Website Technology Checker API: Detect Any Site's Tech Stack Programmatically
Need to know what technologies a website is running? A technology checker API lets you answer that question with a single HTTP request. Send a URL, get back a structured list of every framework, CMS, CDN, analytics tool, and server the site uses.
This guide covers what a tech stack detection API is, how it works under the hood, and how to make your first API call with code examples in curl, Python, and JavaScript. We'll also compare the three main options—BuiltWith, Wappalyzer, and DetectZeStack—so you can pick the right one for your budget and use case.
What Is a Tech Stack Detection API?
A tech stack detection API is a web service that takes a URL as input and returns a structured list of technologies that website uses. Instead of manually inspecting page source, checking HTTP headers, and running DNS lookups, you let the API do it all in one request.
Common use cases:
- Sales intelligence: Enrich leads with technology data. Know which prospects run Shopify, Salesforce, or HubSpot before you reach out. See our guide on building a lead enrichment pipeline.
- Competitive analysis: Track what technologies your competitors use and when they switch. Monitor their CDN, analytics, and A/B testing tools.
- Security auditing: Identify outdated frameworks and libraries with known vulnerabilities. Map detected technologies to the NVD using CPE identifiers.
- Market research: Measure technology adoption across thousands of websites. Build datasets on CMS market share, framework popularity, or CDN usage.
- Developer tooling: Integrate tech detection into CI/CD pipelines, monitoring dashboards, or internal tools.
How Technology Detection Works
Tech detection APIs use multiple analysis layers. Each layer reveals different technologies that the others might miss.
1. HTTP Header Fingerprinting
The first thing any tech detection tool checks is the HTTP response headers. Many web servers, frameworks, and platforms advertise themselves here:
Server: nginx/1.25.3— identifies the web server and versionX-Powered-By: Express— reveals the backend frameworkX-Drupal-Cache— indicates Drupal CMSCF-Ray— confirms Cloudflare CDN
Header analysis is fast but limited. Many production sites strip these headers for security. That's why good APIs use additional detection layers.
2. HTML and DOM Pattern Matching
The API fetches the page's HTML and scans for known patterns:
- Meta tags:
<meta name="generator" content="WordPress 6.4"> - Script sources: URLs containing
jquery.min.js,react.production.min.js,gtag/js - CSS classes: Bootstrap's
col-md-, Tailwind'sflexutility classes - HTML comments: Some CMS platforms leave signature comments in the source
- Cookie names:
__cf_bm(Cloudflare),_shopify_s(Shopify)
This is the core of most detection engines. The open-source wappalyzergo library (which DetectZeStack uses) maintains over 7,200 technology fingerprints using this approach.
3. DNS CNAME Analysis
DNS records reveal infrastructure that's invisible in HTTP responses. When a site points its domain to a CDN or hosting provider via CNAME, a DNS lookup exposes the provider:
example.com CNAME d1234.cloudfront.net→ Amazon CloudFrontwww.example.com CNAME example.com.cdn.cloudflare.net→ Cloudflareexample.com CNAME shops.myshopify.com→ Shopify
Most tech detection tools skip DNS entirely. DetectZeStack checks CNAME records against 111 CDN and hosting provider signatures.
4. TLS Certificate Inspection
The TLS certificate used for HTTPS reveals the certificate authority, which often correlates with specific infrastructure:
- Let's Encrypt — common with self-hosted setups, Caddy, Traefik
- Cloudflare Inc — confirms Cloudflare proxy
- Amazon — AWS Certificate Manager, likely behind CloudFront or ALB
- DigiCert — often enterprise or financial sites
Combined, these four layers catch technologies that any single method would miss. A site might strip all HTTP headers but still expose its CDN through DNS and its certificate authority through TLS.
Making Your First API Call
Let's walk through calling a tech detection API. We'll use DetectZeStack via RapidAPI, which has a free tier (100 requests/month, no credit card).
