How to hide technologies from Wappalyzer

Most web technologies, including server-side software such as CMSs, leave trails of evidence of their presence in websites' HTML code. This code is publicly accessible, which is necessary for browsers to render and display the page. Wappalyzer is known to be very proficient exposing these technologies through various fingerprinting methods.

Keeping your website secure

It may seem concerning that information about your website's technology stack is exposed. After all, hackers often target platforms with known vulnerabilities all the time. However, simply knowing what software is in use is not enough to hack a website: there has to be a known, unpatched vulnerability to exploit.

It's crucially important to keep your software up-to-date. Well-known CMSs and frameworks are usually actively maintained by a company or community of skilled developers who fix security issues regularly. No software is perfectly secure and a level of maintenance will always be required.

Relying on secrecy as the main method of security is a practice widely rejected by security experts. However, a level of obscurity can help deter malicious hackers.

Hiding server-side technologies

Application security, at least in this context, mainly applies to server-side technologies as this is where database interactions and business processes happen. They're also easier to hide. Obscuring client-side libraries is a futile effort in almost all cases as the source code has to be sent to the browser to interpret and will always be discoverable.

To hide a technology from Wappalyzer, it helps to first understand how it works and what Wappalyzer looks for. Luckily, Wappalyzer is open-source and its library of fingerprints is publicly viewable. Refer to the documentation for more information.

We'll go through a few examples below.

Hide PHP from Wappalyzer

PHP can be identified by looking for the .php file extension in URLs the default PHPSESSID cookie. Rewriting URLs and changing the name of the cookie can make PHP harder to detect.

php.net/manual/en/session.configuration.php#ini.session.name

Hide Laravel from Wappalyzer

The Laravel PHP framework can also be identified by inspecting a websites' cookies. It's possible to change the default cookie name to prevent this.

laravel.com/docs/session

Hide Apache or Nginx version number from Wappalyzer

The Apache and Nginx web servers can be identified by looking for the Server response header when requesting a web page. By default this includes the version number. To avoid this, you can disable server tokens in the configuration file.

nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
httpd.apache.org/docs/current/mod/core.html#servertokens

Conclusion

The information exposed by Wappalyzer is already public to anyone and hiding it does not make your website secure. In most cases hiding a technology's characteristics ranges from impractical to impossible but as long as your software is up-to-date, it's not something to worry about.

Install the free browser extension to see technologies used on websites you visit at glance.

Empower yours sales and marketing teams

Use our tools for lead generation, market analysis and competitor research.

Website profiling
Find out what websites are built with.
Lead generation
Find prospects by the technologies they use.
Market research
Compare market shares and technology trends.
Competitor analysis
Discover who uses competitors' software.
Data enrichment
Technology, company and contact information.
Custom reports
Create lists of websites and contacts.
Website monitoring
Monitor website technology changes.
Browser extension
See the technologies on websites you visit.
CRM integration
See the technologies of your leads.
Email verification
Improve delivery and mailing list quality.
API access
Instant and real-time technology lookups.
Security recon
Reveal web technologies and version numbers.
Apps

Wappalyzer works with the tools you use every day.

Chrome

See the technologies of websites you visit in your browser.

Firefox

See the technologies of websites you visit in your browser.

Edge

See the technologies of websites you visit in your browser.

Safari

See the technologies of websites you visit in your browser.

HubSpot

See the technology stacks of your leads in your CRM.

Pipedrive

See the technology stacks of your leads in your CRM.

Zapier

Connect Wappalyzer to the apps you use, no code required.

Integromat

Connect Wappalyzer to the apps you use, no code required.

Pabbly

Automated workflows and email marketing.

Gmail

See the technology stacks of your contacts in Gmail.

Android

Wappalyzer in your pocket.

Wappalyzer is trusted by thousands of professionals world-wide

Wappalyzer has proven to be a great tool to help us break down the aggregate analysis of how the web is doing by various technologies. Ilya Grigorik
Principal Engineer at Shopify
These days you need advanced marketing tools to stand out from the competition. Wappalyzer help us do just that. Thomas Alibert
Growth Engineer at PayFit
Wappalyzer is an integral part of our sales process, enabling us to optimise lead segmentation at scale. It’s a total game changer for our organisation. Roman Schweiger
Head of Business Development at Boomerank
Wappalyzer has been such a useful part of the HTTP Archive dataset. It's enabled us to slice the data in new ways and discover more interesting insights about the state of the web. Rick Viscomi
Senior DevRel Engineer at Google
Wappalyzer is helping our sales teams to understand prospects better and faster by having a clear view on their tech stack. Rabin Nuchtabek
Chief Growth Engineer at Skedify
Wappalyzer has been hugely valuable to slice performance data by the various detected applications at WebPageTest.org. Patrick Meenan
Engineering Fellow at Catchpoint

Subscribe to receive occasional product updates.