Find Companies Using Next.js: Technographic API Guide
Next.js has become the default framework for production React applications, and that makes “built with Next.js” one of the most information-dense technographic signals you can collect. A company running Next.js is telling you it employs React engineers, operates a modern JavaScript build pipeline, and made a deliberate framework decision—three qualifiers in a single detection.
The good news for list builders: Next.js is unusually easy to fingerprint from the outside. This guide covers what a Next.js detection is worth, exactly which markers give the framework away, and three ways to turn detection into a lead list with the DetectZeStack API—querying the scan database with /lookup, verifying single domains with /analyze, and batch-scanning your own prospect list with /analyze/batch.
Why Build a List of Companies Using Next.js
Technographic filters work because a framework choice encodes information about the team behind it. Next.js encodes more than most, because it never travels alone: a confirmed Next.js site also implies React, a Node.js runtime, and a bundler-driven build pipeline underneath. One detection hands you a four-technology profile.
Who Uses Next.js Data
- Sales teams. If you sell developer tooling, hosting, observability, CI/CD, CMS backends, or anything else consumed by React teams, “runs Next.js” is a direct product-fit qualifier. A Next.js shop has a build pipeline to feed, server rendering to host, and JavaScript dependencies to keep patched.
- Recruiters. A company shipping Next.js in production employs React and TypeScript engineers today and will likely hire more. Filtering a target-account list by framework beats guessing from job boards, which lag what teams actually run.
- Agencies. Agencies that specialize in a stack prospect best inside that stack. A Next.js-confirmed list is a list of companies whose sites you can credibly audit, extend, or migrate—and the detection often reveals the hosting platform too.
- Investors and analysts. Framework adoption across a portfolio or market segment is a proxy for engineering modernity. Scanning a sector's domains for Next.js versus legacy stacks turns anecdote into a measurable distribution.
The same pipeline applies to any detectable technology. We have companion guides for finding companies using Node.js and finding companies using Stripe—the filter changes, the workflow stays the same.
How Next.js Is Detected on a Live Website
Unlike a bare runtime such as Node.js, which leaves almost no default trace, Next.js stamps distinctive markers into both the HTML it renders and, in some deployments, the response headers.
Fingerprints: __NEXT_DATA__, /_next/ Assets, and Headers
The classic signal is the __NEXT_DATA__ script tag—a JSON blob Next.js embeds in server-rendered pages carrying the page props, build ID, and routing data. It is the single most reliable indicator and DetectZeStack's primary Next.js fingerprint. You can spot it yourself in one command:
$ curl -s https://nextjs.org | grep -o "__NEXT_DATA__" | head -1
__NEXT_DATA__
Two secondary markers back it up. Every Next.js build serves its compiled assets from /_next/static/ paths, and Pages Router sites render into a root <div id="__next">. Some deployments also send an explicit header—x-powered-by: Next.js—which DetectZeStack matches directly, and which can even carry the framework version:
$ curl -sI https://example.com | grep -i "^x-powered-by"
x-powered-by: Next.js
| Signal | Example | What It Tells You |
|---|---|---|
| __NEXT_DATA__ script tag | <script id="__NEXT_DATA__"> | Next.js confirmed — primary fingerprint |
| Asset paths | /_next/static/… | Next.js build output |
| x-powered-by header | x-powered-by: Next.js | Next.js confirmed, sometimes with version |
| Implied stack | React, Node.js, Webpack | Ride along with every Next.js detection |
When DetectZeStack confirms Next.js from any of these signals, it adds React, Node.js, and Webpack by implication—Next.js is a React framework that runs on a Node.js server with a bundled build, so all three appear in the same technologies array automatically. For a hands-on tour of the raw markers, including how the App Router changes the picture, see our dedicated guide on how to detect a Next.js website.
