Hide server-side technology information from the browser

Question

I have installed Wappalyzer add-on installed for Firefox browser. When I access my web application, it displays server-side technologies used. In this case it displays following information:

• Node.js (Programming language)
• Express (Web framework)
• Connect (Web framework)

I need to somehow hide these information from the browser/client for security purpose. So, could anyone shed some light on how I do this in node.js. Is there any configuration settings that I can change so that they won't send unnecessary information to the browser/client.

Update:

I used following code to prevent Express framework from sending 'x-powered-by' header:

app.disable('x-powered-by');

Even after this change, the server side stack information is being displayed.

Thanks.

Answer 1

After some testing, I was able to generate a working script to block this, and it wasn't difficult.

I posted it here and explained how it works.

https://gist.github.com/jesussuarz/1b3d93236fc9bae113076d3bb3ee7a84

Answer 2

For those with no custom server, add the following to next.config.js:

poweredByHeader: false

Answer 3

Apart from server side technology by PHP frameworks, change

expose_php = off

in your php.ini.

Answer 4

Finally its working. The app.disable('x-powered-by') did the trick. After clearing the cache Wappalyzer was not able to determine the server-side stack information.