.com",
  "mysql": true,
  "via": ["WordPress"],
  "tech_count": 14
}

When all you need is the boolean, the /check endpoint is the cheapest call—pass the domain and tech=mysql (the parameter is case-insensitive):

$ curl -s "https://detectzestack.p.rapidapi.com/check?url=wordpress.org&tech=mysql" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com"
{
  "domain": "wordpress.org",
  "technology": "MySQL",
  "detected": true,
  "confidence": 100,
  "version": "",
  "categories": ["Databases"],
  "response_ms": 1204,
  "cached": false
}

Scaling Up with POST /analyze/batch

For list building, POST /analyze/batch accepts up to 10 URLs per request and analyzes them concurrently. Here is a complete pipeline using bash, curl, and jq that reads domains.txt (one domain per line) and writes every MySQL-confirmed domain to mysql_leads.csv, annotated with the platform that implied the database:

#!/usr/bin/env bash
# find-mysql.sh — filter a domain list down to MySQL-confirmed leads
KEY="YOUR_KEY"
HOST="detectzestack.p.rapidapi.com"

echo "domain,platform,tech_count" > mysql_leads.csv

# Process domains.txt in batches of 10 (the /analyze/batch maximum)
xargs -n 10 < domains.txt | while read -r batch; do
  urls=$(printf '%s\n' $batch | jq -R . | jq -s '{urls: .}')
  curl -s -X POST "https://$HOST/analyze/batch" \
    -H "X-RapidAPI-Key: $KEY" \
    -H "X-RapidAPI-Host: $HOST" \
    -H "Content-Type: application/json" \
    -d "$urls" |
  jq -r '.results[]
    | select(.result != null)
    | select(.result.categories["Databases"] // [] | contains(["MySQL"]))
    | [.result.domain,
       ((.result.categories["CMS"] // .result.categories["Ecommerce"] // ["unknown"])[0]),
       (.result.meta.tech_count | tostring)]
    | @csv' >> mysql_leads.csv
done

wc -l mysql_leads.csv

A 1,000-domain list becomes 100 batch calls. Domains that fail to resolve or time out appear in results[] with an error field instead of a result, and the select(.result != null) guard skips them cleanly. One more filter worth adding for data quality: check meta.scan_depth. A value of "partial" means the HTTP fetch failed and only DNS and TLS layers ran—since MySQL implications come from HTTP-layer platform detection, a partial scan can never find MySQL, and those domains belong in a retry queue rather than your rejects file. For throughput, retries, and a production Python version of this scanner, see how to batch scan 1,000 websites.

Building a Prospect List: From Detection to Outreach

The CSV above is a lead list, but the platform column is what makes it routable. A MySQL detection via Magento and one via WordPress describe very different companies:

WordPress + MySQL — could be anything from a hobby blog to an enterprise content site. Qualify further on tech_count and the rest of the stack: a site also running a tag manager, a CRM widget, and a CDN is a business; fifteen plugins and shared hosting is not your enterprise buyer. Our guide to checking if a website uses WordPress covers reading those secondary signals.
Magento / Shopware + MySQL — transactional databases under real load. These companies feel query latency in revenue and are the natural audience for performance and reliability tooling.
Self-hosted tools (BookStack, MantisBT) + MySQL — engineering-led teams that run their own infrastructure and can actually install what you sell.

Comparing Two Prospects with POST /compare

When you are deciding which of two accounts to work first, POST /compare analyzes 2–10 domains in one call and computes the shared and unique technologies across them:

$ curl -s -X POST "https://detectzestack.p.rapidapi.com/compare" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
  -H "Content-Type: application/json" \
  -d '{"urls": ["prospect-a.com", "prospect-b.com"]}' \
  | jq '{shared, unique_a: .domains[0].unique, unique_b: .domains[1].unique}'
{
  "shared": ["WordPress", "MySQL", "PHP", "Nginx"],
  "unique_a": ["WooCommerce", "Cloudflare"],
  "unique_b": ["HubSpot"]
}

Both prospects run WordPress on MySQL, but prospect A added ecommerce (WooCommerce)—its database is taking orders, not just serving pages. If you sell backup or performance tooling, A goes to the top of the queue. The full response also carries each domain’s complete technologies array, so one compare call doubles as two enrichment calls. Feeding these signals into a scoring model is covered in our lead enrichment pipeline guide.

MySQL Detection vs Other Technographic Tools

Every external technographic tool—ours included—detects databases the same way, because there is only one way: implication through the application layer. The differences that actually matter when you evaluate tools for a MySQL pipeline:

Live scans vs stored indexes. Directory-style tools answer from a crawl that may be months old; a site that migrated off Magento last quarter still shows as a MySQL lead. DetectZeStack scans the domain at request time, so the detection reflects today’s stack. (Results are cached briefly for repeat lookups—the cached field in every response tells you which you got.)
Structured output. A boolean from /check, a filterable categories map from /analyze, and CPE identifiers on every detection that has one—built for scripts rather than screenshots.
Cost at list-building volume. Enterprise technographic platforms price for sales teams buying exports. If what you need is “run my own domain list through a detector,” API pricing is an order of magnitude cheaper—we did the math in our technographic data pricing breakdown.

Conclusion and Next Steps

Finding companies using MySQL means accepting how database detection really works: there is no direct fingerprint, only implication through platforms like WordPress, Magento, PrestaShop, and OpenCart that cannot run without it. That gives you high-precision positives (the implication is definitional), negatives that are really unknowns (custom apps hide their database), and one structural blind spot (MySQL vs MariaDB is indistinguishable from outside).

The pipeline itself is three calls: /demo or /check to validate the approach on domains you know, /analyze/batch to turn a raw domain list into a platform-annotated MySQL lead list, and /compare to rank the prospects you are about to work. The free tier’s 100 requests per month are enough to validate the pipeline on a sample of your list before scaling up.

Try DetectZeStack Free

100 requests per month, no credit card required. Database, CMS, and infrastructure detection included on every plan.

Get Your Free API Key