How to Detect if a Website Uses React: 4 Proven Methods

React powers a massive share of the modern web. From single-page apps to server-rendered sites built with Next.js, React’s footprint is everywhere—but not always obvious. A well-built React site can look indistinguishable from any other website in the browser. There’s no “Built with React” badge in the footer.

Whether you’re evaluating a competitor’s technology choices, auditing a site for known React vulnerabilities, qualifying leads based on their tech stack, or simply curious about how a product is built, you need reliable detection methods. This guide covers four approaches, from quick manual checks to fully automated API-based detection.

Why Detect React on a Website

Knowing whether a site runs React is more than trivia. Here are the practical reasons people look for this information:

• Competitive intelligence: Understanding what frameworks your competitors chose—and whether they use plain React, Next.js, or Gatsby—reveals their engineering priorities. A Next.js site signals investment in SEO and performance. A client-side React SPA suggests a different set of trade-offs.
• Security auditing: React versions have known CVEs. Detecting an outdated React version on a target site is a concrete security finding. The same applies to Next.js, which has had its own set of vulnerabilities.
• Sales prospecting: If you sell developer tools, monitoring services, or React-specific products, knowing which companies use React determines whether your outreach is relevant. This is the same logic behind finding companies that use Stripe for payment-related prospecting.
• Migration planning: Before migrating from Angular to React, or upgrading from React 17 to React 18, you need to know exactly what’s running in production—not what the internal documentation says.
• Hiring context: Researching a company’s tech stack before an interview helps you understand what you’ll be working with and what questions to expect.

Method 1 — Browser DevTools Console

The fastest way to check if a website uses React is through the browser’s DevTools console. React leaves several fingerprints in the DOM and in JavaScript globals that you can query directly.

Check for React Global Objects

Open Chrome DevTools (press F12 or Cmd+Option+I on macOS), switch to the Console tab, and run these checks:

// Check for the React DevTools hook (present on most React sites)
!!window.__REACT_DEVTOOLS_GLOBAL_HOOK__

// Check for React Fiber on the root element
!!document.querySelector('#root')?._reactRootContainer

// Check for the data-reactroot attribute (React 15-16 pattern)
!!document.querySelector('[data-reactroot]')

// Check for Next.js (built on React)
!!document.getElementById('__next')

If any of these return true, the site is running React. The __REACT_DEVTOOLS_GLOBAL_HOOK__ check is the most reliable for modern React apps because React itself injects this hook during initialization, regardless of whether React DevTools is installed.

Inspect the DOM for React Fiber Attributes

React’s reconciler (Fiber) attaches internal properties to DOM nodes. In the Elements panel, select any element inside the React app and look at its properties in the Console:

// Select an element, then run:
$0.__reactFiber$   // React 18+
$0.__reactInternalInstance$   // React 16-17
$0._reactInternalFiber   // Older React versions

These properties are prefixed with a random hash (e.g., __reactFiber$abc123), so you may need to type the prefix and let autocomplete show the full property name. If any of these properties exist on DOM nodes, React is managing that part of the page.

Method 2 — View Page Source Clues

Viewing the HTML source (Ctrl+U or Cmd+Option+U) reveals patterns that indicate React, even before JavaScript executes.

Script Tags and Bundle Filenames

React apps typically load bundled JavaScript files. Look for these patterns in the source:

• react.production.min.js or react-dom.production.min.js — Direct React library references, common on CDN-loaded setups.
• Webpack chunk filenames like main.abc123.js or static/js/bundle.js — While not React-specific, these are the default output of Create React App.
• /__next/ prefixed asset paths — A definitive Next.js marker. All static assets in Next.js are served from /_next/static/.

For client-side rendered React apps, the HTML source is often minimal—just a <div id="root"></div> and script tags. This “empty shell” pattern is itself a strong signal of a client-side React SPA, though other frameworks like Vue and Angular can produce similar output.

Server-Side Rendered React and Next.js Markers

Server-rendered React sites (using Next.js, Remix, or custom SSR) include the full HTML content in the source. The distinguishing markers are:

• <div id="__next"> — The root element for Next.js applications.
• <script id="__NEXT_DATA__" type="application/json"> — Contains the serialized page props, build ID, and routing data. This is the single most reliable indicator of Next.js.
• data-reactroot attribute on the root element — Added by ReactDOMServer.renderToString() in React 15-16.
• data-nhead or data-react-helmet attributes — Present when using helmet-style head management in React SSR.

<!-- Next.js fingerprint in page source -->
<div id="__next">
  <!-- Full server-rendered HTML here -->
</div>
<script id="__NEXT_DATA__" type="application/json">
  {"props":{"pageProps":{}},"page":"/","buildId":"abc123"}
</script>

Method 3 — Browser Extensions

React Developer Tools Extension

The official React Developer Tools extension (available for Chrome and Firefox) is the most definitive manual check. When you visit a React-powered site, the extension icon lights up—blue for production builds, red for development builds. It also adds “Components” and “Profiler” tabs to DevTools, letting you inspect the React component tree directly.

