How can I tell if a website uses Amazon AWS?

Look for X-Amz-* headers (such as X-Amz-Cf-Id for CloudFront) in the HTTP response, or check if the domain resolves to an IP in an AWS IP range. You can verify AWS IP ranges at ip-ranges.amazonaws.com. Reverse DNS on the server IP often returns an ec2.compute.amazonaws.com hostname for EC2 instances.

Can I see what server a website is on for free?

Yes. Web Reveal is a completely free website hosting checker that identifies the hosting provider, infrastructure, and full technology stack for any URL. No account or sign-up is required. You can also use browser developer tools (F12 → Network tab) to inspect HTTP headers manually at no cost.

Why would I need to find a website's hosting provider?

Common reasons include competitive research (understanding which infrastructure competitors use), sales prospecting (hosting resellers finding upgrade opportunities), security research (identifying cloud misconfigurations), and technical due diligence for acquisitions or partnerships. Developers also use hosting lookups to understand the architecture powering a site they admire.

How to Find Out What Hosting Provider a Website Uses (2026 Guide)

Q: What HTTP headers reveal a website's hosting provider?

Key headers include: 'Server: cloudflare' for Cloudflare-proxied sites; 'x-vercel-id' for Vercel deployments; 'x-nf-request-id' or 'server: Netlify' for Netlify; 'X-Powered-By: WP Engine' for WP Engine; and 'X-Amz-Cf-Id' for Amazon CloudFront. AWS EC2 instances often resolve to 'ec2-x-x-x-x.compute.amazonaws.com' in reverse DNS.

Why Check a Website's Hosting Provider?

There are more practical reasons to identify a website's host than most people realise:

Competitive research: Understanding whether a competitor runs on Amazon AWS, Cloudflare, or a budget shared host tells you a lot about their infrastructure investment and scalability posture.
Sales prospecting: Hosting resellers and managed service providers use hosting detection to find upgrade opportunities — sites on outdated shared hosting that could benefit from a VPS or managed cloud migration.
Security research: Knowing the hosting provider helps identify whether a site is behind a WAF or DDoS protection layer, and what CVEs might be relevant to the underlying infrastructure.
Technical due diligence: When evaluating an acquisition, partnership, or vendor relationship, the hosting provider reveals the resilience and cost structure of the target's infrastructure.
Developer curiosity: If you see a fast, well-built site, finding out it runs on Vercel or Netlify can guide your own architecture decisions.

Fastest Method: Free Website Hosting Checker

The quickest way to find out what hosting provider a website uses is to run it through Web Reveal — our free technology scanner that performs a live scan and returns the hosting provider, CDN, CMS, analytics stack, and more in seconds. No account required, no rate limiting for normal use.

Enter any URL on the Web Reveal homepage and within seconds you'll see a result that identifies the web host, infrastructure provider, and full technology stack. We detect over 1,000 technologies including all major hosting providers, cloud platforms, CDNs, and PaaS services.

If you want to check hosting as you browse without leaving your current tab, install the Web Reveal Chrome extension — it shows the detected hosting provider and tech stack in a toolbar popup while you browse any website.

Reading HTTP Response Headers

HTTP response headers are the single most reliable manual source for identifying a hosting provider. Every web server returns headers with each response, and many hosting platforms inject their own distinctive headers. Here's how to read them:

Open the site in Chrome or Firefox and press F12 to open developer tools.
Click the Network tab.
Reload the page (Ctrl+R / Cmd+R).
Click the first document request (the HTML page itself) in the list.
Select the Headers sub-tab and scroll to Response Headers.

You'll see a list of key-value pairs. The Server header often reveals the hosting platform directly. If it reads cloudflare, the site sits behind Cloudflare's network. Other platform-specific headers are equally telling.

Hosting Fingerprints We Detect

Through scanning hundreds of thousands of websites, we've catalogued the definitive fingerprints for every major hosting provider. Here are the ones we see most frequently:

Amazon AWS

Amazon AWS is the largest cloud provider in our scan database and leaves multiple fingerprints depending on which AWS service is in use:

X-Amz-Cf-Id: — Present on responses served through Amazon CloudFront CDN. This header contains a unique CloudFront request identifier and is one of the most definitive AWS fingerprints.
X-Amz-Request-Id: and X-Amz-Id-2: — Returned by Amazon S3 buckets used for static hosting.
Server: AmazonS3 — Explicit server header for S3-hosted sites.
Reverse DNS: EC2 instance IPs resolve to ec2-[IP].compute.amazonaws.com or ec2-[IP].[region].compute.amazonaws.com.
IP ranges: AWS publishes its full IP range list at ip-ranges.amazonaws.com. An IP WHOIS lookup on an AWS-hosted site's IP will return an ASN registered to Amazon.

Example CloudFront header: X-Amz-Cf-Id: abc123XYZ_example==

Cloudflare

Cloudflare is the most commonly detected infrastructure layer in our entire scan database — we see it on an enormous proportion of sites across every industry. It proxies traffic for millions of sites, making its fingerprints ubiquitous:

Server: cloudflare — The definitive Cloudflare server signature. When you see this header, the site's traffic is routed through Cloudflare's global network.
CF-RAY: — A Cloudflare-specific header containing a unique ray ID that identifies the Cloudflare data centre that served the request (e.g., CF-RAY: 7d1234abcdef-LHR).
CF-Cache-Status: — Present on Cloudflare-cached responses (values include HIT, MISS, DYNAMIC).
cf-request-id: — Another Cloudflare-specific request tracking header.
DNS nameservers: Sites using Cloudflare DNS (not just proxy) have nameservers ending in .ns.cloudflare.com.

