Ruby on Rails

Server-side fingerprint: the response header reveals the technology behind the page. Visible in DevTools → Network → response headers.

Server: mod_(?:rails|rack)

X-Powered-By: mod_(?:rails|rack)

Cookies set by the platform. Visible in DevTools → Application → Cookies.

_session_id

<meta> tag injected into the document. Visible by viewing the page source.

<meta name="csrf-param" content="^authenticity_token$">

Window-level global the technology installs on page. Reproducible by typing the path into the DevTools console.

window.ReactOnRails

window.__REACT_ON_RAILS_EVENT_HANDLERS_RAN_ONCE__

window._rails_loaded

Script URL pattern. Typically a CDN host or chunk path that ships with the technology.

/assets/application-[a-z\d]{32}/\.js

How do I check if a website is using Ruby on Rails?

Open the page in Chrome, click the Sourcemap Explorer toolbar icon, and read the Stack tab. The popup matches Ruby on Rails's fingerprint signals (response headers, asset URL prefixes, runtime globals, sourcemap paths) and flags it whenever any combination is found. The same checks can be reproduced manually in DevTools — see the "How we detect" section above.

What Ruby on Rails version can Sourcemap Explorer detect?

Ruby on Rails ships as a hosted web frameworks rather than a bundled npm package, so version-specific detection isn't always possible. Where the platform leaks a version in response headers (`X-Powered-By`, `Server`, generator meta tags) we surface it; otherwise we report presence only.

Where can I read more about Ruby on Rails?

Official site: https://rubyonrails.org. For Sourcemap Explorer's detection guide, see the deep-dive link below or the related guides in the cross-link section.