Wappalyzer - Technology profiler
Version 6.12.2 View in Chrome Web Store
Extension Details
Context-Aware Verdict
Wappalyzer is a well-established technology profiling tool with 3 million users and a strong 4.6-star rating from 2,000 reviews. The extension is developed by wappalyzer.com, a legitimate company known for website technology analysis. The high user base and positive ratings suggest it's a trusted tool in the web development and security analysis community.
The extension's permissions are extensive and powerful, which creates significant security risks despite its legitimate purpose. The combination of cookies, webRequest, tabs permissions with broad host access (all HTTP/HTTPS sites) means this extension can monitor, intercept, and potentially modify all web traffic. While these permissions are necessary for technology profiling, they also create opportunities for data collection, tracking, and potential misuse. The ability to access cookies across all sites is particularly concerning from a privacy perspective.
Given the critical risk level but legitimate use case, consider running this extension in a dedicated Chrome profile used only for web development or security analysis work. Avoid using it in your primary browsing profile where you access sensitive sites like banking or personal accounts. Regularly review the extension's privacy policy and consider alternatives with more limited scope if you only need basic technology detection. Monitor for any unusual network activity when the extension is active.
Findings
Security Analysis Details
Required Permissions:
- cookies
- storage
- tabs
- webRequest
Optional Permissions:
- downloads
Host Permissions:
- http://*/*
- https://*/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'
Embedded URLs (7190 total):
| https://www.wappalyzer.com | https://wappalyzer.com | |
| https://www.wappalyzer.com/?utm_source=popup&utm_medium=extension&utm_campaign=wappalyzer | https://www.wappalyzer.com/technologies/report-an-issue/?utm_source=popup&utm_medium=extension&utm_campaign=wappalyzer&url=__URL__&version=__VERSION__ | |
| https://www.wappalyzer.com/privacy/?utm_source=popup&utm_medium=extension&utm_campaign=wappalyzer | https://addons.mozilla.org/firefox/addon/wappalyzer/privacy/ | |
| https://www.wappalyzer.com/plus/?utm_source=popup&utm_medium=extension&utm_campaign=wappalyzer | https://www.wappalyzer.com/apikey/?utm_source=popup&utm_medium=extension&utm_campaign=wappalyzer | |
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd | http://www.inkscape.org/ | |
| http://purl.org/dc/elements/1.1/ | http://creativecommons.org/ns# | |
| http://www.w3.org/1999/02/22-rdf-syntax-ns# | http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd | |
| http://www.inkscape.org/namespaces/inkscape | http://purl.org/dc/dcmitype/StillImage | |
| http://www.bohemiancoding.com/sketch | http://www.serif.com/ | |
| https://sketchapp.com | http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd | |
| https://github.com/dart-lang/site-shared/blob/9a120190712fc501599945ad9a9bb10d0bb16e92/src/_assets/image/dart/logo/default.svg | http://www.w3.org/2000/svg" | |
| http://www.w3.org/1999/xlink" | http://www.w3.org/1999/xhtml" | |
| https://sketch.com | https://www.wappalyzer.com/installed/?utm_source=installed&utm_medium=extension&utm_campaign=wappalyzer | |
| https://www.wappalyzer.com/upgraded/?utm_source=upgraded&utm_medium=extension&utm_campaign=wappalyzer | https://ping.wappalyzer.com/v2/ | |
| https://www.wappalyzer.com/technologies/ | https://api.wappalyzer.com/v2/plus/ | |
| https://clients2.google.com/service/update2/crx | https://www.wappalyzer.com/ | |
| https://www.11sight.com | https://www.1c-bitrix.ru | |
| https://www.220marketing.com | https://www.24nettbutikk.no | |
| https://www.2b-advice.com/en/data-privacy-software/cookie-consent-plugin/ | https://2click.pl | |
| https://2people.com | https://www.321web.cz | |
| https://www.33across.com | https://www.34sp.com | |
| https://4-tell.com | https://www.42chat.com | |
| https://www.42stores.com | https://4partners.io/en/ | |
| https://4partners.io/en/4p-cms | https://www.51.la | |
| https://51degrees.com | https://www.5centscdn.net | |
| https://6valley.app | https://6sense.com | |
| https://www.7shifts.com | https://www.7moor.com | |
| https://www.8x8.com | https://91app.com | |
| https://www.99minds.io | https://modelviewer.dev | |
| https://github.com/sulu/web-js | https://hyperscript.org | |
| https://aframe.io | https://mya2zevents.com | |
| https://www.a8.net | https://www.abtasty.com | |
| https://ablyft.com | https://commercesuite.aboutyou.com | |
| https://abp.io/ | https://www.ebis.ne.jp | |
| https://adfox.yandex.ru | https://afthemes.com/products/covernews | |
| https://www.ai-log.biz/ | https://aimeos.org | |
| https://ainiro.io | https://all-inkl.com | |
| https://www.amp.dev | https://amp-wp.org | |
| https://www.andcommerce.com.br/ | https://www.ans.co.uk |
Raw Manifest
{ "name": "Wappalyzer - Technology profiler", "icons": { "16": "images/icon_16.png", "19": "images/icon_19.png", "32": "images/icon_32.png", "38": "images/icon_38.png", "64": "images/icon_64.png", "128": "images/icon_128.png", "256": "images/icon_256.png", "512": "images/icon_512.png", "1024": "images/icon_1024.png" }, "action": { "default_icon": { "16": "images/icon_16.png", "19": "images/icon_19.png", "32": "images/icon_32.png", "38": "images/icon_38.png", "64": "images/icon_64.png", "128": "images/icon_128.png", "256": "images/icon_256.png", "512": "images/icon_512.png", "1024": "images/icon_1024.png" }, "default_popup": "html/popup.html", "default_title": "Wappalyzer" }, "author": "Wappalyzer", "version": "6.12.2", "background": { "scripts": [ "js/wappalyzer.js", "js/utils.js", "js/index.js" ], "service_worker": "js/background.js" }, "options_ui": { "page": "html/options.html", "open_in_tab": false }, "short_name": "Wappalyzer", "update_url": "https://clients2.google.com/service/update2/crx", "description": "Identify web technologies", "permissions": [ "cookies", "storage", "tabs", "webRequest" ], "homepage_url": "https://www.wappalyzer.com/", "default_locale": "en", "content_scripts": [ { "js": [ "js/content.js" ], "run_at": "document_idle", "matches": [ "http://*/*", "https://*/*" ] } ], "host_permissions": [ "http://*/*", "https://*/*" ], "manifest_version": 3, "optional_permissions": [ "downloads" ], "minimum_chrome_version": "121", "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "http://*/*", "https://*/*" ], "resources": [ "js/js.js", "js/dom.js" ] } ], "browser_specific_settings": { "gecko": { "id": "wappalyzer@crunchlabz.com", "strict_min_version": "121.0" } } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.