Step 1: Get an API Key
- Go to DetectZeStack on RapidAPI
- Click "Subscribe to Test" and select the free Basic plan
- Copy your
X-RapidAPI-Keyfrom the code snippets panel
Step 2: Make a Request
curl:
curl -s "https://detectzestack.p.rapidapi.com/analyze?url=stripe.com" \
-H "X-RapidAPI-Key: YOUR_API_KEY" \
-H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" | python3 -m json.toolPython:
import requests
url = "https://detectzestack.p.rapidapi.com/analyze"
params = {"url": "stripe.com"}
headers = {
"X-RapidAPI-Key": "YOUR_API_KEY",
"X-RapidAPI-Host": "detectzestack.p.rapidapi.com"
}
response = requests.get(url, headers=headers, params=params)
data = response.json()
for tech in data["technologies"]:
print(f"{tech['name']} ({tech['category']})")
if tech.get("version"):
print(f" Version: {tech['version']}")
if tech.get("cpe"):
print(f" CPE: {tech['cpe']}")JavaScript (Node.js):
const response = await fetch(
"https://detectzestack.p.rapidapi.com/analyze?url=stripe.com",
{
headers: {
"X-RapidAPI-Key": "YOUR_API_KEY",
"X-RapidAPI-Host": "detectzestack.p.rapidapi.com",
},
}
);
const data = await response.json();
data.technologies.forEach((tech) => {
console.log(`${tech.name} (${tech.category})`);
if (tech.version) console.log(` Version: ${tech.version}`);
if (tech.cpe) console.log(` CPE: ${tech.cpe}`);
});API Response Walkthrough
Here's an annotated example of what comes back when you analyze stripe.com:
{
"url": "https://stripe.com",
"domain": "stripe.com",
"status_code": 200,
"technologies": [
{
"name": "Cloudflare", // CDN / security provider
"category": "CDN",
"source": "dns" // detected via DNS CNAME
},
{
"name": "React", // Frontend framework
"category": "JavaScript frameworks",
"source": "wappalyzer" // detected via HTML/JS patterns
},
{
"name": "Nginx", // Web server
"category": "Web servers",
"version": "1.25.3", // version extracted from headers
"cpe": "cpe:2.3:a:f5:nginx:1.25.3:*:*:*:*:*:*:*",
"source": "wappalyzer"
},
{
"name": "Google Analytics", // Analytics
"category": "Analytics",
"source": "wappalyzer"
},
{
"name": "Let's Encrypt", // Certificate authority
"category": "SSL/TLS certificate authorities",
"source": "tls" // detected via TLS inspection
}
],
"detection_time_ms": 847,
"cached": false // fresh analysis (not from cache)
}Key things to notice:
- Each technology has a
sourcefield telling you how it was detected (wappalyzer, dns, tls, or headers) - When available,
versionandcpefields are included for security workflows cached: falsemeans this was a fresh analysis; subsequent requests within 24 hours return cached resultsdetection_time_msshows how long the analysis took
Tip: Use the X-Cache response header to check if you're getting fresh or cached data. X-Cache: HIT means cached, X-Cache: MISS means fresh analysis.
Comparison: BuiltWith vs Wappalyzer vs DetectZeStack
Three main APIs compete in this space. Here's how they compare on the factors that matter most to developers:
| Feature | BuiltWith | Wappalyzer | DetectZeStack |
|---|---|---|---|
| API pricing | $995/mo (Pro) | $450/mo (Team) | Free (100/mo), $9/mo (1K) |
| Free tier | No | No (extension only) | 100 requests/month |
| Detection method | Periodic crawling | Real-time HTTP/HTML | Real-time HTTP/HTML + DNS + TLS |
| Tech signatures | ~111,000 | ~3,800 | 7,200+ |
| DNS detection | No | No | 111 signatures |
| TLS inspection | No | No | 8 CA patterns |
| CPE identifiers | No | No | When available |
| Real-time data | No (stale crawls) | Yes | Yes (24h cache) |
| Historical data | Years of history | No | Tracks forward |
| Lead lists | Yes | Basic | No (API only) |
| Open source | No | Closed since 2023 | Uses wappalyzergo |
When to Choose Each
BuiltWith ($995/mo): Best for enterprise sales teams that need historical technology data, lead lists filtered by tech stack, and market share reports. The largest signature database, but data is crawl-based (not real-time) and the price is prohibitive for individual developers.
