How to Tell If a Website Uses Amplitude
Amplitude is a leading product-analytics platform. Detect it through the cdn.amplitude.com script, the global amplitude object, api2.amplitude.com beacons and amp_ cookies.
Amplitude is one of the two or three dominant product-analytics platforms, used by software teams to understand how people actually behave inside their apps. To tell whether a site uses it, the fastest checks are to look for a script from cdn.amplitude.com in the Network tab or to type amplitude into the browser console. Here is the complete detection playbook, the mechanics behind each signal, and what an Amplitude install reveals about the business.
What is Amplitude?
Amplitude is an event-based analytics platform focused on behavioural and retention analysis. Where a marketing tag records page views, Amplitude records meaningful product events — Sign Up Completed, Project Created, Invite Sent — and stitches them into funnels, cohorts and lifecycle reports. It competes most directly with Mixpanel and Heap, and is one of the anchor tools of the modern product-analytics category.
Because implementing Amplitude requires engineers to instrument events in code (or wire it up through a CDP), its presence signals a product-led, data-mature organisation. It is common on SaaS web apps, fintech and consumer apps, and on the marketing sites that sit in front of them. Amplitude also offers a generous free tier, so you will find it on everything from seed-stage startups to public companies — which is part of what makes detecting it such a broadly useful signal.
How Amplitude loads and sends data
The modern Amplitude Browser SDK is loaded from cdn.amplitude.com, either as a versioned amplitude-*.min.js file or as a single /script/<API_KEY>.js bundle that embeds the project's API key directly in the URL. The page calls amplitude.init('<API_KEY>') to start a session.
From then on, each tracked event is added to a batch and POSTed to Amplitude's HTTP V2 endpoint, api2.amplitude.com/2/httpapi (or api.eu.amplitude.com for EU data residency). The payload is JSON listing the events, their properties, and the device and session identifiers. Before upload, events queue in localStorage under keys such as amplitude_unsent and amplitude_unsent_identify, and identity persists in amp_/amplitude_-prefixed cookies. Those storage artefacts are why Amplitude is detectable even when the network beacon is proxied.
How to tell if a website uses Amplitude
1. View the page source. Search for amplitude. You will typically find a snippet that loads the SDK from cdn.amplitude.com and calls amplitude.init('<API_KEY>') or, in newer deployments, references the /script/<API_KEY>.js bundle.
2. Check the Network tab. Filter for amplitude. Expect the library download from cdn.amplitude.com/libs/amplitude-*.min.js (or the /script/ bundle) and tracking beacons posted to api2.amplitude.com/2/httpapi. EU setups post to api.eu.amplitude.com.
3. Use the console. Type amplitude and press Enter. A live install returns the SDK object with methods such as track/logEvent, getDeviceId, getSessionId and setUserId. Running amplitude.getDeviceId() returns the device identifier — definitive proof.
4. Inspect cookies and storage. Look for cookies prefixed amp_ or amplitude_ and localStorage keys including amplitude_unsent and amplitude_unsent_identify, which hold queued events before they are uploaded.
What the Amplitude signals look like
A tracking call in the Network tab looks like:
POST https://api2.amplitude.com/2/httpapi
{"api_key":"a1b2c3...","events":[{"event_type":"Page Viewed","device_id":"...","session_id":...,"event_properties":{...}}]}
And in storage:
localStorage: amplitude_unsent_<api_key> = [ ... queued events ... ]
Cookie: amp_a1b2c3 = ...deviceId...
The pairing of the cdn.amplitude.com library, the amplitude global and the api2.amplitude.com/2/httpapi beacon is conclusive.
Amplitude versus similar tools — avoiding false positives
Amplitude is frequently loaded via Segment or another customer-data platform, so the cdn.amplitude.com request may appear only after those scripts run — always check the live page. Teams concerned about ad blockers sometimes proxy Amplitude through a first-party domain, hiding the hostname; the amplitude global and the amplitude_unsent storage keys then become your strongest evidence. And keep the three big product-analytics tools straight: Amplitude (cdn.amplitude.com, amplitude global, api2.amplitude.com), Mixpanel (cdn.mxpnl.com, mixpanel global) and Heap (cdn.heapanalytics.com, heap global). They overlap in purpose but never in fingerprint.
Why it is worth knowing a site uses Amplitude
For B2B sales and competitive research, Amplitude is a clear marker of a software product with a measurement culture — the kind of company that invests in analytics, experimentation and data tooling, and that has product managers and growth teams as buyers. For product teams, identifying a competitor's analytics stack hints at how rigorously they track behaviour and which lifecycle metrics they optimise. For agencies and consultancies, an Amplitude install can flag a client who needs help with event taxonomy, dashboards or data governance. And for technical due diligence or migration planning, the analytics layer is a core part of the data architecture you need to map, because re-instrumenting events during a migration is one of the most error-prone tasks a data team faces.
How reliable is each Amplitude signal?
Weight the signals carefully. The POST to api2.amplitude.com/2/httpapi (or api.eu.amplitude.com) is definitive — it is a real event upload. The amplitude_unsent localStorage queue and the amp_/amplitude_ cookies are close behind because that naming is Amplitude-specific. The amplitude global is strong, and amplitude.getDeviceId() returning a value is conclusive proof the SDK initialised. The static cdn.amplitude.com script reference is the weakest signal on its own, because the bundle can be present without a live API key. The practical rule mirrors the other product-analytics tools: one definitive signal (beacon, queue, or a working getDeviceId()) settles it; a lone script tag is only a lead.
