Express
Express is the most widely used web framework for Node.js, powering a large share of JavaScript-based backends and APIs. It is commonly identified from the X-Powered-By: Express response header.
That header is informational only and often left at its default; it confirms a Node.js backend but says nothing about the security of the application built on top of it.
Commonly deployed alongside Express
Of the 4,661 public scans where Express was detected, these are the technologies most often present on the same site. The share is the percentage of Express sites that also ran each one.
| Technology | Category | Share of Express sites |
|---|---|---|
| Node.js | wappalyzer | 99.98% |
| HTTP/3 | wappalyzer | 64.55% |
| Google Analytics | wappalyzer | 58.57% |
| Ubuntu | wappalyzer | 45.21% |
| Unpkg | wappalyzer | 43.81% |
| HSTS | wappalyzer | 26.61% |
| Open-Graph-Protocol | miscellaneous | 22.17% |
| Cloudflare | wappalyzer | 22.13% |
| Cloudflare Bot Management | wappalyzer | 21.32% |
| Google Tag Manager | wappalyzer | 11.22% |
| X-UA-Compatible | miscellaneous | 10.4% |
| React | wappalyzer | 9.8% |
| Substack | wappalyzer | 9.22% |
| Facebook Pixel | wappalyzer | 8.32% |
How ScanMalware detects Express
Express is detected by analysing the response headers, HTML markup, JavaScript runtime and asset URLs captured when ScanMalware loads the site in a real headless browser.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that Express is present, but how it is being used. Open the full search interface for Express →
Recent public scans featuring Express
A rolling sample of recent public scans where Express was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| Iowa 511 Travel Information Map https://www.511ia.org | 2026-06-16 |
| https://parseapi.back4app.com | 2026-06-16 |
| Литрес – сервис электронных и аудиокниг, скачать в fb2 и mp3, читать и слушать онлайн на Litres https://partnersdnld.litres.ru | 2026-06-16 |
| Luxury Travel Agents & Hotel Experts | Luxury Holidays From Destinology https://destinology.co.uk | 2026-06-16 |
| Unione Montana Appennino Parma Est https://www.unionemontanaparmaest.it | 2026-06-16 |
| Teatro del Giglio Giacomo Puccini di Lucca - Teatro di tradizione dal 1985 https://www.teatrodelgiglio.it | 2026-06-16 |
| Comune di Treviso - Home https://www.comune.treviso.it | 2026-06-15 |
| Records Request Management (GovQA) | Granicus https://corpuschristitx.mycusthelpadmin.com | 2026-06-15 |
Frequently asked questions about Express
- Does using Express mean a website is unsafe?
- No. Express is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using Express can be perfectly safe or actively malicious.
- How many sites using Express has ScanMalware scanned?
- Express has been detected in 4,661 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with Express?
- Across scanned sites, Express is most often seen alongside Node.js, HTTP/3 and Google Analytics. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.