Website security considerations when using a tag manager FAQ - Analytics Platform

When you install Matomo Tag Manager, users with admin access will be able to create custom HTML tags, triggers, and variables that may execute JavaScript on your website. These custom templates could be misused, for example, to steal sensitive information from users (known as XSS). You can optionally disable these custom templates under Administration > General Settings or restrict the usage to only super users.

Users with “write” access will be able to edit any Tag Manager container (tags, triggers, variables) but not any of the custom templates.

Next FAQ: Manage User Roles for Matomo Tag Manager

Feedback on this page