Wappalyzer ($450/mo): Good for teams that need CRM integrations (HubSpot, Salesforce, Pipedrive) and real-time detection. The browser extension is free and useful for manual lookups. But API access requires the $450/month Team plan, and it only detects technologies visible in HTTP responses.
DetectZeStack (Free / $9/mo): Built for developers who need an affordable API. Adds DNS and TLS detection layers that competitors lack. Includes CPE identifiers for security workflows. No lead lists or CRM integrations—it's a developer API, not a sales platform.
The math: At 1,000 requests/month, DetectZeStack costs $9. BuiltWith costs $995. That's 110x cheaper for API access—$11,832/year in savings. Read the full three-way comparison.
Beyond Single-URL Analysis
Once you're comfortable with single URL analysis, there are more powerful features to explore:
Batch Analysis
Analyze up to 10 URLs in a single request:
curl -s "https://detectzestack.p.rapidapi.com/batch" \
-X POST \
-H "X-RapidAPI-Key: YOUR_API_KEY" \
-H "X-RapidAPI-Host: detectzestack.p.rapidapi.com" \
-H "Content-Type: application/json" \
-d '{"urls": ["stripe.com", "shopify.com", "github.com"]}'Stack Comparison
Compare two websites and see shared vs. unique technologies:
curl -s "https://detectzestack.p.rapidapi.com/compare?url1=stripe.com&url2=shopify.com" \
-H "X-RapidAPI-Key: YOUR_API_KEY" \
-H "X-RapidAPI-Host: detectzestack.p.rapidapi.com"The response groups technologies into shared, unique_to_url1, and unique_to_url2—useful for competitive analysis.
Webhook Monitoring
Get notified whenever a domain is analyzed by registering a webhook URL. Useful for building monitoring dashboards or triggering alerts when a competitor changes their tech stack.
Getting Started
Getting your first tech detection result takes less than two minutes:
- Sign up on RapidAPI (free, no credit card)
- Subscribe to the Basic plan (100 requests/month, free)
- Copy your API key from the code snippets panel
- Make a request using any of the code examples above
For full API documentation including all endpoints, parameters, and response schemas, see the OpenAPI spec. Or try the live demo on our homepage—it calls the same API.
Try DetectZeStack Free
100 requests/month, no credit card. Full API access with DNS, TLS, and CPE detection.
Get Your API Keyor try the live demo
Frequently Asked Questions
What is a website technology checker API?
A website technology checker API is a REST service that analyzes any URL and returns a structured list of the technologies it uses—frameworks, CMS platforms, CDNs, analytics tools, web servers, and more. You send an HTTP request with a URL and get back a JSON response with detected technologies.
How much does a tech stack detection API cost?
Prices vary widely. BuiltWith charges $995/month for API access. Wappalyzer starts at $450/month. DetectZeStack offers a free tier with 100 requests/month and paid plans from $9/month—making it the most affordable option for developers.
How does a technology detection API work?
Technology detection APIs use multiple techniques: HTTP header fingerprinting (Server, X-Powered-By), HTML/DOM pattern matching (meta tags, script sources, CSS classes), DNS CNAME analysis (CDN and hosting identification), and TLS certificate inspection (certificate authority detection). Different APIs use different combinations of these methods.
Is there a free website technology checker API?
Yes. DetectZeStack offers 100 free API requests per month with no credit card required. Sign up on RapidAPI, get an API key, and start making requests immediately. The free tier includes all detection features: HTTP fingerprinting, DNS analysis, TLS inspection, and CPE identifiers.
Related Articles
- Detect Any Website's Tech Stack With a Single API Call — Deep dive into how DetectZeStack works
- BuiltWith vs Wappalyzer vs DetectZeStack — Full three-way comparison
- BuiltWith vs Wappalyzer — Head-to-head feature comparison
- Build a Lead Enrichment Pipeline — Use tech detection for sales intelligence
- Detect Vulnerable Technologies with CPE — Security auditing with CPE identifiers
- BuiltWith Alternative · Wappalyzer Alternative · WhatRuns Alternative