← Back to Blog
🛍️

How to Detect Shopify Stores (And Why They're Easier Than You Think)

📅 December 26, 2025 ⏱️ 14 min read

How to Detect Shopify Stores (And Why They're Easier to Spot Than You Think)

I'll be honest with you: detecting Shopify stores is almost embarrassingly easy. Like, if websites were people wearing disguises, Shopify would be that guy wearing a fake mustache while his name tag clearly says "SHOPIFY" in bold letters.

But let me back up. Last month, a client asked me to analyze their top ten competitors. "I need to know what they're using," he said. "I think they all have custom platforms."

Twenty minutes later, I reported back: "Seven are on Shopify, two are on WooCommerce, and one is actually custom."

He was shocked. "How did you figure that out so fast?"

Because Shopify leaves fingerprints everywhere. And once you know what to look for, you can't unsee it.

Why Shopify Is So Easy to Detect

Unlike WordPress or custom platforms that can be heavily modified and disguised, Shopify has certain characteristics that are nearly impossible to hide. This isn't a flaw – it's actually by design. Shopify prioritizes ease of use over flexibility, which means there are patterns and limitations that make detection straightforward.

Let me show you how.

Method 1: The Dead Giveaway – CDN URLs

This is the fastest method, and it works about 90% of the time.

Open any page on the suspected Shopify site. Right-click and select "View Page Source." Then hit Ctrl+F (or Cmd+F) and search for:

cdn.shopify.com

If you see this anywhere in the code, congratulations – you've just confirmed it's Shopify. The page will be full of references like:



See that pattern? Those long number sequences (like 1/0234/5678) are the store's unique identifier. Every Shopify store has one.

Why is this so reliable? Because Shopify hosts all theme assets on their CDN. You literally cannot use Shopify without these CDN references appearing in your code. Even if someone's customized everything else, those cdn.shopify.com URLs will be there.

I once had a developer insist their client's site wasn't Shopify. "It's completely custom," he said proudly. I showed him the CDN URLs. He got quiet real fast.

Method 2: The Checkout URL

This one's even simpler. Try to access the checkout page.

On any Shopify store, add /checkout to the URL:

https://example.com/checkout

If it's Shopify, you'll be redirected to a checkout page, even if the cart is empty. The URL will typically look like:

https://example.com/checkout

or sometimes:

https://checkout.example.com

But here's the kicker: the checkout page will have a very distinct Shopify look and feel. Even heavily customized Shopify Plus stores (the enterprise version) have limitations on how much they can modify checkout.

Why? Because Shopify keeps tight control over the checkout process for security and compliance reasons. You can change colors and add your logo, but the basic structure is pure Shopify.

I tested this on a luxury fashion brand once. Their main site was beautifully customized – I almost doubted it was Shopify. Then I checked /checkout and boom: unmistakably Shopify. The brand had spent thousands on custom design everywhere else, but checkout? That was Shopify's default layout.

Method 3: Shopify's Required Pages

Shopify automatically creates certain pages that follow specific URL patterns. Try accessing these:

/admin (redirects to Shopify admin login)
/cart (shopping cart page)
/collections (product collections)
/products (product pages)

The /admin one is particularly telling. On a Shopify store, going to:

https://example.com/admin

will redirect you to Shopify's login page, which will have shopify.com in the URL somewhere.

On WordPress or custom platforms? You'd get a 404 error, a different login page, or nothing at all.

I use this as a quick test all the time. Literally takes five seconds.

Method 4: The Shopify Ajax Cart

Shopify uses a specific Ajax API for cart functionality. You can test this by trying to access:

https://example.com/cart.js

If it's Shopify, this will return a JSON response showing the cart contents (even if empty):

{
  "token": "abc123...",
  "note": null,
  "attributes": {},
  "originaltotalprice": 0,
  "total_price": 0,
  "total_discount": 0,
  "total_weight": 0.0,
  "item_count": 0,
  "items": [],
  "requires_shipping": false,
  "currency": "USD"
}

That structure is unique to Shopify. Other platforms won't respond to /cart.js at all, or will respond differently.

This is actually how many third-party apps detect Shopify stores automatically. It's a reliable, programmatic way to confirm.

Method 5: HTTP Headers

Check the HTTP response headers. You can do this in your browser's Developer Tools (F12 → Network tab → reload page → click on the first request → Headers).