The honest limitation: a fully static Next.js export served through a CDN can strip the header, and the App Router replaced __NEXT_DATA__ with a different hydration pattern—though the /_next/static/ asset paths persist across both routers. A missed detection is an unknown, not a confirmed miss; the meta.scan_depth field covered below tells you which negatives to trust.
Find Companies Using Next.js with the DetectZeStack API
Manual grep works for one domain. For a list, the API runs the full detection pass—HTTP body and header fingerprints, DNS, and TLS—in a single call and returns structured JSON you can filter in a script. There are three entry points, and they compose: /lookup to pull already-confirmed domains, /analyze to verify one site in depth, /analyze/batch to sweep your own prospect list.
Look Up Domains by Technology with /lookup
The /lookup endpoint is a reverse index over DetectZeStack's scan database: give it a technology name and it returns the domains where that technology was previously detected, newest sightings first. One honest framing note—it reflects domains DetectZeStack has already scanned, not an internet-wide crawl, so treat it as a seed list that grows with the scan database rather than a census:
$ curl -s "https://detectzestack.p.rapidapi.com/lookup?tech=Next.js&limit=50" \
-H "X-RapidAPI-Key: YOUR_KEY" \
-H "X-RapidAPI-Host: detectzestack.p.rapidapi.com"
{
"technology": "Next.js",
"total": 217,
"results": [
{
"domain": "nextjs.org",
"category": "JavaScript frameworks",
"confidence": 100,
"version": "",
"first_seen": "2026-05-14T08:11:42Z",
"last_seen": "2026-07-01T06:03:19Z"
},
{
"domain": "vercel.com",
"category": "JavaScript frameworks",
"confidence": 100,
"version": "",
"first_seen": "2026-04-02T11:47:03Z",
"last_seen": "2026-06-28T09:20:51Z"
}
],
"limit": 50,
"offset": 0,
"response_ms": 12
}
Matching is case-insensitive, and limit plus offset paginate through the full result set. The first_seen and last_seen timestamps are useful on their own: a domain whose last_seen is recent is a currently-confirmed Next.js site, and a first_seen date tells you roughly when the framework entered the picture. The number of results per call is capped by plan—see the pricing table below.
Verify a Single Domain with /analyze
Before wiring up a pipeline, spot-check the detection against a site you know. The public /demo endpoint needs no API key (it is IP-rate-limited, so use it for spot checks rather than bulk scans):
$ curl -s "https://detectzestack.com/demo?url=nextjs.org" \
| jq '.technologies[] | select(.name == "Next.js")'
{
"name": "Next.js",
"categories": ["JavaScript frameworks", "Web frameworks"],
"confidence": 100,
"description": "Next.js is a React framework for developing single page Javascript applications.",
"website": "https://nextjs.org",
"icon": "Next.js.svg",
"source": "http",
"version": "",
"cpe": "cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*"
}
Next.js comes back at confidence: 100 under both JavaScript frameworks and Web frameworks, with source: "http" because the evidence lives in the HTTP response. The cpe identifier ties the detection to the vulnerability databases—handy if your use case is security review rather than sales. With an API key, /analyze returns the full stack:
$ curl -s "https://detectzestack.p.rapidapi.com/analyze?url=nextjs.org" \
-H "X-RapidAPI-Key: YOUR_KEY" \
-H "X-RapidAPI-Host: detectzestack.p.rapidapi.com"
{
"url": "https://nextjs.org",
"domain": "nextjs.org",
"technologies": [
{
"name": "Next.js",
"categories": ["JavaScript frameworks", "Web frameworks"],
"confidence": 100,
"description": "Next.js is a React framework for developing single page Javascript applications.",
"website": "https://nextjs.org",
"icon": "Next.js.svg",
"source": "http",
"version": "",
"cpe": "cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*"
},
{
"name": "React",
"categories": ["JavaScript frameworks"],
"confidence": 100,
