I was wondering, is their a way to know the the type of webserver a website is using ? I mean can we do it using some kind of headers?

The "Server" response header will usually tell you but may omit a specific version depending on configuration.

Use "curl -I whatever.com" to send a HEAD request and look at the headers in the response.

You can also try Nmap, but apparently it's not able to tell too much if the server doesn't reply with a header:

  nmap -T5 -sV --version-all -p 80,443 www.google.com
  Starting Nmap 6.00 ( http://nmap.org ) at 2015-04-16 03:02 CEST
  Nmap scan report for www.google.com (80.202.12.244)
  Host is up (0.0015s latency).
  Other addresses for www.google.com (not scanned): 
  (...)
  rDNS record for 80.202.12.244: cache.google.com
  PORT    STATE SERVICE  VERSION
  80/tcp  open  http     Google httpd 2.0 (GFE)
  443/tcp open  ssl/http Google httpd 2.0 (GFE)
  Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Apparently stackoverflow (well know user of .net stack) is "unknown", but microsoft.com gives:

  nmap -T5 -sV --version-all -p 80,443 microsoft.com

  Starting Nmap 6.00 ( http://nmap.org ) at 2015-04-16 03:05 CEST
  Nmap scan report for microsoft.com (134.170.188.221)
  Host is up (0.18s latency).
  Other addresses for microsoft.com (not scanned): 
    134.170.185.46
  rDNS record for 134.170.188.221:  
    microsoftproductionstudios.org
  PORT    STATE SERVICE  VERSION
  80/tcp  open  http     Microsoft IIS httpd 8.5
  443/tcp open  ssl/http Microsoft IIS httpd 8.5
  Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

I didn't look to carefully at the so-output -- maybe there's a funky loadbalancer in front or something.

Tested against three servers, one patched and two not. Small test but it correctly identified which was which.

What did it say for the ones not vulnerable?

<sitename> is vulnerable.