A recommended practice to security 'hardening' a Web site is to divulge as little architectual information as possible. For example, we suppress the X-Server HTTP header so you don't know what server we are using. We map '*.jsf' to something else so you can't tell we're using JSF.
However, one giveaway is that in org.apache.myfaces.renderkit.html.util.ExtensionsPhaseListener.java, method getCodeBeforeBodyEnd(), around line 111, there is the line:
Which would not give away we are using JSF.