Google Tag Manager Include that Passes ModSecurity Rules in Apache

If you're using Google Tag Manager, you may notice that your site is becoming extremely slow or giving an error message.
If you're using Wordpress with the Wordfence plugin, you'll notice that Wordfence says the site is all clear, but when checking your error logs, you'll likely find something similar to the following:

[Thu Apr 20 20:54:18.774155 2017] [:error] [pid 296442:tid 140513210464000] [client IP] ModSecurity: Access denied with code 403 (phase 4). Pattern match "<[^a-zA-Z0-9_]{0,}iframe\\s+(?!src=\"//www\\.googletagmanager\\.com)[^>]{1,}?\\b(?:height|width)\\b[^a-zA-Z0-9_]{0,}?=[^a-zA-Z0-9_]{0,}?[\"']{0,1}[^\"'123456789]{0,}?(?:0123 {0,1}%|(?:1{0,1}0-9 {0,1}|20)(?![0-9%.]))" at RESPONSE_BODY. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/20_Outgoing_FilterInFrame.conf"] [line "14"] [id "214530"] [rev "3"] [msg "COMODO WAF: Possibly malicious iframe tag in output||www.domainname|F|4"] [data "Matched Data: <iframe src=\x22\x0aheight=\x220 found within RESPONSE_BODY: <!DOCTYPE html>\x0d\x0a<!--[if IE 6]>\x0d\x0a<html id=\x22ie6\x22 lang=\x22en-GB\x22 prefix=\x22og:>\x0d\x0a<![endif]-->\x0d\x0a<!--[if IE 7]>\x0d\x0a<html id=\x22ie7\x22 lang=\x22en-GB\x22 prefix=\x22og:>\x0d\x0a<![endif]-->\x0d\x0a<!--[if IE 8]>\x0d\x0a<html id=\x22ie8\x22 lang=\x22en-GB\x22 [hostname "www.domainname"] [uri "/index.php"] [unique_id "WPkD2X6S5T9dV8tjWI5Q3QAAANQ"]

At this point you have a few options:
1) Disable or remove the Google Tag Manager tool
2) Disable ModSecurity
3) Fix the file creating the issue

Option 1 will certainly resolve the issue, but you've incorporated Google Tag Manager for a reason and would likely prefer to keep it active.
Option 2 will also resolve the issue, but removing the firewall will make your site vulnerable to hacks and other seciruty risks.
Of course, we also implement imunify360 and another protection layer, so the risks are minimised - especially if you are using Wordfence too.
Option 3 will resolve the issue without having to quit Google Tag Manager or opening your site to real risks.

The standard GTM code looks as follows:
<!-- Google Tag Manager -->
<noscript><iframe src="//"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
<!-- End Google Tag Manager -->
A quick solution is to remove the "<noscript>" section entirely, but if you don't want to alter the functionality, we've found that the following code does work:
<!-- Google Tag Manager -->
<noscript><iframe src="//"
height="21" width="21" class ="noDisplay"></iframe></noscript>
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
<!-- End Google Tag Manager -->
You should also consider moving the visibility and display style information to an external stylesheet:
.noDisplay {
This will resolve the error message, and most your site will start to load normally again.
If your site is still loading slow, consider taking a look at how many external DNS look-ups your site is making (you can test this at
You should also ensure that all images on your site have been compressed, as uncompressed images take up a lot of space and will slow your site's loading time.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

508 Resource Limit Is Reached in cPanel Hosting

The error message "508 Resource Limit Is Reached" usually appears when your account is constantly...

508 error - Resource Limit Reached

Quote from Cloudlinux website: This error will report itself to end user as 508 error, "Resource...

LiteSpeed and max execution time causing script timeouts

You may experience an issue where web based scripts timeout before they complete, this can often...

I cannot access my website, I think it's not working

Sometimes, your website may become unreachable and it might not load properly for you. The first...

Why am I getting a BitNinja message when I try to access my website?

BitNinja is one of the security solutions we have active on Hostking platform. It detects IP...

Powered by WHMCompleteSolution