insecure meta tag - HubSpot

We are getting an error in our SEO Audit that we have an insecure meta tag on every single page (we use HubSpot COS). 

 

The note says, "Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website."

 

The suggestion is to remove the meta tag. 

 

This is not an option in the COS settings, but I can't understand why it wouldn't be or why HubSpot would include an insecure tag when they are so focused on SEO.

HubSpot updates
10 Replies
HubSpot Product Team
HubSpot Product Team

Hi @jnix284! Would you mind sharing what service you used to perform this SEO Audit so we can dig into this further to find out what they deem insecure about our meta tags?

jnix284
Esteemed Contributor

@hroberts Alexa - it is weird, because it shows in their audit as 1 page, but then lists 243 instances (our total website, blog and landing pages). 

 

Security_MetaInformation_Oct6.jpg

jnix284
Esteemed Contributor

@hroberts I was able to find the meta tag in Google Search Console:

 

<meta name="generator" content="HubSpot">

HubSpot Product Team
HubSpot Product Team

Thanks @jnix284! I think Alexa is only flagging 1 out of 243 pages. Is it possible to find out which page of yours specifically is flagged? I think it's more likely an error with their crawler, but I'm happy to check out the page in question to make sure you're good.

jnix284
Esteemed Contributor

@hroberts whenever I expand the list of pages, it pulls up all 243 pages of our website - starting with a handful of LPs on info. and #8 is our home page, followed by the rest of our site. It doesn't specifically identify a single page anywhere.

jnix284
Esteemed Contributor

I can't figure out how this is not a more widespread issue for HubSpot COS users - it results in us receiving an 88/100 for site security on our audit, with no other items causing the score to drop. It would be a huge improvement for us - and all HubSpot COS users - if this meta description were removed by HubSpot.

znimtz
New Contributor

Has this been resolved? Our team is running into the same issue. 

jnix284
Esteemed Contributor

@znimtz I've worked with HubSpot support on this issue as well, they essentially told me that despite what Alexa says, this is not an issue, and we should just ignore it.....I was hoping this idea would gain more support to show them that their customers do care about security and that we would like for the generator meta tag to go away. 

Jon_McLaren Esteemed Contributor | Platinum Partner
Esteemed Contributor | Platinum Partner

The reason the audits say that it's a security risk is because it's revealing that the site is a HubSpot site. - the same applies when a wordpress site does the same meta tag but for wordpress.

The reason HubSpot says not to care - is because it doesn't matter if you remove the tag - you can still tell the site is hosted on HubSpot, there are hundreds of clues to that on every page.

Removal of this tag offers no more security benefit than taking the Tesla logo off of a Model S - everyone still knows it's a Tesla.

So removing this tag would do no more than make your automated tool happy.

Besides at the current point to a hacker - a site being a HubSpot site might be a slight deterrent because there's no way to break into the admin panel via hacks, no plugins to exploit, no insecure themes. It's not an open platform nor has a lot of well known security issues - so for most hackers it's not worth the effort.

GordonRT
New Contributor

Conversely there is no advantage in providing or exposing that meta tag.

Why even have it?  What value does it provide?

If not adding value why have the clutter and fewer bits to send.