Shopify vs WooCommerce: How to Tell Which E-Commerce Platform a Site Uses

You land on an online store with a polished checkout, fast load times, and a clean product catalog. Before you can benchmark it, sell to the owner, or plan a migration, you need to answer one question: is this Shopify or WooCommerce?

The answer matters. If you sell apps, themes, or services to e-commerce merchants, knowing the platform determines whether you have a potential customer or not. If you’re doing competitive research, the platform choice reveals budget, technical sophistication, and operational constraints. And if you’re planning a migration, you need to know what you’re migrating from.

Shopify and WooCommerce are the two dominant e-commerce platforms, and each leaves distinct fingerprints. This guide covers the specific signals for each, how to detect other platforms, where manual detection fails, and how to automate the process with an API.

Why Identifying the E-Commerce Platform Matters

Knowing what platform powers an online store is useful for three broad purposes:

• Competitive intelligence — Understanding what competitors run tells you about their capabilities and constraints. A store on Shopify Plus has different checkout customization options than one on WooCommerce with custom plugins.
• Sales prospecting — If you sell a Shopify app, every Shopify store is a potential customer. If you offer WooCommerce migration services, every WooCommerce store running an outdated PHP version is a lead. Technographic data enrichment makes prospecting lists far more targeted.
• Migration planning — Agencies and consultants need to identify the current platform before scoping a replatforming project. The migration path from WooCommerce to Shopify is very different from Magento to Shopify.

How to Detect Shopify

Shopify is a hosted platform, which means every Shopify store runs on Shopify’s infrastructure. This creates multiple reliable fingerprints.

1. DNS CNAME to shops.myshopify.com

When a merchant connects a custom domain to Shopify, they create a CNAME record pointing to shops.myshopify.com. This is the most reliable Shopify fingerprint because it exists at the DNS level — no amount of theme customization can remove it.

$ dig store.example.com CNAME +short
shops.myshopify.com.

If the CNAME resolves to shops.myshopify.com, the site is on Shopify. Period.

2. cdn.shopify.com in page source

View the page source and search for cdn.shopify.com. Shopify serves product images, theme assets, and JavaScript from this CDN domain. Even heavily customized themes load core assets from Shopify’s CDN:

<script src="https://cdn.shopify.com/s/files/1/0123/4567/8901/t/1/assets/theme.js"></script>
<link href="https://cdn.shopify.com/s/files/1/0123/4567/8901/t/1/assets/theme.css" rel="stylesheet">

3. Shopify-specific cookies

Shopify sets several characteristic cookies on every store:

• _shopify_s — session cookie
• _shopify_y — persistent visitor cookie
• cart_sig and cart_ts — cart-related cookies

Check the Application tab in Chrome DevTools (or the Storage tab in Firefox) to see these cookies.

4. /admin redirects to Shopify login

On any Shopify store, visiting /admin redirects to accounts.shopify.com or the store’s Shopify admin login page. This is a quick manual check — if the admin URL redirects to a Shopify domain, the store is on Shopify.

5. Shopify JavaScript globals

Open the browser console and check for Shopify as a global object. Shopify injects a Shopify JavaScript object on every storefront page that contains shop metadata.

How to Detect WooCommerce

WooCommerce is a WordPress plugin, not a standalone platform. Detecting it means finding evidence of both WordPress and the WooCommerce plugin specifically.

1. /wp-content/plugins/woocommerce/ paths

The most definitive WooCommerce signal is asset URLs containing the plugin path. View the page source and search for woocommerce:

<link rel="stylesheet" href="https://example.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css">
<script src="https://example.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js"></script>

The presence of /wp-content/plugins/woocommerce/ in any asset URL confirms both WordPress and WooCommerce.

2. wc-ajax endpoints

WooCommerce registers its own AJAX handler. In the page source or network traffic, look for references to wc-ajax:

<script>
var wc_cart_fragments_params = {"ajax_url":"/?wc-ajax=%%endpoint%%"};
</script>

This endpoint is used for cart updates, checkout validation, and other dynamic store features.

3. WooCommerce-specific body classes and meta

WooCommerce adds characteristic classes to the HTML <body> tag:

• woocommerce or woocommerce-page on store pages
• woocommerce-no-js as a default class (replaced by JavaScript on load)

Some WooCommerce setups also include a <meta name="generator" content="WooCommerce X.X.X"> tag, though many security plugins strip this.

4. WordPress signatures underneath

Since WooCommerce runs on WordPress, all standard WordPress detection methods apply: /wp-content/ and /wp-includes/ paths in asset URLs, /wp-admin login page, and wp-settings-* cookies. Finding WordPress plus e-commerce functionality (product pages, cart, checkout) strongly suggests WooCommerce.

5. Characteristic URL structures

WooCommerce stores typically have:

• /product/product-name or /shop/product-name for product pages
• /cart/ and /checkout/ as dedicated pages
• /my-account/ for customer accounts
• ?add-to-cart=123 query parameters for add-to-cart actions

Other E-Commerce Platforms to Watch For

Shopify and WooCommerce are the most common, but several other platforms have their own detection fingerprints:

BigCommerce

DNS CNAME to *.bigcommerce.com or *.bcapp.dev. Page source includes references to bigcommerce.com/s- in asset URLs. Sets SHOP_SESSION_TOKEN cookies.

