Fetch the public HTML.
The scanner sends a single GET request to the storefront homepage, the same request your browser sends when you visit. No login, no API token, no scraping of admin pages.
Paste any Shopify storefront URL. See every app, pixel, and theme embed installed on the store, with the exact piece of evidence pulled from the public HTML. Runs in your browser, in seconds.
A frozen result from allbirds.com. Every detected app is paired with the exact signal that triggered the match, so you can verify it yourself in the browser’s view-source view.
static.klaviyo.com/onsite/js/klaviyo.js?company_id=…cdn.shopify.com/…/recharge-checkout-and-portal-…cdn.judge.me/widget_preloader.jsgoogletagmanager.com/gtm.js?id=GTM-XXXXXXconnect.facebook.net/en_US/fbevents.jscdn.shopify.com/extensions/…/inbox_default/inbox.jsThe scanner matches the public homepage HTML against 97 known fingerprints. Categories it covers:
theme.liquid.The scanner sends a single GET request to the storefront homepage, the same request your browser sends when you visit. No login, no API token, no scraping of admin pages.
The returned HTML is matched against 97 app signatures. A signature is one or more concrete signals: a script URL, a known DOM selector, a meta tag, a Shopify theme app embed, a network call host.
Every match is rendered with the literal string from the HTML that triggered it. If the evidence is wrong, the match is wrong, and you can verify it in the browser’s view-source view in seconds.
Pick the three stores winning in your category. Scan each one. The intersection of their stacks tells you which apps are table stakes and which are differentiators worth testing on your own store.
Before onboarding a new client, scan their live storefront. You arrive at the first call with the complete app list, the pixels firing, and the theme embeds already mapped. The discovery call becomes a conversation about strategy, not inventory.
Acquiring a Shopify brand? The app stack drives monthly cost, integration risk, and migration complexity. A free scan replaces an hour of due diligence with a verifiable evidence list.
Apps accumulate. Pixels stay behind after campaigns end. Scan your own store quarterly and you have an honest inventory of what is actually firing on a real page load, separate from what your billing thinks you have installed.
A public-HTML scanner is the right tool for most jobs. It is the wrong tool for a few. Here is the honest list of what stays invisible.
Yes. Every scan is free, with no daily limit, no signup, and no API key. The tool reads only the public HTML that any browser can already see.
No. You do not need to be a Shopify merchant, partner, or affiliate. Paste any storefront URL and the scan returns a result in seconds.
The scan is a single GET request to the storefront homepage, identical to what a normal browser sends. The store owner sees one anonymous visit in their analytics, the same as any other visitor.
App Detector only sees apps that leave a fingerprint in the homepage HTML. Apps that load after a consent gate, server-side-only apps, and Shopify Plus private apps are invisible to any public-HTML scanner.
Every detected app comes with the exact piece of evidence that triggered the match: a script URL, a meta tag, a known network call. If the evidence is visible in the HTML, the match is real.
No. Password-protected stores return a Shopify login screen instead of the storefront, so there is nothing to scan. Use the tool on a live, publicly accessible storefront.
Five more free Shopify tools, same evidence-first approach.