prevent builtwith.com showing what my site is built with

Question

Is there a way to mask my real server technology say from PHP to show up as Python when checked by sites like http://builtwith.com? Or at least to not show anything at all?

Answer 1

Assuming you're using apache, you can change the default "tell all" behaviour with the ServerTokens and ServerSignature directives:

ServerTokens Prod
ServerSignature Off

This'll remove identifying marks from error pages, and only return the server name with HTTP requests, instead of all of your installed modules. Here's an example with ServerTokens commented out:

14:45:52 bartley:~ > curl -I http://www.test.com
HTTP/1.1 200 OK
Date: Mon, 16 May 2011 13:54:48 GMT
Server: Apache/2.2.15 (EL) DAV/2 PHP/5.2.16 mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_perl/2.0.4 Perl/v5.8.8
Accept-Ranges: bytes
Content-Length: 16457
Cache-Control: max-age=300, must-revalidate
Expires: Mon, 16 May 2011 13:59:48 GMT
Vary: Accept-Encoding,Cookie
Connection: close
Content-Type: text/html; charset=UTF-8

..and here's one with it set to Prod:

14:44:25 bartley:~ > curl -I http://www.test.com
HTTP/1.1 200 OK
Date: Mon, 16 May 2011 13:54:19 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 16457
Cache-Control: max-age=300, must-revalidate
Expires: Mon, 16 May 2011 13:59:19 GMT
Vary: Accept-Encoding,Cookie
Connection: close
Content-Type: text/html; charset=UTF-8

EDIT: As @Marc points out, there is also a HTTP header that PHP can add an X-Powered-By header to. This can be disabled by adding expose_php = Off in your php.ini.