Drupal - How can I obscure what I am using to run my site?

You can't hide it completely. Most of what's needed to do it, would require hacking core. The biggest tell, is the Drupal JavaScript variable which is readable from the front page, or any page for that matter.

If you want to improve your sites security by hiding that it's a Drupal site, your effort is better spent on code reviews than it is on trying to hide the fact that the site is made with Drupal.

This is an old and already answered question, but I recently put some effort into writing up a description of all the things you would need to change:

• Remove the meta generator for Drupal 7
• Remove tell-tale-text like CHANGELOG.txt
• Check the Expires header
• Walking directories for HTTP 200/404/403 status codes
• Look for default text messages - tweak all user-facing messages
• Look at the HTML - default html from core and modules is a telltale sign

Basically: it might technically be possible to hide the fact that your site runs Drupal, but you would spend so much time on it that it's not worth it. You should instead focus on making it secure and on secure operations (e.g. the ability to deploy updates quickly, monitoring logs, etc.).

It's too easy to do, kiam!

• Use a reverse proxy or customize your http daemon to filter the annoying Drupal http header
• Deny http access to any Drupal default folders
• Use PHP output buffering to rewrite and obscure your HTML source, remove unnecessary data
• Use url alias or custom_url_rewrite_in/outbound to make your URLs a mess
• Change the default 404 error, remove/change update.php
• Make any other changes if someone finds out

And last but not least, make sure that your site is so simple that does not require JS or CSS for normal behaviors (don't use Views or Ctools...), does not support user authentication, etc. that means your site should be as simple as a static html site.

Ok, all that to make people believe that your site does not run Drupal. Anyway, security by obscurity is useless.