How to detect Shopify on any website
Hosted e-commerce platform — the largest Shopify-store dataset on the web.
By Mapree ·
Official siteWhat is Shopify?
Shopify runs a big slice of global DTC e-commerce. Its sites are server-rendered Liquid templates, often augmented with the Shopify Hydrogen framework (a React framework by Shopify) for headless storefronts.
Shopify's architecture is two-tier: a classic Liquid-templated storefront served from their infrastructure, with a JavaScript layer for interactivity, payment processing and cart management. That layer exposes a predictable `window.Shopify` global with shop, currency, checkout and cart utilities. For teams wanting a fully custom React-based frontend, Shopify offers Hydrogen — a React framework that talks to the Shopify Storefront API and handles SSR/streaming. Detecting 'Shopify' on a site is easy; telling classic Liquid from Hydrogen requires looking at whether the frontend is template-rendered (Liquid) or client-rendered React hitting a GraphQL API (Hydrogen).
Why it matters to identify
Detecting Shopify tells you the entire checkout flow, payment stack, and admin surface. 'Hydrogen' vs classic Liquid tells you whether the frontend is React-based or template-based. Detecting the apps installed (Klaviyo, Gorgias, ReCharge, Judge.me) paints the rest of the stack.
A brief history of Shopify
Shopify launched in 2006. Liquid templating language (2006). Shopify POS (2013). Shopify Plus (2014, for enterprise). Hydrogen + Oxygen (2022, React-based headless stack). Over time Shopify has added more JavaScript to its classic storefront layer while pushing React-minded teams toward Hydrogen.
Ecosystem and common pairings
Classic Shopify stack: Liquid + Shopify theme (Dawn, Refresh, many paid themes) + apps (Klaviyo for email, Gorgias for support, ReCharge for subscriptions, Judge.me for reviews, PageFly for page building). Hydrogen stack: React + Remix (Hydrogen 2 is built on Remix) + Shopify Storefront API + Oxygen hosting.
Detection signals we look at
Each signal alone is rarely conclusive; the detector cross-references all of them and weights by confidence. You can reproduce any of these checks yourself in Chrome DevTools.
window.Shopify
Every classic Shopify store exposes a `Shopify` global with shop, currency, cart utilities.
cdn.shopify.com
Shopify-hosted assets are served from `cdn.shopify.com`.
x-shopify-stage|x-shopid|powered-by: Shopify
Shopify-specific response headers.
class="shopify-"|data-shopify
Shopify theme classes / data attributes.
Versioning
What you typically see in production
Shopify in 2026 powers a substantial share of global DTC e-commerce, particularly in the small-to-mid merchant tier (under $50M in annual GMV) where the platform's friction-free setup outweighs the limitations of its hosted architecture. Detection is essentially trivial — `cdn.shopify.com` in asset URLs and `window.Shopify` as a runtime global are both unmistakable, and most stores keep both because hiding them would break either the CDN or the cart logic. The most common Shopify shape in the wild is the classic Liquid storefront: server-rendered HTML from Shopify's infrastructure, a JavaScript layer for cart and product interactions, the active theme (Dawn, Refresh, or one of dozens of premium themes from Out of the Sandbox, Pixel Union or Archetype) defining most of the visual surface. App-installed JavaScript (Klaviyo for email capture, Gorgias for support widgets, ReCharge for subscription handling, Privy for popups, Judge.me for reviews) loads in a predictable order from `cdn.shopify.com/shopifycloud/<app>/...` URLs. Hydrogen — Shopify's React-based headless framework — is concentrated in larger and more design-forward stores where the visual ambition outgrew Liquid's templating model. A Hydrogen storefront looks like a custom React app from the outside (no `window.Shopify` global on the page, no Liquid-rendered HTML), but the asset URLs still pull from `cdn.shopify.com` and the cart endpoint still hits the Shopify Storefront API. Hydrogen 2 is built on Remix; you can spot it by the `data-remix-` attributes on the document plus the React-shaped DOM tree. The app ecosystem on top is often the most informative axis. A Shopify store running Klaviyo + Recharge + Loox + Gorgias is a subscription-focused DTC operation with substantive support volume; a store running Privy + Judge.me + Mailchimp is earlier-stage and less mature on the customer-data side; a store running Yotpo + ReCharge + LoyaltyLion is investing in retention. Sourcemap Explorer surfaces the apps as separate entries in the Stack tab, which lets you read the operational maturity of a Shopify store in a few seconds.