The extension works by detecting the __REACT_DEVTOOLS_GLOBAL_HOOK__ that React attaches during initialization. If React is present anywhere on the page—even in a small embedded widget—the extension will detect it.

The limitation: you have to visit each site individually. This is fine for one-off checks but impractical if you need to scan hundreds of sites.

DetectZeStack Chrome Extension

The DetectZeStack Chrome extension detects not just React but the entire technology stack—frameworks, CDNs, analytics tools, hosting providers, and more—all from a single toolbar click. Unlike React DevTools, which only identifies React, DetectZeStack shows the full picture: whether the site also uses Next.js, what CDN or hosting provider serves it, what analytics and marketing tools are loaded, and more.

Method 4 — DetectZeStack API (Programmatic Detection)

Manual methods work for spot checks. When you need to detect React across tens, hundreds, or thousands of sites—for lead qualification, competitive analysis, or security scanning—you need an API.

Single-URL Analysis with curl

The DetectZeStack API detects React and 7,200+ other technologies in a single request. Here is a quick check using the free demo endpoint (no API key required):

$ curl -s "https://detectzestack.com/demo?url=netflix.com" | jq '.technologies[] | select(.name == "React" or .name == "Next.js")'

For production use with higher limits, use the RapidAPI endpoint:

$ curl -s "https://detectzestack.p.rapidapi.com/analyze?url=netflix.com" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
  | jq '.technologies[] | select(.categories[] | contains("JavaScript frameworks"))'

Reading the API Response

The API returns a JSON object with all detected technologies. Here is what a React detection looks like in the response:

{
  "url": "https://netflix.com",
  "domain": "netflix.com",
  "status": 200,
  "scan_depth": "full",
  "technologies": [
    {
      "name": "React",
      "categories": ["JavaScript frameworks"],
      "confidence": 100,
      "version": "18.2",
      "website": "https://reactjs.org",
      "cpe": "cpe:2.3:a:facebook:react:18.2:*:*:*:*:*:*:*"
    },
    {
      "name": "Next.js",
      "categories": ["JavaScript frameworks"],
      "confidence": 100,
      "website": "https://nextjs.org"
    }
  ]
}

Key fields to look at:

• name — The technology name. React and Next.js are reported separately, so you can distinguish between the two.
• confidence — How certain the detection is (0-100). A confidence of 100 means the fingerprint matched unambiguously.
• version — When detectable, the specific React version. Useful for security auditing—you can cross-reference this against known CVEs.
• cpe — The CPE identifier for the technology, letting you look up vulnerabilities in the NVD directly.
• categories — React appears under “JavaScript frameworks.” This lets you filter the response to only show front-end frameworks.

Batch Detection Across Multiple Sites

To scan a list of domains for React usage, loop through them with curl or use a script. Here is a quick bash one-liner:

$ for domain in netflix.com airbnb.com stripe.com; do
    echo -n "$domain: "
    curl -s "https://detectzestack.p.rapidapi.com/analyze?url=$domain" \
      -H "X-RapidAPI-Key: YOUR_KEY" \
      -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
      | jq -r '[.technologies[] | select(.name == "React" or .name == "Next.js") | .name] | if length == 0 then "not detected" else join(", ") end'
  done

For larger-scale scanning, see the Python tutorial which covers batch scanning with rate limiting and CSV export.

React vs Next.js — What the Detection Tells You

Every Next.js site uses React, but not every React site uses Next.js. Understanding the distinction matters for competitive analysis and technical assessment:

When the DetectZeStack API reports both “React” and “Next.js,” it means the site uses Next.js as the framework layer on top of React. If only “React” is reported, the site uses React directly—possibly with Create React App, Vite, Gatsby, Remix, or a custom setup.

Other React-based frameworks you may see detected alongside React include Gatsby (which uses React for its component model and adds a static site generation layer) and Remix (which, like Next.js, adds server-side rendering to React). For a broader overview of detecting all JavaScript frameworks, see How to Detect What JavaScript Framework a Website Uses.

Get Started with Programmatic React Detection

Manual checks are fine for occasional curiosity. For anything systematic—lead qualification, competitive research, security scanning, or portfolio analysis—an API is the only practical approach.

The DetectZeStack API gives you React detection plus 7,200+ other technology fingerprints in a single call. Every request also includes DNS-based infrastructure detection, TLS certificate analysis, and CPE identifiers for vulnerability lookups—layers that no browser-based method can match.

The free tier includes 100 requests per month with no credit card required. That is enough to scan your competitor list, audit a client portfolio, or build a proof-of-concept integration.