When I search my problem I find this old question.
How to find out what technology a program is using?.
Its define how to show but not how to hide ? I have several asp.net sites .Some of my sites use CKEditor and others JavaScript Libraries.
when I type my url in :
its show :
Is there any web.config setting or another setting not to show technology or program used by my site.I search a lot but unable to find any thing.Any help would be much appreciated .Thanks.
By default ASP.NET shouts about itself a lot. It sends HTTP headers with each response telling the world and dog what version of ASP.NET your site is hosted on and even what version of MVC you are using. Below is an example of the extra headers needlessly being sent with every request:
To fix this problem you need to do a few things. The first is to set the enableVersionHeader setting on the httpRuntime section to false.
<!-- enableVersionHeader - Remove the ASP.NET version number from the response headers. Added security through obscurity. -->
<httpRuntime targetFramework="4.5" enableVersionHeader="false" />
Then you need to clear the custom headers as shown below.
<httpProtocol>
<customHeaders>
<!-- X-Powered-By - Remove the HTTP header for added security and a slight performance increase. -->
<clear />
</customHeaders>
</httpProtocol>
for more read this post: Securing the ASP.NET Web.config
And also there is project in github which called NWebsecand NWebsec lets you configure quite a few security headers, some are useful for most applications while others are a bit more specialized. Here's the project link:
Getting started with NWebsec.
In addition to obfuscating your scripts, your website may also give away information in the form of http headers and html meta tags. For example one of my sites shows these http response headers:
Server: Microsoft-IIS/8.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
These show my site is running iis8.5 and which .net version which is the first information shown on builtwith.com. Most if not all web servers have a way of suppressing these and of course you can control the meta tags.
Also the url can contain clues as well. If you have urls that end in .aspx, .jsp, .php that is a dead giveaway. You can solve this using SEF urls or by using some sort of url rewriter for whatever server technology you are using
Please, note that there are already exact same questions about it:
Nick says that if you're running apache, you can set your ServerTokens to Prod and set your ServerSignature to Off to remove the used modules from http requests. I hope you could find a similar property for your asp.net application.
Authentictech also says on behalf of gary that you can ask them to remove your sites from their lookup service on this link. Looking at that link, you (as a domain owner) can remove your sites' entries from their lookup index forever.
Su' says that there's a BuildWith's page that tells:
The technology has to be discoverable in either the page body, cookies or server headers.
It also mentions Security through obscurity, but concludes that (on a security point of view) the modules' security is much more important than hiding what you're using
Assuming that you are interested on general explanations (since there might be other builtwith-like sites doing similar things):
Those kind of applications probably analyzes also hints like the html structure, the html attributes, the html meta tags, the http headers, the built url and its file extensions, and the html view state, which enables it to analyze and (given a few technology-specific patterns/standards) infer which technologies you use like asp.net, jsf, and others. So, even you could some way really obfuscate the generated script, customize the built url, and handle the http headers, I think you won't be fully able to hide the used technologies due to html structure including its attributes, meta tags and view state controls.
