Alexa-rank complaining about insecure generator meta-tagUsage of meta tag “generator”What kind of information can websites collect about a user/client?Usage of meta tag “generator”Are Meta tags useful for SEO?Services using the “generator” meta tag for usage statsWhat do you do if you don't want to put a keyword in your title?Can microdata be used within META and custom tags?How to make your site visible on google searchIs leaving meta description tag empty beneficial?Website <head> section questionsDoes differing meta descriptions on pages that share a canonical tag harm SEO
In general, would I need to season a meat when making a sauce?
How to pull out the underlying query syntax being used by dataset?
Why were helmets and other body armour not commonplace in the 1800s?
What is the largest (size) solid object ever dropped from an airplane to impact the ground in freefall?
What are the real benefits of using Salesforce DX?
Ticket to ride, 1910: What are the big cities
Computing the matrix powers of a non-diagonalizable matrix
My employer faked my resume to acquire projects
How to respond to an upset student?
Would jet fuel for an F-16 or F-35 be producible during WW2?
Boss wants me to falsify a report. How should I document this unethical demand?
When and what was the first 3D acceleration device ever released?
Where is the logic in castrating fighters?
Is the Indo-European language family made up?
Is the Starlink array really visible from Earth?
Defining the standard model of PA so that a space alien could understand
Would Brexit have gone ahead by now if Gina Miller had not forced the Government to involve Parliament?
Simple fuzz pedal using breadboard
Line of lights moving in a straight line , with a few following
Is CD audio quality good enough?
Why do Ryanair allow me to book connecting itineraries through a third party, but not through their own website?
How to use Palladio font in text body but Computer Modern for Equations?
How to make a villain fall in love?
Is there a way to make it so the cursor is included when I prtscr key?
Alexa-rank complaining about insecure generator meta-tag
Usage of meta tag “generator”What kind of information can websites collect about a user/client?Usage of meta tag “generator”Are Meta tags useful for SEO?Services using the “generator” meta tag for usage statsWhat do you do if you don't want to put a keyword in your title?Can microdata be used within META and custom tags?How to make your site visible on google searchIs leaving meta description tag empty beneficial?Website <head> section questionsDoes differing meta descriptions on pages that share a canonical tag harm SEO
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
The Alexa-rank auditing tool is complaining about a generator meta-tag that is according to the HTML5 standard:
<meta name="generator" content="Company Name">
The Alexa Site Audit Report complains about this tag being insecure:
What is this topic about?
HTML tags . on your pages that expose information about the software used to build your site.
Why is this important?
Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website.
I've read comments from here and here, but it does not state why it may be insecure to use the generator meta-tag (it does say that it might be useless, but not insecure).
security meta-tags
edited May 14 at 0:07
unor
19.1k33188
asked May 13 at 17:40
TheJamesTheJames
183
add a comment |
The Alexa-rank auditing tool is complaining about a generator meta-tag that is according to the HTML5 standard:
<meta name="generator" content="Company Name">
The Alexa Site Audit Report complains about this tag being insecure:
What is this topic about?
HTML tags . on your pages that expose information about the software used to build your site.
Why is this important?
Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website.
I've read comments from here and here, but it does not state why it may be insecure to use the generator meta-tag (it does say that it might be useless, but not insecure).
security meta-tags
edited May 14 at 0:07
unor
19.1k33188
asked May 13 at 17:40
TheJamesTheJames
183
add a comment |
The Alexa-rank auditing tool is complaining about a generator meta-tag that is according to the HTML5 standard:
<meta name="generator" content="Company Name">
The Alexa Site Audit Report complains about this tag being insecure:
What is this topic about?
HTML tags . on your pages that expose information about the software used to build your site.
Why is this important?
Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website.
I've read comments from here and here, but it does not state why it may be insecure to use the generator meta-tag (it does say that it might be useless, but not insecure).
security meta-tags
edited May 14 at 0:07
unor
19.1k33188
asked May 13 at 17:40
TheJamesTheJames
183
The Alexa-rank auditing tool is complaining about a generator meta-tag that is according to the HTML5 standard:
<meta name="generator" content="Company Name">
The Alexa Site Audit Report complains about this tag being insecure:
What is this topic about?
HTML tags . on your pages that expose information about the software used to build your site.
Why is this important?
Insecure meta tags on your website provide information about the underlying software (such as Wordpress) that could help someone attack or compromise your website.
I've read comments from here and here, but it does not state why it may be insecure to use the generator meta-tag (it does say that it might be useless, but not insecure).
security meta-tags
security meta-tags
edited May 14 at 0:07
unor
19.1k33188
asked May 13 at 17:40
TheJamesTheJames
183
edited May 14 at 0:07
unor
19.1k33188
asked May 13 at 17:40
TheJamesTheJames
183
edited May 14 at 0:07
unor
19.1k33188
edited May 14 at 0:07
unor
19.1k33188
edited May 14 at 0:07
unor
19.1k33188
19.1k33188
asked May 13 at 17:40
TheJamesTheJames
183
asked May 13 at 17:40
TheJamesTheJames
183
asked May 13 at 17:40
TheJamesTheJames
183
183
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The tag itself is not insecure. It's just a tag in an HTML file.
