Tech Stack Guides

How to Tell if a Website Uses HubSpot

HubSpot leaves clear fingerprints: js.hs-scripts.com tracking code, hubspotutk and __hstc cookies, and hsforms embeds. Here is how to detect it quickly.

StackOptic Research Team25 May 20269 min read
Detecting whether a website uses HubSpot CRM and marketing software

If you want to know whether a website uses HubSpot, the fastest answer is to open the DevTools Network tab and reload, then look for a request to js.hs-scripts.com — that is HubSpot's tracking code, and finding it is close to conclusive. Two more checks confirm it: open Application > Cookies and look for the hubspotutk visitor token (alongside __hstc and __hssc), or View Source and search for hs-scripts, hsforms or hubspot. A HubSpot form embed loading from js.hsforms.net is another unmistakable tell. This guide walks through every signal, shows how to capture the account's portal ID, and explains what running HubSpot reveals about a company.

It sits alongside the broader how to find out what technology a website uses and pairs closely with how to find out what analytics a website uses, since HubSpot's tracking is part of a site's measurement layer.

What HubSpot is, briefly

HubSpot is an all-in-one CRM and marketing platform that bundles a contact database, marketing automation, forms and landing pages, email, a CMS and sales tooling into one suite. The relevant consequence for detection is that HubSpot injects several distinct pieces of client-side code into a site — a tracking script, form-rendering libraries, an analytics library and a set of cookies — each with a recognisable HubSpot domain or name. Because these components are designed to load consistently across every HubSpot-powered site, they form a stable, identifiable fingerprint. A company might use the whole suite or only part of it (forms only, or CRM tracking only), but whichever pieces are live announce themselves in the browser.

Signal 1: the hs-scripts tracking code

The single most reliable HubSpot fingerprint is its tracking script, loaded from js.hs-scripts.com. HubSpot's standard install places a snippet that loads a file at js.hs-scripts.com/PORTALID.js, where PORTALID is the account's numeric Hub ID. When you load a HubSpot-powered site and watch the Network tab, that request stands out by domain. It is the script that drops HubSpot's cookies, tracks page views, and ties anonymous activity to contact records once a visitor identifies themselves through a form. Seeing a js.hs-scripts.com request is essentially proof that HubSpot's tracking is installed — no other common tool uses that domain — and the number in the URL hands you the portal ID at the same time.

Signal 2: the HubSpot cookies

HubSpot's tracking code sets a recognisable cluster of first-party cookies, which you can read in DevTools under Application > Cookies (Chrome) or Storage (Firefox). The headline one is hubspotutk, the HubSpot visitor token — a unique ID HubSpot uses to recognise a visitor across sessions and link their behaviour to a CRM contact. Alongside it sit __hstc (the main tracking cookie, recording visitor history and timestamps) and __hssc (the session cookie). You may also see __hssrc and, where HubSpot's cookie-consent banner is used, an hs-banner-style consent cookie. Finding hubspotutk plus __hstc/__hssc is a strong, independent confirmation of HubSpot even before you look at the scripts.

Signal 3: HubSpot forms and analytics libraries

HubSpot's forms and analytics each load from their own domains. Forms are served via js.hsforms.net (the forms embed library) and submit to forms.hsforms.com or HubSpot's forms API, rendering with tell-tale hs-form classes and HubSpot field markup. If a site embeds a HubSpot form — a contact form, a content-download gate, a newsletter signup — you will see the hsforms request and the hs-form DOM. Separately, HubSpot's analytics library loads from js.hs-analytics.net, the script behind its traffic and behaviour reporting. So even a site that uses HubSpot mainly for lead capture will expose the forms domain, and one using its analytics will expose hs-analytics.net. Each domain names HubSpot directly.

Signal 4: banners, CTAs and the portal ID

A few supporting signals round out the picture. HubSpot's cookie-consent banner (when enabled) loads its own script and sets an hs-banner-style cookie, indicating the site uses HubSpot's consent tooling rather than a third-party CMP. HubSpot CTAs (the call-to-action buttons it can manage) load from HubSpot's CTA domain and carry HubSpot identifiers. And running through all of these is the portal ID — the numeric account identifier that appears in the hs-scripts URL, inside the cookies, and in form and CTA embeds. Capturing the portal ID is valuable because it both confirms HubSpot and pins down the specific account, which is useful when you are comparing properties or verifying that two sites belong to the same HubSpot instance.

