When you paste a URL into the Anonymiz AI Website Detector and hit Detect, a verdict appears in seconds. But what is actually happening behind the scenes? How does a tool identify whether a site was built with Framer AI, Wix ADI, Bolt.new or a custom codebase from a single URL? This article explains the full detection pipeline.
Step 1: Fetching the Page
The detector makes an HTTP GET request to the target URL, capturing the full HTML response including headers. This initial fetch retrieves the page source — the raw HTML that your browser receives before any JavaScript executes. This is the richest single source of AI builder signals.
Step 2: Meta Tag Analysis
The first pass scans the HTML head section for generator meta tags. These are the simplest and most reliable signal. Many AI builders output them by default and site owners rarely remove them.
Examples the detector looks for:
<meta name="generator" content="Framer"><meta name="generator" content="Webflow"><meta name="generator" content="Wix.com Website Builder"><meta name="generator" content="Squarespace">
A generator tag match alone is enough for high-confidence identification. If it is present, the verdict is returned immediately without needing further signals.
Step 3: CDN and Asset Domain Scanning
Every AI builder hosts its assets — images, fonts, stylesheets, JavaScript bundles — on its own infrastructure. The detector scans all src, href and data attributes in the HTML for domain patterns:
- framerusercontent.com — Framer
- uploads-ssl.webflow.com or webflow.com/assets — Webflow
- static.wixstatic.com or wix.com — Wix
- cdn.shopify.com — Shopify
- squarespace-cdn.com — Squarespace
- vercel.app, vercel-storage.com — Vercel-deployed apps (Bolt.new, v0, Lovable)
- netlify.app — Netlify-deployed apps (Bolt.new, Cursor)
Multiple CDN signals from the same builder increase confidence. A single image from framerusercontent.com plus a script from framer.com is near-certain.
Step 4: CSS Class Pattern Matching
AI builders generate predictable CSS class names. The detector scans the HTML for class attribute patterns using regular expressions:
- Framer: classes matching
framer-[a-z0-9]+throughout the document - Webflow:
w-nav,w-container,w-row,w-col,w-section - Wix:
data-testidattributes with Wix-specific identifiers,wixui-prefixed classes - Squarespace:
sqs-prefixed classes - Jimdo:
cc-prefixed classes with Jimdo-specific patterns
CSS class matching is useful as a secondary signal because it survives even when meta tags are removed.
Step 5: JavaScript Bundle Analysis
The detector inspects script tags and inline JavaScript for builder-specific patterns:
- Framer injects a runtime script with recognisable variable names
- Bolt.new and Lovable.dev generate Vite build artifacts with predictable chunk names
- Webflow injects webflow.js from their CDN
- Shopify injects Shopify.theme and analytics scripts
- Wix injects multiple wix.com scripts including thunderbolt
Script source URLs and inline JS content both contribute to the confidence score.
Step 6: DNS and Hosting Fingerprinting
For sites where HTML signals are inconclusive, the detector performs DNS lookups. CNAME records pointing to builder infrastructure are strong signals:
- *.framer.app CNAME — Framer hosting
- *.webflow.io CNAME — Webflow hosting
- *.vercel.app CNAME — Vercel (common for Bolt.new, v0, Lovable)
- *.netlify.app CNAME — Netlify (common for Bolt.new, Cursor)
- *.myshopify.com A record — Shopify
DNS signals are particularly useful for detecting AI-built sites that have had their HTML cleaned up or use a headless CMS approach where builder fingerprints are not in the page source.
Step 7: Confidence Scoring
Each signal type has a weight. The detector aggregates all matched signals into a confidence score from 0 to 100:
- Generator meta tag match: 90 points (near-certain identification)
- CDN domain match: 70 points per matching domain
- CSS class pattern match: 50 points
- JavaScript bundle match: 60 points
- DNS hosting match: 65 points
Multiple signals from the same builder compound. A site with a Framer generator tag, framerusercontent.com assets and .framer-abc123 CSS classes scores 100% confidence. A site with only Netlify hosting and Vite bundles might score 55% — Bolt.new or Lovable.dev probable but not certain.
Why Detectors Cannot Be Fooled Easily
A site owner could theoretically remove the generator meta tag. But they cannot easily change where their assets are hosted without rebuilding the entire site. They cannot rename CSS classes generated by the builder without breaking the site. They cannot change what CDN serves their fonts and images. The deeper signals — CDN domains, CSS patterns, JS bundles — are baked into the build output and cannot be stripped without abandoning the platform.
The Anonymiz AI Website Detector currently checks over 40 signals across all seven detection methods, identifying 20+ AI builders and CMS platforms with accuracy above 95% for the most common platforms.
