How to hide technology from wappalyzer or builtwith in cloudflare?

Input my suggestions for cloudflare to provide a tool to not detect website technology so that websites are not easily imitated with the technology used by website owners.

Thanks advance

I am afraid this is not so possible as far for now, until, maybe, someone develops some Cloudflare app so a owner could install it and I do not know for sure what options to select to hide or alter it’s “source code” which is not being hosted on Cloudflare first?

  • this could go bad way like some sort of “injection” of the code directly, modifying it, and then serving to the visitor, etc. (I doubt Cloudflare would ever do something like this for this particular idea - as the question comes to my mind why should they spend and consume their’s server’s resourses for it?)

Also, there could be the cases where some abusing Websites could use it completly to mask most of them - if you want this, then I would suggest you to setup the and run a TOR Website over onion.

I saw the Web browser extensions for it to detect which technology the Website you are browsing is using “behind”.

Even not only Web browser extension, it’s a Website itself, here:

For example, when using Cloudflare, your server HTTP header becomes cloudflare (while it could be Apache, Nginx, etc.

If using jQuery, it’s easily detected “as is”.

There are few other ways to hide some HTTP headers like PHP one X-Powered-By, etc.

Nevertheless, if using WordPress, there are also some plugins which hides and removes meta tags (like generator, wlwmanifest, wp-json, xmlrpc, etc.), or even do some changes in the URL structure so you can hide your WordPress, etc.

Step 1. Bring your own IP address range to Cloudflare.
Step 2. Reduce the not-required headers to as few as possible.

Step 3. Hope people who write the tools R lazy.

In the 2000’s Cisco blocked a bunch of stuff to obfuscate your mail server version through their firewall. What it was easy to determine was you were behind a Cisco PIX. Were you sure it was Exchange or Lotus notes? Not until they sent you a non-deliverable report (NDR) and then it was obvious what the underlying MTA was. 2 for the price of 1.

Cloudflare obfuscates some data, but HTML is by design pretty transparent. If I want to clone you css the browser knows your css else it can’t render it.

1 Like

Maybe we are must know how configuration basically in server.

Example like www.securityheaders.com for knowing settings server is safety

Headers lookup data in server. May Be ( Strict-Transport-Security is key )

Thanks advance

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.