Website technology intelligence

See the tech behind any website.

Look up any site's full stack — CMS, analytics, hosting, CDN, payments, security and 1,000+ more — with the exact evidence behind every detection. Track what changes, and find every site that runs a technology.

See any site's full stack in seconds — no signup. Or compare plans →

Live dataevidence on every detection1,000+ technologies

What is Overt?

Overt is website technology intelligence you can prove.

One engine reads any website's public footprint — its full technology stack across every category, the infrastructure behind it, and how it changes over time — from real evidence, and shows the exact signal behind every detection. Use it to look up a single site, list every site running a technology, watch for changes, or pull it all through the API.

Start free, then scale by the lookups, lists and API calls you actually use.

The evidence engine

Watch it read a company.

Point Overt at any domain and its public footprint resolves in seconds — every signal pulled from evidence, scored for confidence, and fused into one profile you can defend. Sample company, synthetic data.

CDN & edge Cloudflare 96%

Email auth DMARC p=reject 99%

TLS & HSTS valid chain 99%

WAF & bot Cloudflare WAF 93%

Cloud region AWS eu-central-1 90%

Hiring intent Platform roles open live

scanning northwind-saas.de

34 techs

96/100 confidence

full stack · 9 categories

Why Overt

A tech lookup you can trust.

Most detectors hand you a list and ask you to take it on faith — no proof it's right, and frozen the day they last crawled. When a site swaps its CMS or moves CDN, you're the last to know.

Overt shows the evidence behind every detection — and flags the moment it changes.

Evidence

Every finding ships with its receipt.

This is what Overt knows about any site — and how it knows it. The CNAME, the header, the script, the date. Sample data, real mechanics.

finding 01 · cdnconfidence 95%

Akamai CDN

www.borowik-logistyka.pl
  → CNAME → e8113.x.akamaiedge.net

The CNAME chain is the receipt — anyone can verify it.

finding 02 · analyticsconfidence 99%

Google Analytics 4 + Tag Manager

gtag('config', 'G-XXXXXXX')

Every detection carries its signal and a confidence score — the script, the header, the DNS record.

accountsample data

Borowik Logistics S.A.

revenue 142 mln zł · 380 employees · Warsaw

Where available, detections join to company data — size, location, registry info — so you know whose site you're looking at, not just what it runs.

When Overt isn't sure, the finding says so — a low-confidence detection ships with a low confidence score, not a confident guess.

Worldwide company surfaces mapped on demand, in any market

7 days maximum age of any company profile under watch

11 signal layers fused into one evidence-backed profile

1,000+ technologies detected — each with the receipt

The stack we read.
All of it.

Overt fingerprints 1,000+ technologies across every layer of a company's public footprint — and shows the exact signal behind each one. A sample of what it detects:

CDN & edge

Cloudflare
Akamai
Fastly
Amazon CloudFront
Azure Front Door
Google Cloud CDN

WAF, bot & DDoS

AWS WAF
Imperva
F5 BIG-IP
Akamai Bot Manager
DataDome
Cloudflare Bot Mgmt

Identity & access

Okta
Auth0
Microsoft Entra
Ping
ForgeRock
JumpCloud

Email security

Proofpoint
Mimecast
Microsoft Defender
Google Workspace
Barracuda
DMARC / SPF / DKIM

Cloud & hosting

AWS
Google Cloud
Microsoft Azure
Alibaba Cloud
DigitalOcean
Vercel

MarTech & analytics

Google Analytics
Adobe Analytics
Segment
HubSpot
Marketo
Amplitude

Observability & DevOps

Datadog
New Relic
Sentry
Dynatrace
GitHub
GitLab

Commerce & CMS

Shopify
WordPress
Adobe Experience Mgr
Magento
Salesforce Commerce
Contentful

…and hundreds more across appsec, CCaaS, CDP, consent, data platforms, e-sign, ERP, feature flags, payments and observability — re-verified continuously, never older than seven days.

market moves · sample

example-retail.com migrated Magento → Shopify Plus
example-media.com switched GA → Plausible
example-saas.io moved CDN → Cloudflare
example-store.com added Klaviyo
example-bank.com dropped jQuery
example-news.com adopted Next.js
example-shop.de removed Google Tag Manager
example-app.com added Stripe Checkout

How it works

The web re-reads itself.

A growing corpus of domains is re-verified on a continuous cycle — every profile under 7 days old. No crawl-then-export, no stale exhibit.
Signals become detections.

Headers, DNS records, scripts and certificates resolve into technology detections — each with the exact signal and a confidence score.
You look it up — or pull it.

Look up a single site, list every site on a technology, or watch for changes. Export CSV, call the API, or build it into your own tools.

Comparison

The same stack — with the proof, and the changes.

BuiltWith and Wappalyzer tell you what's installed. Overt does too — across 1,000+ technologies — but shows the exact evidence behind every detection and flags the day a site changes its stack. The same lookup, with an answer you can defend.

Plus the things the others skip — the evidence behind each detection, per-site change alerts, a 7-day freshness floor, and company size & registry data where available.

Capability	Overt	BuiltWith	Wappalyzer
Technology detection — all categories	✓	✓	✓
Find every site using a technology (lists + export)	✓	✓	✓
Public API	✓	✓	✓
Evidence + confidence behind each detection	✓	·	·
Per-site change history & alerts	✓	~	~
Continuously re-verified (freshness floor)	✓	~	~
Company context — size & registry data	✓	·	·

✓ full · ~ partial · · not offered. Category comparison of typical capabilities, not a feature audit of any one release.

