The Detected Technologies section of your scan report shows what software and services your website is built on, as seen from the outside. Our scanner examines your site's HTML, HTTP headers, and JavaScript to identify the platforms, frameworks, and tools in use.
What We Detect
Our technology fingerprinting checks for approximately 25 common technology signatures, including:
- Content Management Systems — WordPress, Shopify, Squarespace, Wix, Joomla, Drupal
- Web servers — Nginx, Apache, LiteSpeed, IIS
- Programming languages — PHP, Python, Node.js, ASP.NET
- JavaScript frameworks — React, Vue, jQuery, Angular
- CDNs and security services — Cloudflare, AWS CloudFront, Sucuri, SiteGround
- Analytics and marketing — Google Analytics, Google Tag Manager, Facebook Pixel, HubSpot
Why This Information Matters
Knowing what technologies your website runs on is important for three reasons:
Security context
Different platforms have different vulnerability profiles. A WordPress site needs plugin and theme updates. A site behind Cloudflare has an additional layer of protection. Knowing your stack helps you understand which scan findings are relevant to you.
Conditional scanning
We use technology detection to decide whether to run additional specialised tools. For example, if we detect WordPress, we automatically run WPScan to check for WordPress-specific vulnerabilities in your plugins, themes, and core version. If WordPress isn't detected, we skip that check to save time.
Visibility into your own infrastructure
For business owners who rely on a web developer or agency to maintain their site, this section provides transparency into what's actually running. If you're paying for a "custom-built" website but this section shows it's a standard WordPress installation, that's useful information to have.
What to Look For
- CMS version information — If a specific version is shown (e.g., "WordPress 6.4"), check whether it's the latest release. Running outdated CMS versions is one of the most common security risks.
- Outdated libraries — If old JavaScript libraries are detected (e.g., jQuery 1.x), they may contain known vulnerabilities.
- Expected vs unexpected technologies — If you see technologies you don't recognise, it could indicate third-party code injected by plugins, ads, or — in rare cases — a compromise.
Can You Change This?
The technologies shown here are determined by how your website was built. If you're on a managed platform like Squarespace or Wix, you don't have control over the underlying server technology — and that's fine. The platform manages it for you.
If you're on a self-hosted platform like WordPress, you have more control and more responsibility. Keep your CMS, plugins, and themes updated, and remove anything you're not actively using.