Caddy
Caddy is a modern open-source web server known for automatic HTTPS and simple configuration, increasingly used as an origin server and reverse proxy. ScanMalware detects it from the server: Caddy response header.
Caddy’s automatic certificate issuance means even short-lived sites get valid HTTPS, so a trusted certificate behind Caddy is no guarantee of legitimacy. The server is neutral; the content determines the verdict.
Commonly deployed alongside Caddy
Of the 1,288 public scans where Caddy was detected, these are the technologies most often present on the same site. The share is the percentage of Caddy sites that also ran each one.
| Technology | Category | Share of Caddy sites |
|---|---|---|
| HTTP/3 | wappalyzer | 96.35% |
| Open-Graph-Protocol | miscellaneous | 28.73% |
| Google Analytics | wappalyzer | 28.49% |
| jsDelivr | wappalyzer | 27.95% |
| X-UA-Compatible | miscellaneous | 4.89% |
| PasswordField | miscellaneous | 3.11% |
| Ghost | cms | 2.56% |
| Meta-Refresh-Redirect | miscellaneous | 2.33% |
| HSTS | wappalyzer | 2.25% |
| jQuery | wappalyzer | 2.17% |
| Amazon Web Services | wappalyzer | 2.02% |
| Amazon CloudFront | wappalyzer | 1.94% |
| Google-Analytics | miscellaneous | 1.48% |
| PoweredBy | miscellaneous | 1.24% |
How ScanMalware detects Caddy
Caddy is detected by analysing the response headers, HTML markup, JavaScript runtime and asset URLs captured when ScanMalware loads the site in a real headless browser.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that Caddy is present, but how it is being used. Open the full search interface for Caddy →
Recent public scans featuring Caddy
A rolling sample of recent public scans where Caddy was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| gn-math http://u0sqwww.pl0jhgjj0hff0dbawhm.086550315031whm.srv592432juegosfacebook-zynga.gn-math.d… | 2026-05-17 |
| gn-math https://zz0xvuxx0vtss0qoo0mkjwhm.f0dbwhm.908658765siriuate.98765432juegosfacebook-zynga.gn… | 2026-05-17 |
| gn-math http://086604214325update.765432juegosfacebook-zynga.gn-math.dev/ | 2026-05-17 |
| gn-math http://whm.app32cbzhoupdate.32juegosfacebook-zynga.gn-math.dev/ | 2026-05-17 |
| Sign in to your account https://whm.whm.whm.whm.whm.whm.3-120-55-020.plesk.page/auth/oidc/azure | 2026-05-17 |
| gn-math http://i0gewhm.whm.whm.8769876544020whoupdate.32juegosfacebook-zynga.gn-math.dev/ | 2026-05-17 |
| gn-math http://whm.q0omlkjf0dbadcbmedilbvmg472update.65432admin.juegosfacebook-zynga.gn-math.dev/ | 2026-05-17 |
| gn-math https://r0pnwhm.mm0kihwhm.gg0ecwhm.658765siriuate.98765432juegosfacebook-zynga.gn-math.dev… | 2026-05-17 |
Frequently asked questions about Caddy
- Does using Caddy mean a website is unsafe?
- No. Caddy is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using Caddy can be perfectly safe or actively malicious.
- How many sites using Caddy has ScanMalware scanned?
- Caddy has been detected in 1,288 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with Caddy?
- Across scanned sites, Caddy is most often seen alongside HTTP/3, Open-Graph-Protocol and Google Analytics. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.