fabiodalez

Glad you got it working — and thank you for the clear feedback. The field name “Whitelisted URL Patterns” only hints at URLs, so figuring out that a bare class name works there is not obvious at all.

Good news: the naming and description have already been updated in the next release. The field will be renamed “Script Blocking Exceptions” and the description will explicitly list the three types of values it accepts — URL fragments (with dots or slashes), script id attributes, and CSS class names — with a concrete example for each. No one should have to guess anymore.

On your suggestion for a faz-skip class: i like it and I’m going to implement it. The idea is that adding class=”faz-skip” to any script tag will always exclude it from blocking — no settings page required, no whitelist entry needed. Something like:

<script class=”faz-skip”>
// this script will never be blocked by FAZ, regardless of its content

This is a zero-configuration escape hatch for developers: add the class in your theme or plugin template, done. It also makes the intent explicit right in the HTML source — anyone reading the markup immediately knows the script is intentionally excluded.

I’ll document it in the Script Blocking section of the settings page so future users see it before they go looking for the whitelist.

Thanks again for the suggestion — this will save a lot of people the same confusion. 🙂

Hi @rwky!

FAZ blocks scripts by scanning the page HTML and matching script tags against a database of known trackers and cookie providers. If your inline script contains a string that matches a known provider pattern — for example a tracking variable like fbq( or gtag( — FAZ will block it even if the script itself is not a tracker.

Here is a typical example of the problem. Say you have a product configuration script like this:

FAZ might block this script because the text “facebook.com” or “youtube.com” appears inside it, even though the script is just passing data — it is not running any Facebook or YouTube tracker code at all.

There are two ways to resolve this.

OPTION A — WHITELIST THE SCRIPT BY ID (works right now)

Step 1 — Add an id to your inline script tag:

Step 2 — Add that id to the FAZ exception list.

Go to FAZ Cookie Manager → Settings → Script Blocking. You will see a textarea called “Script Blocking Exceptions”. Add the id you chose, one per line:

my-product-config

Save the settings.

How the field works: patterns without dots or slashes are matched against the script’s id and class attributes. Patterns with dots or slashes (e.g. googleapis.com/maps) are URL fragments matched against the src attribute instead. Since your script has no src, a bare id handle is the correct format.

Step 3 — Clear your cache.

If you are running a caching plugin (LiteSpeed Cache, WP Rocket, W3 Total Cache, etc.), clear the full page cache after saving. FAZ’s blocking runs in PHP during page generation — cached pages will not reflect the new exception until the cache is invalidated.

After clearing the cache, reload the page: the script should now execute normally.

OPTION B — WAIT FOR THE NEXT FAZ RELEASE (will fix the root cause automatically)

A fix for this class of false positives is already merged and will ship in the next FAZ release. The change: URL-fragment patterns (e.g. facebook.com, youtu.be) will only match against a script’s src attribute, never against inline text content. Code-level tracking signatures (fbq(, gtag(, _gaq) will still match inline content as before.

If your script is being blocked because it references a tracker domain inside data (not because it actually runs tracker code), updating FAZ when the next version is out will resolve the false positive automatically — no whitelist entry needed.

The same release will also rename the Settings field from “Whitelisted URL Patterns” to “Script Blocking Exceptions” with a clearer description explaining that script IDs and handles are accepted alongside URL fragments.

IF YOU CANNOT MODIFY THE SCRIPT TAG

If the script is rendered by a third-party plugin and you cannot add an id attribute, try injecting it via your theme’s functions.php:

add_filter( ‘script_loader_tag’, function( $tag, $handle ) {
if ( $handle === ‘your-plugin-handle’ ) {
return str_replace( ‘<script ‘, ‘<script id=”my-product-config” ‘, $tag );
}
return $tag;
}, 10, 2 );

Note: this filter only applies to scripts enqueued via wp_enqueue_script(). Truly raw inline scripts echoed directly in a template cannot be intercepted this way — in that case, look for a plugin hook or edit the template directly.

Let me know what your script looks like and I can confirm which approach applies to your case!

Hi @dieterj, great question!

FAZ Cookie Manager ships with built-in Google Consent Mode v2 support via its gcm.js module, so you don’t need a dedicated GTM Community Template to make consent signals work — the plugin pushes them natively to the dataLayer automatically.HOW FAZ SENDS CONSENT SIGNALSWhen a visitor lands on your site, FAZ immediately fires a default consent state (denied for everything, or your configured defaults) to the dataLayer.

When the visitor accepts or rejects cookies, FAZ fires an update. GTM picks this up automatically — no extra template needed.

GTM SETUP FOR GA4 + GOOGLE ADSFirst, in GTM go to Admin → Container Settings and enable “Enable consent overview (beta)”. This lets you see and manage consent checks per tag.For the GA4 Configuration tag, use “Consent Initialization – All Pages” as the trigger, and in the tag’s Consent Settings require analytics_storage.

With Consent Mode active, GA4 will still fire on page load but will model conversions for users who denied consent (no PII collected). This is the recommended setup for GDPR compliance.For Google Ads Conversion Tracking, require ad_storage and ad_user_data in the consent settings. For Google Ads Remarketing, also require ad_personalization.

FAZ ADMIN SETTINGS TO CHECK

Go to FAZ Cookie Manager → Google Consent Mode in your WordPress admin. Make sure GCM v2 is enabled, and map your cookie categories to the correct consent types: Analytics → analytics_storage, Marketing → ad_storage + ad_user_data + ad_personalization.

Plugins like Complianz provide a GTM template mainly for users who don’t have native GCM integration.

Since FAZ handles this natively, you can skip the template entirely.If you’re using GTM to inject the GA4 script itself, just make sure your GA4 Config tag fires on “Consent Initialization – All Pages” — GTM will respect the consent state and apply modeling automatically.Hope this helps! Let me know if you run into any specific GTM configuration issue.