What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.
Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)
Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)
What is a probe?
Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.
Examples:
- Wordpress uses paths that include
wp-as an introducer. - Drupal uses
.../sites/<name>/files/...
Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).
So hiding the generator's tag makes no difference if you just have the name of the CMS in there.
answered May 13 at 18:22
Alexis WilkeAlexis Wilke
1,876715
You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.
– Rob
May 13 at 21:30
@Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.
– Alexis Wilke
May 13 at 23:22
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "45"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwebmasters.stackexchange.com%2fquestions%2f122853%2falexa-rank-complaining-about-insecure-generator-meta-tag%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The tag itself is not insecure. It's just a tag in an HTML file.
What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.
Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)
Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)
What is a probe?
Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.
Examples:
- Wordpress uses paths that include
wp-as an introducer. - Drupal uses
.../sites/<name>/files/...
Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).
So hiding the generator's tag makes no difference if you just have the name of the CMS in there.
answered May 13 at 18:22
Alexis WilkeAlexis Wilke
1,876715
You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.
– Rob
May 13 at 21:30
@Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.
– Alexis Wilke
May 13 at 23:22
add a comment |
The tag itself is not insecure. It's just a tag in an HTML file.
What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.
Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)
Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)
What is a probe?
Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.
Examples:
- Wordpress uses paths that include
wp-as an introducer. - Drupal uses
.../sites/<name>/files/...
Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).
So hiding the generator's tag makes no difference if you just have the name of the CMS in there.
answered May 13 at 18:22
Alexis WilkeAlexis Wilke
1,876715
You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.
– Rob
May 13 at 21:30
@Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.
– Alexis Wilke
May 13 at 23:22
add a comment |
The tag itself is not insecure. It's just a tag in an HTML file.
What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.
Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)
Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)
What is a probe?
Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.
Examples:
- Wordpress uses paths that include
wp-as an introducer. - Drupal uses
.../sites/<name>/files/...
Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).
So hiding the generator's tag makes no difference if you just have the name of the CMS in there.
answered May 13 at 18:22
Alexis WilkeAlexis Wilke
1,876715
The tag itself is not insecure. It's just a tag in an HTML file.
What it does, though, is provide direct/immediate information about your the software you are using and thus can be used by hackers to select which of their hacking system to use to penetrate your system.
Without that information they would have to run probes and it could take a long time. Also with advanced web firewalls, you could detect such probes and block the IP address (Some people say blocking IPs is not a good idea, my experience is that it works wonders.)
Note that a tag which only gives a name is rather safe (i.e. content="Wordpress"). If the tag includes the name, version, build date, etc. then it becomes really easy (i.e. content="Wordpress 1.2.3 May 13, 2019"). So in your example, it is perfectly safe. Especially if your generator is proprietary and you use it for one or two websites (opposed to Wordpress which is used for million of websites.)
What is a probe?
Whenever you access a website you can detect which CMS was used to generate it by looking at the HTML contents.
Examples:
- Wordpress uses paths that include
wp-as an introducer. - Drupal uses
.../sites/<name>/files/...
Every single CMS is going to do the same sort of thing for all the websites that use them. However, detecting the version is harder. You have subtle differences which will tell you but it makes the hacker's life more interesting (to my point of view--but read harder).
So hiding the generator's tag makes no difference if you just have the name of the CMS in there.
answered May 13 at 18:22
Alexis WilkeAlexis Wilke
1,876715
edited May 13 at 18:28
answered May 13 at 18:22
Alexis WilkeAlexis Wilke
1,876715
answered May 13 at 18:22
Alexis WilkeAlexis Wilke
1,876715
answered May 13 at 18:22
Alexis WilkeAlexis Wilke
1,876715
1,876715
You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.
– Rob
May 13 at 21:30
@Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.
– Alexis Wilke
May 13 at 23:22
add a comment |
You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.
– Rob
May 13 at 21:30
@Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.
– Alexis Wilke
May 13 at 23:22
You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.
– Rob
May 13 at 21:30
You forgot to mention the tag use, in this case, is useless clutter and should be removed for that reason alone.
– Rob
May 13 at 21:30
@Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.
– Alexis Wilke
May 13 at 23:22
@Rob, well, it's like a copyright notice. Nearly no one read those... but we still stick them at the bottom of our pages. But I agree that even less people are going to read the HTML and see the "generator" info.
– Alexis Wilke
May 13 at 23:22
add a comment |
Thanks for contributing an answer to Webmasters Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fwebmasters.stackexchange.com%2fquestions%2f122853%2falexa-rank-complaining-about-insecure-generator-meta-tag%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