Sites commonly running Shopify
- allbirds.com
- gymshark.com
- kyliecosmetics.com
- mejuri.com
- ssense.com (parts)
Often confused with
Shopify vs Shopify Hydrogen
Hydrogen is a React-based headless framework by Shopify built on Remix. A Hydrogen storefront looks like a custom React app that hits the Shopify Storefront API — `cdn.shopify.com` images stay, the `Shopify` global usually does not, and the page looks more like a Next.js / Remix surface than a Liquid storefront.
Shopify vs BigCommerce / WooCommerce / commercetools
Other e-commerce platforms with overlapping feature surfaces. BigCommerce loads from `cdn11.bigcommerce.com`; WooCommerce sits on top of WordPress (`/wp-content/plugins/woocommerce/`); commercetools is headless-only and reveals itself in API requests rather than asset URLs. None of them ship `cdn.shopify.com` URLs.
Shopify vs Custom storefront on the Shopify Storefront API
Some stores use Shopify only as a backend, with a fully custom React/Next/Vue frontend hitting the Storefront API. The asset URLs do not show `cdn.shopify.com`; only the API requests do. The detection moves from 'frontend signals' to 'inspect the network tab for Shopify API calls'.
FAQ
How do I tell classic Liquid Shopify from Hydrogen?
Liquid sites have `window.Shopify` as a runtime global and server-rendered HTML; Hydrogen sites usually do not have the global, render via React on the client, and ship from a Next.js-shaped chunk pattern. Both serve images and theme assets from `cdn.shopify.com`.
Can I tell Shopify Plus apart from regular Shopify?
Sometimes. Shopify Plus enables Shopify Functions, Shopify Scripts (for the older checkout) and the `_shopify_plus` cookie on some configurations. The most reliable signal is looking for Shopify Functions runtime calls in the bundle. For most workflows the regular vs Plus distinction is not load-bearing.
How do I find every Shopify app installed on a store?
App scripts load from `cdn.shopify.com/shopifycloud/<app-slug>/...` URLs. Enumerating those gives you the app footprint. Sourcemap Explorer surfaces the major apps automatically (Klaviyo, ReCharge, Gorgias, Loox, Judge.me, Privy, Yotpo, LoyaltyLion) and reports them in the Stack tab.
Can I get the Shopify theme name?
Theme metadata sometimes appears in `theme.json` under `cdn.shopify.com/s/files/.../theme.json` or in CSS comments at the top of the theme stylesheet. Sourcemap Explorer reads the available metadata and surfaces the theme name when present.
Does the `Shopify` global expose useful information?
Yes. Open the dev console on any classic Shopify store and type `Shopify` — you get the shop domain, the currency, the theme ID, the cart endpoint, the locale settings, and a handful of utility functions. It is one of the more informative runtime globals in the e-commerce world.
Why doesn't Shopify expose a platform version?
Because it is a SaaS — every store runs on whatever version Shopify deployed most recently, with no per-store opt-in to specific versions. The interesting versioning lives at the theme level (Dawn 5.x vs 6.x vs 7.x is meaningful) and at the app level (each installed app has its own version surface).
How do you tell if a website is built with Shopify or WordPress?
They leave completely different fingerprints, so it takes seconds. Shopify serves assets from `cdn.shopify.com` / `/cdn/shop/` and exposes a `window.Shopify` global. WordPress (and WooCommerce, its e-commerce plugin) serves from `/wp-content/` paths, exposes a `/wp-json/` REST API, and usually ships a `<meta name="generator" content="WordPress ...">` tag. If you see `/wp-content/plugins/woocommerce/`, it's a WooCommerce store on WordPress, not Shopify. The two never share those paths, so a single look at the asset URLs settles it.
Can I check if a website uses Shopify for free?
Yes — every Shopify signal is in data the site already sent your browser, so no paid tool is required. Open DevTools, type `Shopify` in the console, and look for `cdn.shopify.com` in the Network tab. Sourcemap Explorer automates the same read locally and for free: it reports Shopify plus the installed apps and, where a sourcemap is exposed, the theme and app versions — with no account, API key, or per-lookup limit.
Does a site running on Shopify mean it's legit and safe to buy from?
No. Shopify is the underlying platform, not a trust badge — anyone can open a Shopify store in minutes, and scam stores use it too. Detecting Shopify only tells you the checkout is handled by Shopify's payment infrastructure, which is reputable; it says nothing about the merchant. For legitimacy, check the store's age, real contact details, reviews off-site, a working returns policy, and whether checkout actually runs on Shopify's secure domain rather than a copycat form.
Related
See Shopify — with the exact version — on every site you visit.
Sourcemap Explorer runs these checks passively in the background. When the target library is bundled, you get the precise package.json-level version.