Example Cloudflare headers:
Server: cloudflare
CF-RAY: 7d1a2b3c4d5e6f7a-LHR

Vercel

Vercel is one of the most frequently detected deployment platforms in our scan database among modern frontend teams. Its fingerprints are consistent and easy to spot:

x-vercel-id: — The most distinctive Vercel header, containing a unique identifier for the Vercel deployment that served the request (e.g., x-vercel-id: iad1::abc123-1234567890123-abc).
x-vercel-cache: — Indicates Vercel's edge cache status (HIT, MISS, STALE).
Server: Vercel — Sometimes present on Vercel-hosted responses.
Domain patterns: Sites deployed to Vercel's default hosting use .vercel.app subdomains before a custom domain is connected.

Example Vercel header: x-vercel-id: iad1::prd1-1234567890-abc123def456

Netlify

Netlify is a Jamstack and static site deployment platform we detect consistently across modern marketing sites and documentation portals:

server: Netlify — The primary Netlify server header, confirming deployment on Netlify's infrastructure.
x-nf-request-id: — A Netlify-specific request tracking header. When present, this is a definitive Netlify fingerprint.
x-nf-account-id: — Exposes the Netlify account ID on some responses.
Domain patterns: Sites on Netlify's default domain use .netlify.app subdomains before a custom domain is applied.

Example Netlify headers:
server: Netlify
x-nf-request-id: 01ABCDEF1234567890ABCDEF01

WP Engine

WP Engine is a managed WordPress hosting provider we see powering a significant share of the professional WordPress sites in our scan database. Its fingerprints are straightforward:

X-Powered-By: WP Engine — The most explicit WP Engine signature, directly advertising the hosting platform in the response headers.
Server: wpengine — An alternative server header used by WP Engine on some configurations.
X-Cache: HIT combined with WP Engine headers — WP Engine's built-in page caching layer returns this combination on cached responses.
Cookie patterns: WP Engine sets specific cookies for its caching layer that are visible in response headers.

Example WP Engine header: X-Powered-By: WP Engine

DNS Lookups and IP WHOIS

When HTTP headers don't reveal enough, DNS analysis is your next best option:

A record lookup: Run nslookup example.com or use an online DNS lookup tool to find the domain's IP address. Then run an IP WHOIS lookup on that IP — the result will name the registered organisation (e.g., "Amazon Technologies Inc.", "Cloudflare Inc.", "Fastly Inc.").
NS record lookup: The nameservers (NS records) for a domain reveal whether the site uses Cloudflare DNS (*.ns.cloudflare.com), Amazon Route 53 (*.awsdns-*.com), or another DNS provider.
CNAME chains: Many platform-hosted sites use CNAME records that point through the provider's infrastructure. For example, a Netlify-hosted custom domain typically has a CNAME pointing to a *.netlify.app address.

Keep in mind that many sites sit behind a CDN or reverse proxy, meaning the IP address you get from a DNS lookup is the CDN's IP, not the origin server's IP. In these cases, the HTTP headers are more reliable for identifying the CDN layer, and deeper investigation is needed to identify the origin host.

Our Detection Methodology

When Web Reveal scans a URL, we perform a multi-signal analysis that combines several layers of evidence to identify the hosting provider:

HTTP header analysis: We parse all response headers from the main document and key sub-resources, matching against a database of provider-specific header patterns.
IP geolocation and ASN lookup: We resolve the domain's IP and look up its Autonomous System Number (ASN) against a continuously updated database of cloud and hosting provider IP ranges.
DNS record analysis: We check NS records, CNAME chains, and A/AAAA records for provider-specific patterns.
HTML and JavaScript analysis: Some hosting platforms inject HTML comments, meta tags, or JavaScript that identifies the platform.
Cookie patterns: Session and cache-management cookies set by the server often carry provider-specific names and formats.

We run this analysis in real time on a live request to the target URL, which means the result reflects the current hosting configuration — not cached or outdated data. This is why Web Reveal is more reliable than static databases for identifying the hosting provider of a website that may have recently migrated.

Frequently Asked Questions

How do I find out what hosting provider a website uses?

The fastest method is to scan the URL with Web Reveal — a free website hosting checker. Manually, open browser developer tools (F12), go to the Network tab, reload the page, and inspect the Response Headers on the main document request. Look for a Server header or platform-specific headers like CF-RAY (Cloudflare) or x-vercel-id (Vercel).

What HTTP headers reveal a website's hosting provider?

Key headers include: Server: cloudflare for Cloudflare-proxied sites; x-vercel-id for Vercel deployments; server: Netlify and x-nf-request-id for Netlify; X-Powered-By: WP Engine for WP Engine; and X-Amz-Cf-Id for Amazon CloudFront.

Can I tell if a website uses Amazon AWS?

Yes. Look for X-Amz-Cf-Id (CloudFront) or Server: AmazonS3 in response headers, or check if the server IP resolves to an ec2.compute.amazonaws.com hostname in reverse DNS. AWS also publishes its complete IP range list at ip-ranges.amazonaws.com, which you can cross-reference against the site's IP address.

Is there a free website hosting checker?

Yes — Web Reveal is completely free. It identifies the hosting provider, CDN, CMS, and full technology stack for any website with no account required. You can also use browser developer tools to inspect headers manually, which is free but more involved.

Why would I want to find a website's hosting provider?

Common reasons include competitive infrastructure research, sales prospecting for hosting upgrades, security research, technical due diligence for acquisitions, and developer learning. Understanding the hosting stack behind a well-performing site is a practical way to inform your own infrastructure decisions.