"description": "React is an open-source JavaScript library for building user interfaces or UI components.",
"website": "https://reactjs.org",
"icon": "React.svg",
"source": "http",
"version": "",
"cpe": "cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*"
},
{
"name": "Node.js",
"categories": ["Programming languages"],
"confidence": 100,
"description": "Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.",
"website": "https://nodejs.org",
"icon": "Node.js.svg",
"source": "http",
"version": "",
"cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"
},
{
"name": "Vercel",
"categories": ["PaaS"],
"confidence": 100,
"description": "Vercel is a cloud platform for static frontends and serverless functions.",
"website": "https://vercel.com",
"icon": "vercel.svg",
"source": "http",
"version": "",
"cpe": ""
}
],
"categories": {
"JavaScript frameworks": ["React", "Next.js"],
"Web frameworks": ["Next.js"],
"Programming languages": ["Node.js"],
"PaaS": ["Vercel"]
},
"meta": { "status_code": 200, "tech_count": 7, "scan_depth": "full" },
"cached": false,
"response_ms": 1842
}
This is a real scan of nextjs.org, trimmed to four of the seven detected technologies for readability (Webpack, HSTS, and Let's Encrypt round out the list, which is why meta.tech_count reads 7). Notice how one Next.js fingerprint fanned out: React and Node.js arrived by implication, and Vercel was matched off its own hosting headers in the same pass. The top-level categories map groups everything, so .categories["JavaScript frameworks"] pulls the framework layer without iterating the array; response_ms and cached sit at the top level.
One field matters for list building: meta.scan_depth. A value of "full" means the HTTP fetch succeeded and body fingerprinting ran, so a missing Next.js entry is a real negative. A value of "partial" means the site blocked or timed out the HTTP request and only DNS and TLS layers completed—an absent Next.js entry then tells you nothing, and the domain belongs in a retry queue rather than your rejects file.
Scan Your Own Prospect List with /analyze/batch
For your own domain list, POST /analyze/batch accepts up to 10 URLs per request and analyzes them concurrently:
$ curl -s -X POST "https://detectzestack.p.rapidapi.com/analyze/batch" \
-H "X-RapidAPI-Key: YOUR_KEY" \
-H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
-H "Content-Type: application/json" \
-d '{"urls": ["nextjs.org", "vercel.com", "wordpress.org"]}'
Each entry in the response carries either a full analysis result (same shape as /analyze) or an error for domains that could not be fetched. Here is a complete pipeline in bash, curl, and jq: it reads domains.txt (one domain per line), sends batches of 10, and appends every Next.js-confirmed domain to nextjs_leads.csv along with its detected hosting platform and stack size:
#!/usr/bin/env bash
# find-nextjs.sh — filter a domain list down to Next.js-confirmed leads
KEY="YOUR_KEY"
HOST="detectzestack.p.rapidapi.com"
echo "domain,hosting,tech_count" > nextjs_leads.csv
# Process domains.txt in batches of 10 (the /analyze/batch maximum)
xargs -n 10 < domains.txt | while read -r batch; do
urls=$(printf '%s\n' $batch | jq -R . | jq -s '{urls: .}')
curl -s -X POST "https://$HOST/analyze/batch" \
-H "X-RapidAPI-Key: $KEY" \
-H "X-RapidAPI-Host: $HOST" \
-H "Content-Type: application/json" \
-d "$urls" |
jq -r '.results[]
| select(.result != null)
| . as $r
| select([$r.result.technologies[].name] | index("Next.js"))
| (($r.result.categories["PaaS"] // ["unknown"]) | .[0]) as $hosting
| [$r.result.domain, $hosting, ($r.result.meta.tech_count | tostring)]
| @csv' >> nextjs_leads.csv
done
wc -l nextjs_leads.csv
A 1,000-domain list becomes 100 batch calls. The index("Next.js") guard keeps a domain whenever Next.js appears in its stack, the $hosting expression records the PaaS layer detected alongside it, and select(.result != null) skips domains that failed to resolve. For throughput, retries, and a production Python version of this scanner, see how to batch scan 1,000 websites.