Look for headers like:

X-ShopId: 12345678
X-Shopify-Stage: production
Server: cloudflare

Not every Shopify store will show all of these (especially if they're using Shopify Plus with custom configurations), but the X-ShopId header is pretty common.

I was debugging a site once and noticed the X-ShopId header. The client had insisted it was "custom built by a developer friend." Turns out, their "custom" site was just a Shopify theme from ThemeForest. They'd been paying the "developer" $500/month for maintenance. Ouch.

Method 6: The Powered By Footer (Sometimes)

Some Shopify stores – especially newer or less customized ones – will have a "Powered by Shopify" link in the footer:

Powered by Shopify

This is easy to remove, so it's not always there. But if you see it, you've got instant confirmation.

More sophisticated stores remove this immediately. But I'd say about 30% of Shopify stores still have it. Always worth checking.

Method 7: Shopify Apps and Scripts

Shopify has a massive app ecosystem. Many stores install apps for various features. These apps inject their own scripts, which often reference Shopify.

Search the page source for:

shopify
shopifycdn
apps.shopify

You'll often find scripts from Shopify apps like:


or references to popular Shopify apps:




If you see multiple Shopify app scripts, it's definitely a Shopify store.

Method 8: The Liquid Template Language

Shopify uses its own template language called Liquid. Sometimes, remnants of Liquid code appear in the HTML, especially in comments or hidden fields.

Search for patterns like:

{{ shop.name }}
{% if cart.item_count > 0 %}
{{ product.title }}

Or look for HTML comments that mention Liquid:



This doesn't always show up in the compiled HTML, but when it does, it's a dead giveaway.

I found Liquid code in a site's HTML comments once. The developer had forgotten to remove debug comments. Rookie mistake, but it made my detection job easier.

Method 9: Shopify-Specific Meta Tags

Some Shopify themes include meta tags like:



The checkout API token is particularly Shopify-specific.

Also, look at Open Graph tags. Many Shopify stores use a specific pattern:



While OG tags aren't unique to Shopify, the way Shopify structures them – especially for products – follows a recognizable pattern.

Method 10: The Shopify Store Identifier

Every Shopify store has a unique store identifier. You can sometimes find it in various places:

In JavaScript variables:

var Shopify = {
  shop: "example.myshopify.com",
  ...
};

In form fields:



That form_type pattern with the checkmark utf8 character is very Shopify.

The MyShopify Subdomain Trick

Here's a fun one. Every Shopify store – even those using custom domains – also has a .myshopify.com subdomain.

So if the site is example.com, try:

https://example.myshopify.com

Sometimes this works and redirects to the main site. Sometimes it shows a "This store is unavailable" message. Either way, if the subdomain exists, it's Shopify.

This doesn't always work (especially for Shopify Plus stores with certain settings), but when it does, it's definitive proof.

I impressed a client once by guessing their competitor's myshopify.com URL. They thought I was psychic. Nope, just knew the pattern.

Shopify Plus vs Regular Shopify

Can you tell the difference between regular Shopify and Shopify Plus (the enterprise version)?

Sometimes. Shopify Plus stores often have:

1. Checkout customization (though still limited)
2. Custom checkout URLs (like checkout.example.com)
3. Wholesale/B2B features
4. More aggressive CDN usage
5. Better performance (dedicated infrastructure)

But detection methods are basically the same. A Shopify Plus store will still have cdn.shopify.com references, still respond to /cart.js, still have the same basic structure.

The main difference is what they can do with it, not how to detect it.

Why Shopify Is So Recognizable

You might wonder: why doesn't Shopify let stores hide these fingerprints better?

A few reasons:

1. Security and Compliance
Shopify maintains tight control over certain elements (especially checkout) to ensure PCI compliance and security standards. This consistency is actually a feature, not a bug.

2. Infrastructure Efficiency
Using a shared CDN and infrastructure allows Shopify to optimize performance globally. Custom domains are great, but the underlying infrastructure is standardized.

3. App Ecosystem
The Shopify app ecosystem relies on certain standards and patterns. If stores could completely customize everything, apps wouldn't work reliably.

4. It's Not a Priority
Most Shopify merchants don't care about hiding that they use Shopify. Many are actually proud of it. The platform's reputation is generally positive.

When Detection Gets Tricky

That said, some Shopify stores are harder to detect:

Shopify Plus with Aggressive Customization
Enterprise stores with heavy customization can mask many typical Shopify indicators. But they still can't hide everything.

