RevealTheme logo

Detection Guide · 2026

How to Detect Drupal Theme on Any Website

Drupal powers many government, education, and enterprise sites. Detection involves finding characteristic URL paths and Drupal-specific markers.

Fastest way: use our free detector

Paste any URL and get the Drupal theme, plugins, and stack in 2 seconds.

Open the Drupal Detector →

What our detector looks for

sites/default/themes URL paths

Drupal serves themes from /sites/default/themes/[theme-name]/ or /themes/[theme-name]/. Asset URLs leak the theme name.

Where: HTML <link> and <script> tags

drupalSettings JavaScript variable

Drupal exposes window.drupalSettings on every page. It contains the active theme and module list.

Where: Inline <script>

Drupal.behaviors and jQuery.once

Drupal's JavaScript framework uses Drupal.behaviors patterns visible in source files.

Where: JavaScript files

X-Generator header

Many Drupal sites add 'X-Generator: Drupal X' to response headers.

Where: HTTP response headers

Generator meta tag

Drupal core sets <meta name='Generator' content='Drupal X (https://www.drupal.org)'>.

Where: HTML <head>

Manual inspection checklist

If the detector returns inconclusive results, walk through these manual checks in your browser's developer tools (right-click → Inspect):

  1. 1

    View source. Search for 'sites/default' or 'Drupal.behaviors' — present on most Drupal sites.

  2. 2

    DevTools Console → type drupalSettings — if Drupal, returns the settings object including the theme name.

  3. 3

    Check the meta generator tag in <head>.

  4. 4

    Look for /sites/all/ or /sites/default/files/ URL paths.

  5. 5

    Look for response header X-Generator or check Drupal-specific paths like /user/login.

Why identify a site's stack?

Three legitimate reasons: competitive research (which tools is the leader in your space using?), lead qualification (does this prospect's site qualify for your service?), and migration planning (you need to know the current stack before quoting a redesign).

All of the above are public-record activities — every signal we check is visible in the page's HTML or HTTP response, the same data anyone with View Source can see. We just parse it faster and present it cleanly.

What detection can't tell you

Detection identifies what's running. It can't tell you why a site chose that stack, how much they spend on it, who their developer is, or what their roadmap is. For those, talk to a human.

It also can't see through aggressive caching, headless setups, or themes built from scratch without the framework's default markers. We flag low-confidence detections so you know when to dig deeper.

Subscribe for updates

We do not sell your email. We do not spam.

© 2026 RevealTheme. All rights reserved.