See the full comparison — Overt vs BuiltWith & Wappalyzer

Built for anyone who needs to know what a site runs.

Sales, research, agencies, analysts — one engine pointed at the question you're trying to answer, with the evidence attached.

Sales & lead generation

Build target lists by the tech they run.

Find every company on a given CMS, payment provider or analytics tool, then export the list with the evidence behind each match — campaigns built on real signals, not guesses.

See the use case Competitive & market research

Track a market's tech adoption.

See who's gaining and losing share across CDNs, frameworks and commerce platforms — with the change history, so you catch migrations the day they happen.

See the use case Agencies & web teams

Qualify any prospect in seconds.

Look up a site's full stack before the call — hosting, CMS, marketing tools, what's gone stale — and walk in knowing exactly what they run.

See the use case

One engine

Everything in one place.

Look up a site, find every site running a technology, track what changes — in the app or through the API. Priced on what you use, not headcount.

01 Research & sales

Overt Lookup

Point Overt at any domain and get its full technology stack in seconds — every detection carrying the exact evidence behind it.

priced bylookups / month

02 Market research

Overt Lists & Trends

Find every site running a technology, filter and export the list, and track how adoption shifts across a market over time.

priced bylist rows + reports

03 Developers & teams

Overt API & Alerts

Pull lookup, list and change data through a documented API — and get alerted the day a watched site changes its stack.

priced byAPI credits + monitored sites

1,000+ technologies detected across every category:

Analytics
CMS
E-commerce
CDN & hosting
Frameworks
Marketing & tag managers
Payments
Security
DevOps & observability

Works with the tools you already run.

CSV export that imports clean into any CRM REST API with an OpenAPI spec Chrome extension that scores any site your team visits Webhook alerts into Slack, Teams or Google Chat

Enterprise & security

Built for the teams that get audited.

The same rigour we apply to reading a company's stack, we apply to our own. Governance, isolation and data rights are in the product today — not on a roadmap slide.

We read what's public. And we show our work.

Detection is passive — HTTP response headers, DNS records, certificate-transparency logs, public routing data and registries. No intrusion; active probing exists only as an opt-in check for targets you're authorized to assess. It runs on Cloudflare's network, with data stored in the EU. [DPA and sub-processor list available at signature.]

Roles & permissions

Four roles, ten granular permissions, enforced server-side on every request — not just hidden in the UI.

SSO & directory sync

SAML / OIDC single sign-on and SCIM provisioning, brokered through an enterprise identity layer.

Audit trail

Every member, key and billing action logged, tenant-scoped, and exportable for your reviews.

Tenant isolation

Strict per-workspace separation; a request can only ever read its own tenant — cross-tenant access is denied, not filtered.

Your data, on your terms

One-click workspace export (machine-readable) and permanent erasure — GDPR Article 20 and 17, built in.

Hardened by default

Content-Security-Policy, HSTS, signature-verified webhooks, per-tenant rate limits, and no third-party trackers on the app.

API & data feed

Scoped API keys, an OpenAPI contract, and change-feed webhooks to Slack, Teams or your warehouse.

EU-aware data handling

Company data is public-infrastructure signal, not personal data; corpus held in the EU, sub-processors disclosed.

Where we stand — GDPR-ready and data-minimised today; auth currently processed in the US (disclosed in our privacy policy), EU residency available on enterprise. SOC 2 is on the roadmap, and we'll say so honestly until it's signed — no badge theatre.

Questions people actually ask

Where does the data come from?

From what companies publish to the internet by operating there: response headers, DNS and email records, TLS certificates, routing announcements, public job boards, and official company registries. Nothing requires access to the target’s systems.

How accurate is it?

Accurate enough to show its work. Every finding carries the exact signal it was derived from and a confidence score; a CNAME match is treated differently from an HTML hint, and the score says so. When we’re not sure, you see that too.

Is this GDPR-safe?

Detection reads publicly observable infrastructure signals about companies, not individuals. Company records come from public registries. Contact enrichment inside the product uses licensed data providers. [A DPA and sub-processor list are available at signature.]

How global is the coverage?

Any public domain in the world can be scanned on demand, with the same evidence model. The always-fresh corpus layer goes deep market-by-market — the first market is live today, and the expansion sequence is being set with early-access partners.

How is this different from BuiltWith or Wappalyzer?

They detect technologies; so does Overt, across 1,000+ of them. The difference is what ships with each detection — the exact evidence behind it, a confidence score, per-site change alerts, and company context where available. The same lookup, with an answer you can verify and act on.

What does it cost?

Start free, no card. Paid plans add a flat monthly fee with an included allotment of lookups, list rows and API calls — and you only pay overage on the meter you actually push. See the pricing page for current tiers.

Can I try it without signing up?

Yes — look up any site free from the homepage, no account needed. You’ll see its detected stack with the evidence behind each finding. Sign up when you want lists, the API, change alerts or higher volume.

Book a live scan

See your territory the way Overt sees it.

Bring your accounts. Leave with findings you can quote.

Or read any company free, no signup — type a domain →

Early access · Poland-deep, EU-bound · Built by a security-channel sales team for security-channel sales teams