Magento (Adobe Commerce)

Look for Mage cookies (mage-cache-storage, mage-messages), /static/version in asset paths, and requirejs-config.js with Magento module references. The X-Magento-* headers are also giveaways when present.

Squarespace Commerce

DNS CNAME to ext-squarespace.com. Page source loads from static1.squarespace.com. The crumb cookie is characteristic. Commerce-enabled Squarespace sites include /commerce API endpoints in JavaScript.

Wix Stores

Assets loaded from static.parastorage.com or static.wixstatic.com. Wix sets ssr-caching headers and includes wixsite.com references in the source. The X-Wix-Request-Id header confirms Wix when present.

Where Manual Detection Fails

Manual methods work well for default configurations, but real-world stores are often harder to fingerprint:

• Custom domains hide Shopify — A store at store.luxurybrand.com looks nothing like a .myshopify.com URL. Without checking DNS or page source, you can’t tell from the URL alone.
• Headless commerce setups — Shopify’s Storefront API and WooCommerce’s REST API allow merchants to build completely custom frontends with React, Next.js, or other frameworks. The storefront HTML contains zero platform signatures — all commerce logic runs through API calls. These headless setups are increasingly common among larger merchants.
• Reverse proxies and CDNs — Sites behind Cloudflare or other CDNs may have their Server header overwritten. The HTTP response says cloudflare, not Shopify.
• Security hardening — WordPress security plugins remove generator meta tags, rename /wp-admin paths, and strip identifying headers. A hardened WooCommerce site can be difficult to fingerprint through HTML inspection alone.
• Custom checkout domains — Some Shopify Plus merchants use custom checkout domains, which can obscure the typical /admin redirect behavior.

Automating Detection with DetectZeStack API

Instead of running multiple manual checks, you can identify the e-commerce platform with a single API call. DetectZeStack combines DNS CNAME analysis, TLS certificate inspection, HTTP header parsing, and HTML content scanning to detect platforms even when individual signals are missing.

Here’s how to check a store:

curl -s "https://detectzestack.p.rapidapi.com/analyze?url=allbirds.com" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" | jq '.'

The response includes detected technologies with categories and confidence scores. For a Shopify store, you’d see:

{
  "url": "https://allbirds.com",
  "domain": "allbirds.com",
  "technologies": [
    {
      "name": "Shopify",
      "categories": ["Ecommerce"],
      "confidence": 100
    },
    ...
  ]
}

The DNS CNAME detection layer is especially valuable here. Even if a Shopify store uses a headless frontend that strips all Shopify signatures from the HTML, the DNS record still points to shops.myshopify.com. DetectZeStack catches it regardless of frontend customization.

For WooCommerce stores, the detection works through HTML content analysis — scanning for /wp-content/plugins/woocommerce/ paths, wc-ajax endpoints, and WooCommerce-specific body classes. Since WooCommerce is self-hosted (not a managed platform with a single CNAME target), the HTML layer is the primary detection method.

You can also integrate e-commerce platform detection into automated workflows. DetectZeStack supports the Model Context Protocol (MCP), letting AI agents detect technologies as part of larger research or prospecting pipelines.

Sales Prospecting Use Case

Technology detection becomes powerful when you apply it to prospecting at scale. Here are two concrete scenarios:

Finding Shopify stores for your SaaS product

If you sell a Shopify app — inventory management, email marketing, shipping optimization — every Shopify store is a potential customer. By scanning a list of e-commerce domains with DetectZeStack, you can filter to only Shopify stores, then enrich those leads with additional technographic data. A store running Shopify + Klaviyo tells you they already invest in email marketing. A store on Shopify with no detected email platform is a warmer lead for your email tool.

Finding WooCommerce stores ripe for migration

WooCommerce stores running outdated PHP versions, old WordPress cores, or deprecated plugins are prime candidates for platform migration services. Scan a batch of known e-commerce sites, identify WooCommerce stores, then check their WordPress version and plugin stack. A WooCommerce store on WordPress 5.x with outdated plugins likely has a merchant who’d benefit from a modern platform migration.

In both cases, the competitive intelligence from technology detection turns a cold prospect list into a qualified lead list. You’re not guessing who might need your product — you know what they’re running.

Platform Fingerprint Comparison

Here’s a side-by-side comparison of the key detection signals for each major e-commerce platform:

The key difference: hosted platforms (Shopify, BigCommerce) have DNS-level fingerprints that survive any amount of frontend customization. Self-hosted platforms (WooCommerce, Magento) depend on HTML-level signals that can be removed or obscured through security hardening and headless architectures.

Getting Started

Get an API key from RapidAPI (free tier: 100 requests/month, no credit card required) and scan any domain. If you’re evaluating options, see our comparison of free BuiltWith alternatives.

curl -s "https://detectzestack.p.rapidapi.com/analyze?url=example-store.com" \
  -H "X-RapidAPI-Key: YOUR_KEY" \
  -H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
  | jq '.technologies[] | select(.categories[] | contains("Ecommerce"))'

This filters the response to show only e-commerce platform detections. Remove the jq filter to see the full technology stack — CDN, hosting, analytics, payment providers, and everything else running on the site.