Turning Detection Results into a Lead List
A raw “runs Next.js” flag qualifies a domain; the technologies detected alongside it segment and score the lead. Because a single /analyze pass returns the whole stack, the enrichment is already in the response you paid for.
Pairing Next.js with Hosting and Analytics Signals
- Hosting platform. A Next.js site on Vercel is a team using the framework's default path; a Next.js site where the same scan shows self-managed infrastructure signals is a team running its own deployment—a different buyer for hosting, DevOps, and observability pitches. The
categories["PaaS"]slice in the response captures this directly, which is why the batch script above records it. - Analytics and marketing layer. Detections like Google Analytics or a tag manager in the same response tell you whether a marketing team is instrumented on the site. Next.js plus a mature analytics stack profiles as a product-led company with growth tooling budget; Next.js with nothing else is often an early-stage build.
- Stack richness. The
meta.tech_countfield is a rough maturity proxy: a Next.js site with 20+ detected technologies is a more built-out engineering and marketing org than one with five. Sorting the CSV by that column is a crude but effective first-pass prioritization. - Framework distinctions. React markers without Next.js signals mean plain React or another framework—a different segment worth keeping rather than discarding. Our guides on detecting React websites and detecting JavaScript frameworks cover drawing those lines.
Turning the scored CSV into routable, owner-assigned leads—dedupe, firmographic joins, CRM import—is its own topic; our guide on tech stack enrichment for sales teams picks up where the scan output ends.
Pricing and Plan Limits
Every DetectZeStack plan includes the full detection pass—HTTP fingerprinting, DNS, and TLS—so Next.js detection is not a premium add-on. Plans differ in monthly request volume and in how many domains a single /lookup call may return:
| Plan | Price | Requests / month | Max /lookup results |
|---|---|---|---|
| Basic | Free | 100 | 2 |
| Pro | $9 / mo | 1,000 | 50 |
| Ultra | $29 / mo | 10,000 | 200 |
| Mega | $79 / mo | 50,000 | 800 |
A /analyze/batch call counts each URL in the batch against your monthly quota, so a 10-URL batch spends 10 requests. The free tier's 100 requests validate the pipeline on a sample of your prospect list; a 10,000-domain sweep fits inside the Ultra plan.
Conclusion
Finding companies using Next.js is one of the cleaner technographic plays because the framework advertises itself: the __NEXT_DATA__ script tag, the /_next/static/ asset paths, and sometimes an outright x-powered-by: Next.js header. DetectZeStack matches those fingerprints and fans each hit out into the implied stack—React, Node.js, Webpack—plus whatever hosting and analytics layers the same scan surfaces. /lookup hands you a seed list of already-confirmed domains, /analyze answers the one-domain question with the full stack attached, and /analyze/batch turns a raw prospect list into a Next.js-confirmed CSV with hosting and stack-size columns ready for scoring. Swap the jq filter and the same pipeline segments by CMS, CDN, or payment stack instead.
Related Reading
- How to Detect a Next.js Website — The __NEXT_DATA__, /_next/, and App Router markers in depth
- Find Companies Using Node.js — The runtime underneath every Next.js deployment
- How to Detect a React Website — Separating plain React from Next.js in your segments
- Tech Stack Enrichment for Sales Teams — Turning raw detections into scored, routable leads
- How to Batch Scan 1,000 Websites for Tech Stack Data — Deep dive on /analyze/batch throughput, retries, and a Python scanner
- How to Detect the JavaScript Framework of a Website — The full front-end fingerprint tour
- How to Detect Vercel on Any Website — Segment Next.js prospects by whether they host on Vercel, detected from headers and DNS
Try DetectZeStack Free
100 requests per month, no credit card required. Header, DNS, and TLS detection included on every plan.
Get Your Free API Key