About
Drupal is a free and open-source web content management framework.
Categories: CMS
Quick facts
Detection methodology for CMS
For content management systems we lean on the most stable signals each platform leaves behind: the `<meta name="generator">` tag, asset URL prefixes (`/wp-content/`, `/sites/default/files/`, `/cdn.shopify.com/`), distinctive cookie namespaces (`wordpress_*`, `_shopify_*`, `Drupal.*`) and admin-route signatures (`/wp-admin/`, `/user/login`). When the visible site is a JavaScript framework with a headless CMS underneath, we surface the CMS SDK from the bundle (`@sanity/client`, `contentful`, `@storyblok/react`) — the fingerprint that survives even when the HTML carries no traditional CMS markers.
How we detect Drupal
Each signal alone is rarely conclusive — Sourcemap Explorer cross-references all of them and weights by confidence. You can reproduce any of these checks yourself in Chrome DevTools.
Server-side fingerprint: the response header reveals the technology behind the page. Visible in DevTools → Network → response headers.
Expires: 19 Nov 1978
X-Drupal-Cache:
X-Generator: ^Drupal(?:\s([\d.]+))?
Cookies set by the platform. Visible in DevTools → Application → Cookies.
SESS[a-f0-9]{32}<meta> tag injected into the document. Visible by viewing the page source.
<meta name="generator" content="^Drupal(?:\s([\d.]+))?">
Window-level global the technology installs on page. Reproducible by typing the path into the DevTools console.
window.Drupal
Substring or regex match against the page HTML — typically a unique class, comment marker, or asset path.
<(?:link|style)[^>]+"/sites/(?:default|all)/(?:themes|modules)/
Script URL pattern. Typically a CDN host or chunk path that ships with the technology.
drupal\.js
drupal_internal__nid
A DOM selector that only this technology's pages render. Verified at runtime by the content script.
link[href*='/sites/default/themes/'], link[href*='/sites/all/themes/'], link[href*='/sites/default/modules/'], link[href*='/sites/all/modules/'], style[href*='/sites/default/themes/'], style[href*='/sites/all/themes/'], style[href*='/sites/default/modules/'], style[href*='/sites/all/modules/']
Implies
When Drupalis detected, Sourcemap Explorer also marks the following technologies as present (Wappalyzer's implies graph).
FAQ
How do I check if a website is using Drupal?
Open the page in Chrome, click the Sourcemap Explorer toolbar icon, and read the Stack tab. The popup matches Drupal's fingerprint signals (response headers, asset URL prefixes, runtime globals, sourcemap paths) and flags it whenever any combination is found. The same checks can be reproduced manually in DevTools — see the "How we detect" section above.
What Drupal version can Sourcemap Explorer detect?
Drupal ships as a hosted cms rather than a bundled npm package, so version-specific detection isn't always possible. Where the platform leaks a version in response headers (`X-Powered-By`, `Server`, generator meta tags) we surface it; otherwise we report presence only.
Is Drupal open source?
Yes, Drupal is open source. The license details are listed on the official site (https://www.drupal.org/), and the codebase typically lives on a public source-control host.
Where can I read more about Drupal?
Official site: https://www.drupal.org/. For Sourcemap Explorer's detection guide, see the deep-dive link below or the related guides in the cross-link section.
Keep reading on Sourcemap Explorer
Practical guides
Detection deep dives
Alternative tools
Detected by Sourcemap Explorer
Open the popup on any page running Drupaland you'll see the exact version pulled from the bundled package.json when sourcemaps are exposed.