Home > Software design >  How to hide website information on Wappalyzer
How to hide website information on Wappalyzer

Time:02-19

I have a website written in Laravel 5.8 and when I search my website info on wappalyzer.com website, I can see all the entire information of my website there.

And this is not good due to OWASP security test. So I'm looking for a way to hide the information of my website on wappalyzer.com .

So here is the official suggestion for Laravel based websites:

Hide Laravel from Wappalyzer

The Laravel PHP framework can also be identified by inspecting a websites' cookies. It's possible to change the default cookie name to prevent this.

laravel.com/docs/session

But I don't get what it means by changing default cookie names!

So if you know, please help me out with this and I would really appreciate that...

CodePudding user response:

Laravel uses the env's APP_NAME in the cookie name. By default the APP_NAME is "Laravel" so your cookie name will be "laravel_session". You can go ahead and change your app name in your .env file. You can also change the session part if you edit your config/session.php file or by adding SESSION_COOKIE to your env.

CodePudding user response:

in the config/session.php

The cookie created here:

'cookie' => env( 'SESSION_COOKIE', Str::slug(env('APP_NAME', 'laravel'), '_').'_session' ),

So, you just need to change the APP_NAME in .env

And dont forget the php artisan optimize to clear the cache

  • Related