How to Detect if a Website Uses HubSpot: 4 Methods

HubSpot is one of the most widely deployed marketing platforms on the web. It spans CRM, email marketing, forms, landing pages, and a full CMS—making it a fixture in B2B marketing stacks. Yet from the outside, there is no badge or footer link that tells you whether a site runs HubSpot for tracking, forms, CMS hosting, or all three.

Whether you are qualifying sales leads, mapping a competitor’s marketing stack, or planning a CMS migration, detecting HubSpot is one of the most actionable things you can learn about a website. This guide covers four methods: from quick manual checks to a fully programmatic API approach that works at scale.

Why Detect HubSpot on a Website

HubSpot appears in several different layers of a site’s infrastructure, and knowing which layer tells you different things about the business.

HubSpot CMS means the company hosts its entire website (or a section of it) on HubSpot’s infrastructure. This signals a deep HubSpot commitment—they are likely paying for Marketing Hub Professional or Enterprise, and their entire content workflow lives inside HubSpot.

HubSpot Tracking Code means the site embeds HubSpot’s JavaScript for visitor analytics, lead capture, and behavioral tracking. The site itself might be hosted on WordPress, Next.js, or any other platform, but the marketing team uses HubSpot to track and nurture leads.

HubSpot Forms and CTAs are embedded components that appear on sites regardless of CMS. They indicate the marketing team uses HubSpot for lead generation, even if the rest of their stack is different.

Each detection method below catches one or more of these layers. Combined, they give you a complete picture of how deeply HubSpot is integrated into a given website.

Method 1 — Check the Page Source for HubSpot Scripts

The simplest way to detect HubSpot is to view the page source and search for its tracking script. In any browser, press Ctrl+U (or Cmd+Option+U on macOS) to view source, then search for these strings:

• js.hs-scripts.com — the HubSpot tracking code loader
• js.hsforms.net — the HubSpot Forms embed script
• js.hscta.net — the HubSpot CTA (call-to-action) embed script
• js.hs-analytics.net — the HubSpot analytics library

HubSpot Tracking Code Signatures

The standard HubSpot tracking code loads from js.hs-scripts.com with a numeric Hub ID:

<!-- Start of HubSpot Embed Code -->
<script type="text/javascript" id="hs-script-loader" async defer
  src="//js.hs-scripts.com/1234567.js"></script>
<!-- End of HubSpot Embed Code -->

The number (1234567 in this example) is the HubSpot Portal ID (also called Hub ID). Every HubSpot account has a unique ID, so this number identifies which HubSpot account owns the tracking installation.

If you find this script in the page source, HubSpot tracking is confirmed. The Hub ID also tells you that the site is connected to a specific HubSpot account—useful context for sales prospecting when combined with other tech stack detection.

HubSpot Forms and CTAs

Even if the main tracking code is absent, HubSpot forms and CTAs have their own script signatures. HubSpot forms load from js.hsforms.net:

<script charset="utf-8" type="text/javascript"
  src="//js.hsforms.net/forms/embed/v2.js"></script>
<script>
  hbspt.forms.create({
    region: "na1",
    portalId: "1234567",
    formId: "abc123-def456-..."
  });
</script>

And HubSpot CTAs load from js.hscta.net:

<script id="cta_button_1234567_abc123"
  src="//js.hscta.net/cta/current.js"></script>

Finding any of these scripts confirms HubSpot usage. The portalId in form embeds matches the Hub ID from the tracking code, tying everything back to the same HubSpot account.

Method 2 — Inspect HTTP Headers and Cookies

HubSpot sets distinctive cookies and, when hosting a site on HubSpot CMS, adds identifiable HTTP headers. These signals persist even when JavaScript is loaded conditionally.

HubSpot-Specific Cookies

After visiting a site that runs HubSpot tracking, open Chrome DevTools (F12), go to Application > Cookies, and look for these cookie names:

The __hstc cookie is the most reliable indicator. Its value contains a dot-separated string with the visitor’s anonymous ID, first visit timestamp, previous visit timestamp, current visit timestamp, and session number. If this cookie exists, HubSpot tracking is active on the site.