The signal table

SignalWhere to find itWhat it means
js.hs-scripts.com/PORTALID.jsNetwork tab, View SourceHubSpot tracking code — strongest single signal
hubspotutk cookieApplication > CookiesHubSpot visitor token — strong, independent confirmation
__hstc / __hssc cookiesApplication > CookiesHubSpot tracking and session cookies
js.hsforms.net, forms.hsforms.com, hs-form markupNetwork tab, ElementsHubSpot forms in use
js.hs-analytics.netNetwork tabHubSpot analytics library
hs-banner consent cookie / banner scriptApplication > CookiesHubSpot cookie-consent tooling
Portal ID (number in script URL/cookies)Network tab, View SourceIdentifies the specific HubSpot account

Any single row is a strong signal; the tracking script plus the cookies together are conclusive.

Method 1: the DevTools Network tab

The most thorough check is to watch what loads. Open DevTools (F12), go to the Network tab, and reload. Type hs or hubspot into the filter box to narrow the list, and look for requests to js.hs-scripts.com, js.hsforms.net, js.hs-analytics.net and HubSpot's other domains. The js.hs-scripts.com/PORTALID.js request is the headline result, and the number in its path is the portal ID. This method is reliable because it shows exactly what the browser fetches, including HubSpot components that are injected dynamically rather than written into the static HTML. It also lets you see HubSpot loading alongside any other tools, which matters for an accurate read of the full stack — the same Network-tab discipline used throughout analytics detection.

Method 2: the cookies and Console

For an independent confirmation, look at storage. In DevTools, open Application > Cookies (Chrome) and select the site's domain; scan for hubspotutk, __hstc, __hssc and any hs-banner consent cookie. Their presence confirms HubSpot's tracking is active in your session. You can corroborate in the Console too — HubSpot exposes objects such as _hsq (the HubSpot analytics queue the snippet pushes events into), so typing typeof _hsq and seeing "object" is a supporting signal. The cookie check is especially useful because it confirms the tracking actually fired, not merely that a script was referenced.

Method 3: View Source

A static source check is quick and catches the eagerly loaded pieces. Open the page, press Ctrl/Cmd + U, and search for hs-scripts, hsforms, hs-analytics, hubspot or hs-form. The HubSpot tracking snippet and any embedded form markup live in the server-rendered HTML, so a source search surfaces them along with the portal ID. The caveat is the usual one: components injected only after the page loads (a chat widget, a delayed form) may not appear in the raw source, so if the source comes up thin but you suspect HubSpot, fall back to the Network tab. For a refresher on reading raw HTML for signals like these, see how to find out what technology a website uses.

A worked example

You are sizing up a B2B competitor. You load their site, open the Network tab, type hs into the filter, and immediately see js.hs-scripts.com/2451234.js — HubSpot's tracking code, portal ID 2451234 captured. You switch to Application > Cookies and find hubspotutk, __hstc and __hssc, confirming the tracking fired. Scrolling to their resources page, you hit a gated ebook behind a form that loads from js.hsforms.net and renders with hs-form classes — so they use HubSpot forms for lead capture too. The Console shows a _hsq object. But you also notice a googletagmanager.com/gtm.js request, suggesting they run Google Tag Manager alongside HubSpot. So the read is clear: a HubSpot-driven inbound operation (CRM, tracking and gated content) with GTM managing additional tags — a mature, lead-focused go-to-market. In a couple of minutes you have the platform, the portal ID and a sense of their motion.

What HubSpot reveals about a company

Finding HubSpot tells you more than a vendor name. It strongly signals an inbound, content-and-lead-driven go-to-market, very often B2B, where the company invests in capturing and nurturing leads rather than relying purely on paid acquisition. Because HubSpot is an all-in-one suite, its presence suggests sales-and-marketing alignment on a single platform, which is a meaningful operational signal. The depth of the footprint refines the read: a site with the full set — tracking, forms, CTAs, the analytics library, the consent banner — is running HubSpot as its core platform, while a site with only the forms library is using HubSpot more narrowly for lead capture. For a martech or CRM seller this is direct intelligence; for competitive research it sketches how a rival generates and manages demand. It is exactly the kind of technographic signal explored in what is technographics.

