Try builtwith.com, it will tell you everything it can find out about the platform the server is running on.

You can't always know for sure. Here's an example why. I can set apache to handle a specific extension any way I want. I can have php render a .html document which contains PHP.

All the user will see is they are served an HTML document (.html extension).

For the most part though, the extension can give you a hint, but also if there's dynamic content that's a good clue.

Depending on server settings—and if you are on Linux—you might be able to use the command line tool curl with the -I option to show headers like this; using Microsoft as an example:

curl -I www.microsoft.com/

The headers Microsoft returns are as follows:

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 1020
Content-Type: text/html
Last-Modified: Mon, 16 Mar 2009 20:35:26 GMT
Accept-Ranges: bytes
ETag: "67991fbd76a6c91:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 12 Oct 2014 08:28:11 GMT

So that line that reads X-Powered-By: ASP.NET? Well, I guess that answers that right? Well not really. While a server might be capable of using ASP.NET, it does not mean the page you are viewing is using ASP.NET.

And to make matters even more complicated, of course Microsoft would be using ASP.NET, right? But guess what? In the real world the majority of servers out there—at least the ones that are well managed—do not advertise any real details on the server software they use. This is called server hardening. For example, let’s look at the header output for the BBC website:

curl -I www.bbc.co.uk/

And the header output is this:

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html
Content-Language: en-GB
Etag: "1d86e04c393ac9be31d256305b22b59e"
X-PAL-Host: pal116.telhc.bbc.co.uk:80
Transfer-Encoding: chunked
Date: Sun, 12 Oct 2014 08:32:46 GMT
Connection: keep-alive
Set-Cookie: BBC-UID=d524632ae30c5a5eebfec61e915b62ab64b472f7c4b4e10e5ae1a4c76eacdbc00curl/7.30.0; expires=Thu, 11-Oct-18 08:32:46 GMT; path=/; domain=.bbc.co.uk
X-Cache-Action: HIT
X-Cache-Hits: 827
X-Cache-Age: 88
Cache-Control: private, max-age=0, must-revalidate
Vary: X-CDN

The only thing we can glean from that is that the BBC’s main website uses Apache. But that powers a good chunk of the web. Do we know what version of Apache? Do we know what scripting is behind the scenes? Nope. Not at all.

And this is intentional since the vast majority of malware/bot scripts out there troll the Internet looking for weaknesses in systems, right? Well what if the website basically advertised, “Hey! I am using this older version of Apache as well as an older version of PHP!” Well guess what? Now the malicious software knows exactly what buttons to push to gain access to weaknesses in the system. Nobody wants that. Thus the vast majority of well managed servers out there don’t advertise who/what they are.

Granted though, hardening might only slow down an attack. Meaning, let’s say there are 1,000 possible ways to attack a server. Sending detailed headers might narrow that down to 20, so a hacker can get in quicker. But a determined hacker might just let all 1,000 exploits try to get through. So it is not a fool-proof method of deterring attacks. But it is better than nothing.

Which is all to say that casual observers might never know what exactly runs a site. And if this frustrates you, well blame the world we live in where malicious bots/spiders are constantly probing the site. Their bad actions make life harder for the rest of us.