You can also check cookies from the command line using curl:

$ curl -sI -c - "https://example.com" 2>&1 | grep -i hubspot
# Look for Set-Cookie headers containing __hstc or hubspotutk

Server Headers on HubSpot CMS Sites

When a website is hosted on HubSpot CMS (not just using HubSpot for tracking), the HTTP response headers reveal the hosting platform:

$ curl -sI "https://www.example.com"
HTTP/2 200
x-hs-hub-id: 1234567
x-hs-content-id: 98765432
x-powered-by: HubSpot
...

The x-hs-hub-id header contains the same Hub ID found in the tracking script. The x-powered-by: HubSpot header is a definitive indicator that the site is hosted on HubSpot CMS. These headers are server-side, so curl catches them reliably without needing JavaScript execution.

Method 3 — DNS and CNAME Records

DNS records reveal whether a domain’s traffic routes through HubSpot infrastructure. This method works even if you cannot visit the site or execute JavaScript—all you need is a DNS query.

HubSpot CNAME Patterns

Sites hosted on HubSpot CMS point their domain to HubSpot via a CNAME record. Run a CNAME lookup to check:

$ dig www.example.com CNAME +short
1234567.group34.sites.hubspot.net.

If the CNAME target ends in .hubspot.net, the site is hosted on HubSpot CMS. The number at the beginning of the CNAME value is the Hub ID, matching the tracking code and server headers.

Common HubSpot CNAME patterns include:

DNS-based detection is the most reliable method for identifying HubSpot CMS hosting because it does not depend on page content, JavaScript execution, or cookie consent. It catches the infrastructure layer that other methods miss. For a deeper look at how DNS records reveal technology choices, see DNS-Based Technology Detection.

Method 4 — Use the DetectZeStack API

When you need to detect HubSpot across a list of domains—for lead qualification, market research, or competitor monitoring—manual methods do not scale. The DetectZeStack API detects HubSpot via both HTTP fingerprinting and DNS CNAME analysis in a single request, alongside 7,200+ other technologies.

Quick Demo (No API Key Required)

Try it without signing up. The /demo endpoint is rate-limited to 20 requests per hour per IP, but requires no authentication:

$ curl -s "https://detectzestack.com/demo?url=hubspot.com" | jq '.'
{
  "url": "https://hubspot.com",
  "domain": "hubspot.com",
  "technologies": [
    {
      "name": "HubSpot",
      "categories": ["Marketing", "CMS"],
      "confidence": 100,
      "source": "dns"
    },
    {
      "name": "Google Analytics",
      "categories": ["Analytics"],
      "confidence": 100,
      "source": "http"
    },
    {
      "name": "Google Tag Manager",
      "categories": ["Tag managers"],
      "confidence": 100,
      "source": "http"
    },
    ...
  ],
  "categories": {
    "Marketing": ["HubSpot"],
    "CMS": ["HubSpot"],
    "Analytics": ["Google Analytics"],
    ...
  },
  "meta": {
    "status_code": 200,
    "tech_count": 24,
    "scan_depth": "full"
  },
  "cached": false,
  "response_ms": 845
}

Notice the source: "dns" field on HubSpot—the API detected it through CNAME analysis of the .hubspot.net DNS record. This is the same DNS method described in Method 3, but fully automated.

Single-URL Detection with /analyze

For production use, the /analyze endpoint supports higher rate limits and is available through RapidAPI:

$ curl -s "https://detectzestack.p.rapidapi.com/analyze?url=hubspot.com" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" | jq '.'

The response returns every detected technology with confidence scores and source indicators. HubSpot may appear with different detection sources depending on the site:

A site can show HubSpot from both sources (CMS-hosted with tracking code) or just one (tracking code on a non-HubSpot-hosted site, or CMS hosting without additional tracking scripts).

Reading the JSON Response

The response structure makes it easy to filter for HubSpot and related marketing technologies:

# Check if HubSpot is in the response
$ curl -s "https://detectzestack.com/demo?url=example.com" | \
  jq '.technologies[] | select(.name == "HubSpot")'

The categories object groups technologies by function. HubSpot appears under “Marketing” and “CMS” categories. You can use this to find all marketing tools on a site at once—HubSpot alongside tools like Marketo, Pardot, Mailchimp, or ActiveCampaign.