HubSpot CMS versus HubSpot bolted onto another site

A useful distinction is whether HubSpot is the CMS itself or merely bolted onto a site built elsewhere. When a site is hosted on the HubSpot CMS, you will often see HubSpot infrastructure in the asset paths and the page may be served from HubSpot's hosting, in addition to the tracking and forms. When HubSpot is bolted onto a WordPress, Webflow or custom site, the underlying CMS shows its own fingerprints (a /wp-content/ path for WordPress, for example) while HubSpot appears only as the tracking script, cookies and embedded forms. Telling the two apart matters for an accurate stack read: "this whole site runs on HubSpot CMS" is a different conclusion from "this WordPress site uses HubSpot for CRM and forms." Check the CMS fingerprints alongside the HubSpot ones, and report the combination rather than collapsing them into a single label.

How accurate is HubSpot detection?

Very accurate. The js.hs-scripts.com tracking script and the hubspotutk/__hstc/__hssc cookies are intrinsic to how HubSpot installs and are not used by unrelated tools, so confirming HubSpot is reliable. The forms (js.hsforms.net) and analytics (js.hs-analytics.net) domains are equally distinctive. The main nuances are scope and consent: detection sees which HubSpot components are live in your session, but if a consent banner blocks tracking until you accept, some cookies and scripts may not fire until you do — so interact with the consent prompt before concluding HubSpot is absent. And detection reliably names HubSpot without revealing how deeply the CRM is used behind the scenes. So "does this site use HubSpot?" is answerable with confidence; "how much of HubSpot's suite do they rely on?" is partly inference from the visible footprint. Confirm the script and cookies, capture the portal ID, and note which functions are in evidence.

The workflow

  1. Open the Network tab, filter for hs, and look for js.hs-scripts.com/PORTALID.js.
  2. Check Application > Cookies for hubspotutk, __hstc and __hssc.
  3. Look for forms (js.hsforms.net, hs-form markup) and the analytics library (js.hs-analytics.net).
  4. Capture the portal ID from the script URL to identify the account.
  5. Note the surrounding stack (CMS, GTM, other tools) for an accurate, honest read.

Go deeper

Want HubSpot, the marketing stack and full technology picture in one report? Analyse any site with StackOptic — free, no sign-up.

Frequently asked questions

How do I tell if a website uses HubSpot?

Open DevTools, go to the Network tab and reload — HubSpot loads its tracking script from js.hs-scripts.com, and that request is close to definitive. You can also check Application > Cookies for the hubspotutk and __hstc cookies, or View Source and search for hs-scripts, hsforms or hubspot. A HubSpot form embed (js.hsforms.net) is another clear tell. Any one of these signals confirms HubSpot with confidence.

What is the hubspotutk cookie?

The hubspotutk cookie is HubSpot's visitor token — a unique identifier HubSpot sets in the browser to recognise a visitor across sessions and tie their activity (page views, form submissions) back to a contact record in the CRM. Alongside it you will usually see __hstc and __hssc, which track the visitor's overall history and the current session. Finding hubspotutk in DevTools under Application > Cookies is a reliable sign that HubSpot's tracking code is installed.

How do I find a site's HubSpot portal ID?

The HubSpot portal ID (also called the Hub ID) is a numeric account identifier that appears in the tracking script's URL — the HubSpot snippet loads js.hs-scripts.com/PORTALID.js, where PORTALID is the number. It also shows up inside HubSpot cookies and form embeds. So once you have confirmed HubSpot in the Network tab or source, read the number in the hs-scripts URL to capture the specific portal, which identifies that particular HubSpot account.

Can a site use HubSpot for only part of its stack?

Yes, and it is common. A company might use HubSpot purely for forms and lead capture while running a different CMS, or use HubSpot's CRM and marketing tools while measuring traffic with Google Analytics 4 separately. So you may see HubSpot's tracking code and forms alongside other analytics and tag tools. Detect the full set rather than assuming HubSpot is the only platform, and note which functions it appears to cover.

Why would I want to know if a site uses HubSpot?

HubSpot is a strong technographic signal. For sales — especially martech, CRM or competing platforms — it identifies both the incumbent and a possible switching or integration opportunity. For competitive research, HubSpot points to an inbound, content-and-lead-driven, often B2B go-to-market motion. Combined with other detected tools, it helps gauge a company's marketing maturity and how sales and marketing are aligned, feeding directly into lead qualification and outreach targeting.

Analyse any website with StackOptic

Get the full technology stack, performance, security and SEO report in seconds — free.

Analyse a website

Related articles