Alexa-rank complaining about insecure generator meta-tagUsage of meta tag “generator”What kind of information can websites collect about a user/client?Usage of meta tag “generator”Are Meta tags useful for SEO?Services using the “generator” meta tag for usage statsWhat do you do if you don't want to put a keyword in your title?Can microdata be used within META and custom tags?How to make your site visible on google searchIs leaving meta description tag empty beneficial?Website <head> section questionsDoes differing meta descriptions on pages that share a canonical tag harm SEO

In general, would I need to season a meat when making a sauce?

How to pull out the underlying query syntax being used by dataset?

Why were helmets and other body armour not commonplace in the 1800s?

What is the largest (size) solid object ever dropped from an airplane to impact the ground in freefall?

What are the real benefits of using Salesforce DX?

Ticket to ride, 1910: What are the big cities

Computing the matrix powers of a non-diagonalizable matrix

My employer faked my resume to acquire projects

How to respond to an upset student?

Would jet fuel for an F-16 or F-35 be producible during WW2?

Boss wants me to falsify a report. How should I document this unethical demand?

When and what was the first 3D acceleration device ever released?

Where is the logic in castrating fighters?

Is the Indo-European language family made up?

Is the Starlink array really visible from Earth?

Defining the standard model of PA so that a space alien could understand

Would Brexit have gone ahead by now if Gina Miller had not forced the Government to involve Parliament?

Simple fuzz pedal using breadboard

Line of lights moving in a straight line , with a few following

Is CD audio quality good enough?

Why do Ryanair allow me to book connecting itineraries through a third party, but not through their own website?

How to use Palladio font in text body but Computer Modern for Equations?

How to make a villain fall in love?

Is there a way to make it so the cursor is included when I prtscr key?



Alexa-rank complaining about insecure generator meta-tag


Usage of meta tag “generator”What kind of information can websites collect about a user/client?Usage of meta tag “generator”Are Meta tags useful for SEO?Services using the “generator” meta tag for usage statsWhat do you do if you don't want to put a keyword in your title?Can microdata be used within META and custom tags?How to make your site visible on google searchIs leaving meta description tag empty beneficial?Website <head> section questionsDoes differing meta descriptions on pages that share a canonical tag harm SEO






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















The Alexa-rank auditing tool is complaining about a generator meta-tag that is according to the HTML5 standard:



<meta name="generator" content="Company Name"> 


The Alexa Site Audit Report complains about this tag being insecure:




What is this topic about?
HTML tags . on your pages that expose information about the software used to build your site.



Why is this important?
Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website.




I've read comments from here and here, but it does not state why it may be insecure to use the generator meta-tag (it does say that it might be useless, but not insecure).










share|improve this question






























    3















    The Alexa-rank auditing tool is complaining about a generator meta-tag that is according to the HTML5 standard:



    <meta name="generator" content="Company Name"> 


    The Alexa Site Audit Report complains about this tag being insecure:




    What is this topic about?
    HTML tags . on your pages that expose information about the software used to build your site.



    Why is this important?
    Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website.




    I've read comments from here and here, but it does not state why it may be insecure to use the generator meta-tag (it does say that it might be useless, but not insecure).










    share|improve this question


























      3












      3








      3








      The Alexa-rank auditing tool is complaining about a generator meta-tag that is according to the HTML5 standard:



      <meta name="generator" content="Company Name"> 


      The Alexa Site Audit Report complains about this tag being insecure:




      What is this topic about?
      HTML tags . on your pages that expose information about the software used to build your site.



      Why is this important?
      Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website.




      I've read comments from here and here, but it does not state why it may be insecure to use the generator meta-tag (it does say that it might be useless, but not insecure).










      share|improve this question
















      The Alexa-rank auditing tool is complaining about a generator meta-tag that is according to the HTML5 standard:



      <meta name="generator" content="Company Name"> 


      The Alexa Site Audit Report complains about this tag being insecure:




      What is this topic about?
      HTML tags . on your pages that expose information about the software used to build your site.



      Why is this important?
      Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website.




      I've read comments from here and here, but it does not state why it may be insecure to use the generator meta-tag (it does say that it might be useless, but not insecure).







      security meta-tags






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited May 14 at 0:07









      unor

      19.1k33188




      19.1k33188










      asked May 13 at 17:40









      TheJamesTheJames

      183




      183




















          1 Answer
          1






          active

          oldest

          votes


















          3














          The tag itself is not insecure. It's just a tag in an HTML file.



          What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.



          Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)



          Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)




          What is a probe?



          Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.



          Examples:



          • Wordpress uses paths that include wp- as an introducer.

          • Drupal uses .../sites/<name>/files/...

          Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).



          So hiding the generator's tag makes no difference if you just have the name of the CMS in there.






          share|improve this answer

























          • You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.

            – Rob
            May 13 at 21:30











          • @Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.

            – Alexis Wilke
            May 13 at 23:22












          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "45"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwebmasters.stackexchange.com%2fquestions%2f122853%2falexa-rank-complaining-about-insecure-generator-meta-tag%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          3














          The tag itself is not insecure. It's just a tag in an HTML file.



          What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.



          Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)



          Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)




          What is a probe?



          Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.



          Examples:



          • Wordpress uses paths that include wp- as an introducer.

          • Drupal uses .../sites/<name>/files/...

          Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).



          So hiding the generator's tag makes no difference if you just have the name of the CMS in there.






          share|improve this answer

























          • You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.

            – Rob
            May 13 at 21:30











          • @Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.

            – Alexis Wilke
            May 13 at 23:22
















          3














          The tag itself is not insecure. It's just a tag in an HTML file.



          What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.



          Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)



          Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)




          What is a probe?



          Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.



          Examples:



          • Wordpress uses paths that include wp- as an introducer.

          • Drupal uses .../sites/<name>/files/...

          Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).



          So hiding the generator's tag makes no difference if you just have the name of the CMS in there.






          share|improve this answer

























          • You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.

            – Rob
            May 13 at 21:30











          • @Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.

            – Alexis Wilke
            May 13 at 23:22














          3












          3








          3







          The tag itself is not insecure. It's just a tag in an HTML file.



          What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.



          Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)



          Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)




          What is a probe?



          Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.



          Examples:



          • Wordpress uses paths that include wp- as an introducer.

          • Drupal uses .../sites/<name>/files/...

          Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).



          So hiding the generator's tag makes no difference if you just have the name of the CMS in there.






          share|improve this answer















          The tag itself is not insecure. It's just a tag in an HTML file.



          What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.



          Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)



          Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)




          What is a probe?



          Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.



          Examples:



          • Wordpress uses paths that include wp- as an introducer.

          • Drupal uses .../sites/<name>/files/...

          Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).



          So hiding the generator's tag makes no difference if you just have the name of the CMS in there.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited May 13 at 18:28

























          answered May 13 at 18:22









          Alexis WilkeAlexis Wilke

          1,876715




          1,876715












          • You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.

            – Rob
            May 13 at 21:30











          • @Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.

            – Alexis Wilke
            May 13 at 23:22


















          • You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.

            – Rob
            May 13 at 21:30











          • @Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.

            – Alexis Wilke
            May 13 at 23:22

















          You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.

          – Rob
          May 13 at 21:30





          You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.

          – Rob
          May 13 at 21:30













          @Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.

          – Alexis Wilke
          May 13 at 23:22






          @Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.

          – Alexis Wilke
          May 13 at 23:22


















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Webmasters Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwebmasters.stackexchange.com%2fquestions%2f122853%2falexa-rank-complaining-about-insecure-generator-meta-tag%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

          Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

          What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company