Batch Detection with /analyze/batch

To scan multiple domains in one request, use the /analyze/batch endpoint:

$ curl -s -X POST "https://detectzestack.p.rapidapi.com/analyze/batch" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
  -H "Content-Type: application/json" \
  -d '{"urls": ["hubspot.com", "drift.com", "intercom.com"]}' | jq '.'

The batch endpoint accepts up to 10 URLs per request and returns results for each domain. This is ideal for building a spreadsheet of which prospects use HubSpot versus competing marketing platforms.

HubSpot Detection Use Cases

Sales Prospecting and Lead Qualification

If you sell marketing services, CRM consulting, or competing products, knowing which companies use HubSpot is directly actionable. HubSpot customers at the Professional or Enterprise tier are typically spending $800–$3,600 per month—they have budget, they care about marketing technology, and they are reachable through the HubSpot ecosystem.

Combine HubSpot detection with other tech stack signals to qualify leads more precisely. A company running HubSpot alongside Stripe likely has an online payment flow. A company using HubSpot with Salesforce is doing CRM integration work. These combinations tell you more than any single technology detection. For a full guide on using technographic data in sales, see Sales Teams: Competitive Intelligence with Tech Stack Data.

Competitive Intelligence

Tracking which competitors and prospects are on HubSpot helps you understand market positioning. If you are building a marketing automation product, knowing that a prospect’s current stack is HubSpot tells you exactly what feature set you need to match or differentiate from.

You can also monitor technology changes over time. If a company drops HubSpot and switches to a competitor, that is a signal worth knowing—either for your own competitive analysis or to time an outreach campaign to catch them during the transition.

Migration Planning

If you are migrating a website away from HubSpot CMS (or onto it), understanding the current HubSpot integration depth matters. A site that only uses HubSpot tracking is a quick swap—just update the tracking snippet. A site hosted on HubSpot CMS with embedded forms, CTAs, and blog templates requires a full content migration.

The detection methods above tell you exactly which HubSpot components are in use: CMS hosting (DNS check), tracking code (page source), forms (script references), and CTAs (script references). This inventory is the first step in any migration plan.

Building a HubSpot Detection Script in Python

Here is a practical example: scan a list of domains and flag which ones use HubSpot, and in what capacity (CMS, tracking, or both).

import requests
import csv
import time

API_URL = "https://detectzestack.p.rapidapi.com/analyze"
HEADERS = {
    "X-RapidAPI-Key": "YOUR_KEY",
    "X-RapidAPI-Host": "detectzestack.p.rapidapi.com"
}

domains = ["hubspot.com", "drift.com", "intercom.com", "basecamp.com"]

with open("hubspot_audit.csv", "w", newline="") as f:
    writer = csv.writer(f)
    writer.writerow(["domain", "has_hubspot", "source", "categories"])

    for domain in domains:
        resp = requests.get(API_URL, headers=HEADERS, params={"url": domain})
        data = resp.json()

        hubspot = [
            t for t in data.get("technologies", [])
            if t["name"] == "HubSpot"
        ]

        if hubspot:
            tech = hubspot[0]
            writer.writerow([
                domain, True,
                tech.get("source", ""),
                ", ".join(tech.get("categories", []))
            ])
            print(f"{domain}: HubSpot detected (source={tech['source']})")
        else:
            writer.writerow([domain, False, "", ""])
            print(f"{domain}: no HubSpot")

        time.sleep(0.5)  # respect rate limits

This produces a CSV showing each domain, whether HubSpot was found, the detection source (dns or http), and the categories. For a more complete tutorial covering batch endpoints and error handling, see Detect Any Website’s Tech Stack with Python.

Get Started with the DetectZeStack API

Detecting HubSpot manually works for one-off checks: view the source for js.hs-scripts.com, check cookies for __hstc, or run a DNS lookup for .hubspot.net CNAMEs. Each method catches a different layer of HubSpot integration.

For anything beyond a handful of sites—building prospect lists, monitoring competitor stacks, or auditing vendor dependencies—the DetectZeStack API automates all four detection methods in a single request. One call returns HubSpot, Google Analytics, and every other technology on the site, with structured JSON output that feeds directly into your pipeline.