CODEWITHSUNDEEP
javascriptnode.jsmeteor
Athena Wisdom
Athena Wisdom

Reputation: 6871

Hide Signs that Meteor.js was Used

In order to design a blind test, how can a Meteor.js app hide signs that Meteor.js was used to build the site? PHP have a X-Powered-By header that can be removed, what hints do Meteor have?

Upvotes: 1

Views: 363

Answers (2)

Brad M
Brad M

Reputation: 7898

The amount of hacks you would need to go through to completely hide the fact your site is built by Meteor.js is absolutely ridiculous. You would have to strip essentially all core functionality and just serve straight up html, completely defeating the purpose of using the framework anyway.

That being said, I suggest looking at buildwith.com

You enter a url, and it reveals a ton of information about a site. If you only need to "fool" engines like this, there may be simple solutions.

Upvotes: 3

emgee
emgee

Reputation: 1234

A Meteor app does not, by default, add any X-Powered-By headers to HTTP responses, as you might find in various PHP apps. The headers look like:

$ curl -I https://atmosphere.meteor.com

HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
date: Tue, 31 Dec 2013 23:12:25 GMT
connection: keep-alive

However, this doesn't mask that Meteor was used. Viewing the source of a Meteor app will look very distinctive.

<script type="text/javascript">
__meteor_runtime_config__ = {"meteorRelease":"0.6.3.1","ROOT_URL":"http://atmosphere.meteor.com","serverId":"62a4cf6a-3b28-f7b1-418f-3ddf038f84af","DDP_DEFAULT_CONNECTION_URL":"ddp+sockjs://ddp--****-atmosphere.meteor.com/sockjs"};
</script>

If you're trying to avoid people being able to tell you are using Meteor even by viewing source, I don't think that's possible.

Upvotes: 0

Related Questions