The StackOptic Blog

Practical guides on identifying website technologies, SEO and GEO, web performance and lead generation — from the team behind StackOptic.

Detecting whether a website is built with WooCommerce on WordPress
Tech Stack Guides

How to Tell if a Website Is Built with WooCommerce

WooCommerce is WordPress plus Woo: woocommerce-* body classes, a /wp-content/plugins/woocommerce/ path and wc-* cart scripts. Here is how to detect it.

25 May 202610 min read
How to create a security.txt file under RFC 9116
Web Security

How to Create a security.txt File

A practical guide to security.txt: the RFC 9116 file that tells security researchers how to report vulnerabilities. Fields, an example, and validation.

25 May 20268 min read
How design choices like imagery, video and fonts affect a website's energy use
Sustainability

How Do Design Choices Affect Website Energy Use?

Designers decide most of a page's energy use. Here is how imagery, video, fonts, animation, infinite scroll and dark mode drive energy — and what to do instead.

25 May 202610 min read
Detecting whether a website is built with the Bootstrap CSS framework and which version
Tech Stack Guides

How to Tell if a Website Uses Bootstrap (and Which Version)

Bootstrap leaves clear fingerprints: container/row/col-md-6 classes, bootstrap.min.css and data-bs-* attributes. Here is how to detect it and pin the version.

25 May 202610 min read
What cross-site scripting (XSS) is and how to prevent it
Web Security

What Is Cross-Site Scripting (XSS) and How to Prevent It

A defensive guide to cross-site scripting: the three types explained, plus the layered prevention that stops it — output encoding, CSP and framework escaping.

25 May 202611 min read
Detecting whether a website uses Google reCAPTCHA and which version
Tech Stack Guides

How to Tell if a Website Uses Google reCAPTCHA

Google reCAPTCHA leaves signals: a recaptcha/api.js script, a grecaptcha global and a g-recaptcha data-sitekey. Here is how to detect it and tell v2 from v3.

25 May 20269 min read
Detecting whether a website is built with the Ruby on Rails framework
Tech Stack Guides

How to Tell if a Website Is Built with Ruby on Rails

Rails runs server-side, but it leaves tells: a _session cookie, a csrf-token meta tag, fingerprinted /assets/ files and an X-Request-Id header. Here is how.

25 May 202610 min read
How to check a website for malware
Web Security

How to Check a Website for Malware

A practical guide to checking any website for malware: the free external scanners to use, the signs of infection, server-side checks, and what to do next.

25 May 20269 min read
Detecting whether a website is built with Magento or Adobe Commerce
Tech Stack Guides

How to Tell if a Website Is Built with Magento (Adobe Commerce)

Magento leaves clear fingerprints: /static/version*/ and /media/ paths, X-Magento cache headers and Magento_* RequireJS modules. Here is how to detect it.

25 May 20269 min read
Segmenting a B2B prospect list into relevant groups for tailored outreach
Lead Generation

How to Segment Your Prospect List

Segmenting your prospect list makes every message relevant: the dimensions that matter, building segments, mapping a message to each, and tech-stack segments.

25 May 20269 min read
Defining an ideal customer profile from firmographic, technographic and behavioural criteria
Lead Generation

What Is an Ideal Customer Profile (ICP) and How to Define It

An ICP describes the companies you should sell to: how it differs from a buyer persona, the criteria that define it, and how to build one from your customers.

25 May 202610 min read
Account-based marketing flipping the funnel to target named accounts
Lead Generation

What Is Account-Based Marketing (ABM) and How to Start

Account-based marketing explained: flip the funnel to target named accounts, the three ABM tiers, sales-marketing alignment, account selection, and measurement.

25 May 202611 min read
What an accessibility statement is and how to write one
Accessibility

What Is an Accessibility Statement and How to Write One

An accessibility statement declares your commitment, conformance level and known issues, and gives users a way to get help. Here is how to write a good one.

25 May 20269 min read
Local link building tactics for local SEO
Local SEO

What Is Local Link Building and How to Do It

Local links build geographically relevant prominence. Here is what local link building is, which tactics work, and how to earn quality links without spam.

25 May 20269 min read
Creating local landing pages that rank with unique content and schema
Local SEO

How to Create Local Landing Pages That Rank

Local landing pages target a place or service — but only rank if they are genuinely useful. How to build them right, with NAP, schema and real content.

25 May 20269 min read
How to build accessible forms with labels, grouping and clear error handling
Accessibility

How to Build Accessible Forms

Forms are where accessibility most often breaks. Here is how to label, group, validate and manage focus so everyone can complete them, with a checklist.

25 May 20269 min read
Eliminating render-blocking CSS and JavaScript to speed up first paint
Web Performance

What Is Render-Blocking and How to Eliminate It

Render-blocking CSS and synchronous JavaScript delay first paint. What it is, how to find it in Lighthouse, and how to eliminate it to improve FCP and LCP.

25 May 202610 min read
Search intent types and matching content format to what searchers want
SEO & GEO

What Is Search Intent and How to Optimize for It

Search intent is the goal behind a query. The four types, how to read the results page to infer intent, and how to match your content to what searchers want.

25 May 202610 min read
Testing website speed with PageSpeed Insights, Lighthouse and WebPageTest
Web Performance

How to Test Your Website Speed (Tools and Metrics)

Which tools to use, lab versus field data, and the metrics that matter. Test your site speed with PageSpeed Insights, Lighthouse, WebPageTest and DevTools.

25 May 202610 min read
What CORS is and how it works
Web Security

What Is CORS and How Does It Work?

A clear guide to CORS and the same-origin policy: simple vs preflight requests, the Access-Control headers, credentials, the wildcard pitfall, and risks.

25 May 20268 min read
Anchor text explained: the clickable words of a link and how to optimize them
SEO & GEO

What Is Anchor Text and How to Optimize It

Anchor text is the clickable words of a link. The five types, why descriptive anchors help users and crawlers, over-optimization risk and internal vs external.

25 May 20269 min read
Reducing server response time and TTFB with caching, query tuning and a CDN
Web Performance

How to Reduce Server Response Time

Slow server response time delays everything and hurts LCP. The real causes, from unindexed queries to no caching to distant origins, and how to fix each one.

25 May 202611 min read
What crawl budget is and how to optimize it on large websites
SEO & GEO

What Is Crawl Budget and How to Optimize It

Crawl budget is how much of your site Google will crawl. What crawl rate and demand mean, who needs to care, what wastes it, and how to optimize on big sites.

25 May 20269 min read
Detecting whether a website uses the Meta (Facebook) Pixel
Tech Stack Guides

How to Tell if a Website Uses the Meta (Facebook) Pixel

The Meta Pixel leaves clear signals: an fbevents.js script, an fbq('init') call, a _fbp cookie and tr beacons to facebook.com. Here is how to detect it.

25 May 202610 min read