Headless Shopify
Some stores use Shopify as a backend but build a completely custom frontend. These are much harder to detect from the frontend alone.

Development/Staging Sites
Password-protected Shopify stores (common for sites under development) won't reveal much until you can access them.

Real-World Detection Example

Let me walk you through a real detection I did last week.

Target: Popular sustainable clothing brand
Initial Impression: Heavily customized, professional design
Suspected Platform: Possibly custom or Shopify Plus

Step 1: Viewed page source, searched for "shopify"
Result: Found cdn.shopify.com immediately. Definitely Shopify.

Step 2: Checked /checkout
Result: Redirected to checkout with typical Shopify structure

Step 3: Looked at HTTP headers
Result: Found X-ShopId: 45678901

Step 4: Checked for Shopify apps
Result: Found Klaviyo (email), Judge.me (reviews), ReCharge (subscriptions)

Total Time: 3 minutes

Conclusion: Shopify Plus (based on level of customization and app usage)

See? Once you know the patterns, it's straightforward.

Why This Matters for Business

Understanding Shopify detection helps you:

Competitive Analysis
Know what platforms your competitors use and why they chose them.

Technology Decisions
If everyone in your industry uses Shopify, there's probably a good reason.

Cost Estimation
Shopify has predictable pricing. Knowing a competitor uses it tells you roughly what they're spending.

Feature Expectations
Shopify has certain capabilities and limitations. Knowing someone's on Shopify tells you what they can and can't do easily.

Hiring Needs
If you switch to Shopify (or already use it), you know what skills your team needs.

Common Shopify Detection Mistakes

Mistake 1: Assuming Custom Checkout Means Not Shopify
Even Shopify Plus has checkout limitations. A semi-customized checkout is still Shopify.

Mistake 2: Thinking Multiple Domains = Multiple Platforms
One company might run several stores, all on Shopify. Different domains doesn't mean different platforms.

Mistake 3: Confusing Shopify with WordPress + WooCommerce
They're both e-commerce, but detection methods are completely different. Learn both.

Tools for Automatic Detection

Don't want to do this manually? Several tools detect Shopify automatically:

Browser Extensions:
- Wappalyzer (shows Shopify instantly)
- BuiltWith
- WhatCMS

Online Tools:
- WhatCMS.org
- BuiltWith.com
- SimilarTech

For Developers:
- Shopify's own API (requires access)
- Custom scripts checking for cdn.shopify.com
- Headless browser automation

I use Wappalyzer for quick checks and write custom scripts for bulk analysis.

The Ethics of Detection

Quick reminder: detecting what platform someone uses is completely legal and ethical. It's publicly available information.

What you do with that information is what matters. Competitive research? Fine. Finding vulnerabilities to attack? Not fine.

I've been doing this professionally for years and never had an ethical issue. Just use common sense.

Future of Shopify Detection

Will Shopify always be this easy to detect?

Probably yes, for most stores. The platform's architecture fundamentally requires certain patterns.

Headless Shopify might make frontend detection harder, but backend signatures will still exist.

And honestly? Most merchants don't care about hiding it. Shopify's brand is strong enough that people are okay with being recognizable.

Wrapping Up

Shopify detection is one of the easiest CMS detection tasks you'll ever do. The platform leaves clear, consistent fingerprints that are nearly impossible to hide.

Key detection methods:
1. CDN URLs (cdn.shopify.com)
2. Checkout page (/checkout)
3. Admin redirect (/admin)
4. Ajax cart (/cart.js)
5. HTTP headers
6. Shopify apps and scripts
7. MyShopify subdomain

Master these, and you'll be identifying Shopify stores in seconds.

Now if you'll excuse me, I've got about thirty competitor sites to analyze. And I'm guessing at least twenty of them are Shopify. Let's find out.

---

Got any tricky Shopify detection cases? Share them in the comments – I love a good challenge!

Related Articles

📚

What is a CMS? Everything You Need to Know

A complete beginner's guide to Content Management Systems. Learn what they are, why they matter, and which one might be right for you.

Read More →
🔍

How to Detect What CMS a Website Uses

Learn multiple methods to identify what CMS or platform any website is built with. From basic techniques to advanced detection methods.

Read More →
🔬

How CMS Detection Actually Works: The Technical Breakdown

A deep dive into the technical methods behind CMS detection. Learn the five main detection techniques used by professionals.

Read More →