“X-Powered-By” is a common non-standard HTTP response header (most headers prefixed with an ‘X-‘ are non-standard). It’s often included by default in responses constructed via a particular scripting technology.
It’s important to note that it can be disabled and/or manipulated by the server. Some servers chose not to include it or even to provide misleading information to throw off hackers that might target a particular technology/version.
If I wanted to send out that response header in a PHP script it’s as simple as including the following code:
header(‘x-powered-by: ZendServer 8.5.0,ASP.NET’);
It cannot necessarily be trusted. The server in question could very well be using some combination of technologies you mentioned, or perhaps neither. It can be a helpful start, but there is no way to definitively tell what scripting software is being used on a server simply from an HTTP response.