Hi @jnix284! Would you mind sharing what service you used to perform this SEO Audit so we can dig into this further to find out what they deem insecure about our meta tags?

@hroberts Alexa - it is weird, because it shows in their audit as 1 page, but then lists 243 instances (our total website, blog and landing pages). 

@hroberts I was able to find the meta tag in Google Search Console:

<meta name="generator" content="HubSpot">

Thanks @jnix284! I think Alexa is only flagging 1 out of 243 pages. Is it possible to find out which page of yours specifically is flagged? I think it's more likely an error with their crawler, but I'm happy to check out the page in question to make sure you're good.

@hroberts whenever I expand the list of pages, it pulls up all 243 pages of our website - starting with a handful of LPs on info. and #8 is our home page, followed by the rest of our site. It doesn't specifically identify a single page anywhere.

I can't figure out how this is not a more widespread issue for HubSpot COS users - it results in us receiving an 88/100 for site security on our audit, with no other items causing the score to drop. It would be a huge improvement for us - and all HubSpot COS users - if this meta description were removed by HubSpot.

Has this been resolved? Our team is running into the same issue. 

@znimtz I've worked with HubSpot support on this issue as well, they essentially told me that despite what Alexa says, this is not an issue, and we should just ignore it.....I was hoping this idea would gain more support to show them that their customers do care about security and that we would like for the generator meta tag to go away. 

The reason the audits say that it's a security risk is because it's revealing that the site is a HubSpot site. - the same applies when a wordpress site does the same meta tag but for wordpress.

The reason HubSpot says not to care - is because it doesn't matter if you remove the tag - you can still tell the site is hosted on HubSpot, there are hundreds of clues to that on every page.

Removal of this tag offers no more security benefit than taking the Tesla logo off of a Model S - everyone still knows it's a Tesla.

So removing this tag would do no more than make your automated tool happy.

Besides at the current point to a hacker - a site being a HubSpot site might be a slight deterrent because there's no way to break into the admin panel via hacks, no plugins to exploit, no insecure themes. It's not an open platform nor has a lot of well known security issues - so for most hackers it's not worth the effort.

Conversely there is no advantage in providing or exposing that meta tag.

Why even have it?  What value does it provide?

If not adding value why have the clutter and fewer bits to send.