Website security considerations when using a tag manager FAQ - Tag Manager

When you install Matomo Tag Manager, users with admin access will be able to create custom HTML tags, triggers, and variables that may execute JavaScript on your website. These custom templates could be misused, for example, to steal sensitive information from users (known as XSS). You can optionally disable these custom templates under « Administration => General Settings » or restrict the usage to only super users.

Users with « write » access will be able to edit any Tag Manager container (tags, triggers, variables) but not any of the custom templates.

Next FAQ: How do I block custom templates that let Matomo admins run JavaScript on the website like “Custom HTML” or “Custom JS Function”?

Feedback on this page