Question from Jenny Syed: Why hub.callback unguessable, what security is this adding/what threat is this mitigating? Answer: The main reason for this is to comply with WebSub:  https://www.w3.org/TR/websub/#subscriber-sends-subscription-request " hub.callback REQUIRED . The subscriber's callback URL where content distribution notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription. ( ??[capability-urls ) " The reason for this to be unguessable is to controll access to the URL, where using an ubscure unguessable URL reduces unintended access. One could argue that the hub.secret should prevent unauthorised use, but using ubscure URLs are good practice for "capability URLs"