What an Amplitude install reveals about a company
Amplitude is a deliberate engineering choice, so finding it marks a product-led organisation that has invested in understanding behaviour rather than just traffic. The events it tracks reveal the company's mental model: a site instrumented around activation, feature adoption and retention is run by a team that thinks in cohorts and lifecycle stages, which is the classic product-led-growth profile. Because Amplitude has a strong free tier, you will find it across the maturity spectrum — but a paid deployment (inferable when you see advanced behaviour like session replay or experiment exposure events) signals real budget and a dedicated analytics or growth function.
There is also stack context to read. Amplitude is frequently fed by Segment, so if you also see window.analytics, you are looking at a mature pipeline where Amplitude is one destination among several — a higher-sophistication, higher-budget account. Amplitude also sells experimentation and CDP products, so an Amplitude install can be a doorway to inferring a wider Amplitude footprint. For competitive teams, knowing a rival runs Amplitude tells you they can answer retention and funnel questions quickly, which is worth factoring into how you benchmark them.
A quick Amplitude detection checklist
- Filter the Network tab for
amplitude; a POST toapi2.amplitude.com/2/httpapiis conclusive. - Search the source for
cdn.amplitude.comand theamplitude.init('<key>')call or/script/<key>.jsbundle. - Type
amplitudein the console and runamplitude.getDeviceId()to confirm. - Check localStorage for
amplitude_unsentand cookies foramp_/amplitude_. - Look for Segment (
window.analytics) feeding Amplitude as a destination. - Treat a bare
cdn.amplitude.comscript tag as a lead, not proof.
Amplitude in a modern measurement stack
Amplitude is best understood as the product-analytics layer that sits beside, not instead of, a marketing analytics tool. A typical stack pairs Google Analytics 4 (acquisition, channels, campaigns) with Amplitude (activation, retention, feature adoption), so finding Amplitude should prompt you to look for GA4 too — their coexistence signals a team that deliberately separates the two measurement jobs.
Amplitude has also expanded well beyond analytics: it sells experimentation (feature flags and A/B testing) and a CDP. So an Amplitude tag can be the visible tip of a wider Amplitude footprint, and you may spot experiment-exposure events or flag evaluations in the event stream — strong evidence of a team running controlled experiments, which is a sophistication and budget signal. As with Mixpanel, many mature setups feed Amplitude from a warehouse or a CDP rather than purely client-side, so a lighter browser footprint does not always mean lighter usage.
For an auditor, capture the API key, whether the deployment is the older amplitude-js or the newer unified SDK, whether Segment is present, and whether GA4 coexists. Note any experimentation activity. Those details let you gauge how data-driven the organisation really is — the difference between a team that installed a tag and one that runs its roadmap on cohort and retention analysis.
Detecting Amplitude at scale
The console check is instant for one page. To profile many domains at once — for example, to build a list of product-led SaaS companies for outbound — use an automated detector. StackOptic recognises Amplitude and thousands of other technologies from a real browser, so CDP-injected installs are caught. For context, read how to find out what analytics a website uses and the full Amplitude profile.
Frequently asked questions
What is the quickest way to detect Amplitude?
Open developer tools, go to the Network tab, reload and filter for 'amplitude'. You will see the library download from cdn.amplitude.com and tracking POSTs to api2.amplitude.com/2/httpapi. Either request confirms Amplitude is running on the page.
How do I confirm Amplitude in the console?
Type amplitude in the Console tab and press Enter. On a site that uses it you get back the SDK instance, exposing methods like track or logEvent, getDeviceId and getSessionId. Running amplitude.getDeviceId() returns the visitor identifier, which is conclusive proof.
Where does Amplitude send tracked events?
The modern Browser SDK posts events to api2.amplitude.com/2/httpapi; some EU deployments use api.eu.amplitude.com. In the Network tab these appear as POST requests with a JSON body listing the events, their properties and the device and session identifiers.
What storage does Amplitude use?
Amplitude persists identity and a queue of unsent events in cookies prefixed amp_ or amplitude_ and in localStorage keys such as amplitude_unsent and amplitude_unsent_identify. Checking storage is a useful confirmation when a proxy hides the network hostname.
What does using Amplitude say about a company?
Amplitude is a serious product-analytics platform used to analyse feature adoption, funnels and retention. Finding it usually means the site belongs to a software product or product-led company with a mature data practice, which is valuable qualifying information for B2B sales and competitive analysis.
Analyse any website with StackOptic
Get the full technology stack, performance, security and SEO report in seconds — free.
Analyse a websiteRelated articles
How to Tell If a Website Uses Heap
Heap (Heap Analytics) autocaptures product events. Detect it via the cdn.heapanalytics.com script, the global heap object, heapanalytics.com beacons and _hp2 cookies.
How to Tell If a Website Uses Foundation
Foundation (by Zurb) is a responsive front-end framework. Detect it via its grid classes (row/columns, grid-x/cell), data-* component attributes and the foundation.css/js files.
How to Tell If a Website Uses Crisp
Crisp is a developer-friendly, affordable live-chat and messaging tool. Detect it via the client.crisp.chat/l.js script, the window.$crisp object and the CRISP_WEBSITE_ID value.