What is Wappalyzer?

Wappalyzer is a small Firefox Add-On which hooks into the bottom status bar of your Firefox. It displays icons of recognized web applications in the lower right corner and at the same time sends these informations to the Wappalyzer server. Statistics are counted for currently 70 applications. More than 23.000 users already installed the plugin and visited about 256.000 websites with the amount of more than 7.000.000 pages. And this is increasing, the service reseted all statistics at January 23, so these values were counted in less than 3 weeks!

Webapplyzer Screenshot

As you can see from the screenshot, the BIGACE website uses JQuery and ... obviously BIGACE ;)  Especially for experienced web user its always very interesting to see, which frameworks/apps are used by his favourite sites.

And why do I post all of this? Well, because with the latest version of Wappalyzer 1.2.6 BIGACE detection was integrated into Wappalyzer. ElbertF (the founder of Wappalyzer) was so friendly to accept my request to add BIGACE to the list of apps.

I tried a couple of sites from our Showcases Forum and around 60% of them are properly recognized as BIGACE'd.

What to do if your website is not recognized?

In the current version Wappalyzer recognizes BIGACE by a meta tag:

<meta name="generator" value="BIGACE xxxxx">

or by a link

Powered by <a href="xxxxx">BIGACE xxxx</a>

If you want your page to be counted as BIGACE site, add one of these two code snippets at least to one page and open this page with activated Wappalyzer in your Firefox. You could add this to the content of one page, but I recommend to put it into your template, so the chance that other user report your website as "BIGACE infected"  increases a lot :D

Why should you use/support Wappalyzer? What are my pros?

Well, at first you are part of the Community. Yeah! Counting stats and pushing BIGACE and all the other great tools out there is an interesting task, resulting possibilities are going way deeper than I want to discuss it here.

And, this is for all of you running any tool recognized by Wappalyzer at your website (I hope it is BIGACE...), you will get a couple of valueable backlinks from the Wappalyzer detail page. For example have a look at the detail page of bigace.de, you'll find one nofollow backlink to your page and four backlinks to well known information services which themselves also give backlinks... interesting for your SEO work!

It's simply a cool tool which gives you a quick overview about the tools the current page uses.

Cons and possible improvements

Your IP adress is logged, surfing profiles of you could be created. Big Brothers watching you... and in the Privacy Statement that option is not declined! It says "we do not share any personal information you may provide with others" and "user's IP address is stored for statistical purposes". Don't get me wrong, counting surfing stats is done by a lot of tools, like Google Toolbar and many more. I never liked that idea and always get a sinking feeling from it, obviously I use Wappalyzer nevertheless...

It is not possible to deactivate the saving of your IP adress. Please Elbert, add an option! This doesn't need to be activated by default, but it would be great if it would be possible. Yes, you still need to trust the service to really not save the datat, but it would feel way better, if you could activate an "anonymous" mode.

I would love to set options to completely deactivate these "phoning home" as well. I could imagine surfing the web and only see the icons as information for myself. I don't want to edit the overlay.js and remove the "broken image" that activates the call (in method phoneHome) for that.

If yuo want to know how to deactivate the wappalyzer call home, post a comment here.

Exploiting (Spamming) Wappalyzer

Yes, Wappalyzer can be exploited/spammed in its current implementation easily. Just edit the overlay.js file in the wappalzer extension directory and change the regexp rules to match any page you want. I am not a bad guy, so I just tested different methods with four pages. But with the current server techniques behind it, this is an invitation for all spammers. You could, even easier, grab a list of your domains and apply them with randomly choosen tools by opening a special URL (which I will not publish here).

How could it be solved? Well, it could be quite simple. New domains should be stored in a extra database and only applied to the real-time-stats after a server side check. The server should load the HTML and scan it with the same regexp rules that apply on client side. That said the reported tools need to match on both server and client. But *woops* this is not possible, because the Add-On currently only sends the domain, not the full URL. I found a lot of pages where BIGACE is stored in a sub-folder, so my idea for this check would fail, and this applies to many many pages and tools out there, this is not a BIGACE related question.

Well, I tried to contact the developer about that, still waiting for a reply how he sees the problem. Probably it is enough to set the links to nofollow to stop most of the spam, pushing its own tool would still be possible in that way... but I hope this is of no interest for most of tool maintainer.

Oh, and @Elbert, if you read this: I hope you are willing to remove four pages (crazyegg.com, wappalyzer.com, getsatisfaction.com and heise.de) which "accidentally" found their way into the BIGACE stats ;-D

At the end this is no problem for you as user, but its a problem for the credibililty of the counted statistics.

Try Wappalyzer!

Its a fun tool and you can still deactivate it in your Firefox AddOn dialog.