Title: how to bypass an inline script? Last modified: May 4, 2026 --- # how to bypass an inline script? * Resolved [Eduard Doloc](https://wordpress.org/support/users/rwky/) * (@rwky) * [2 days ago](https://wordpress.org/support/topic/how-to-bypass-an-inline-script/) * Hello, I have a very small inline script that pulls some data from the page and passes it into a form (product id, sku, etc.) if the consent is denied, the inline script is switched from text/javascript type to text/plain; I was not able to find in any documentations (Here or on github) a way to make this a necesary/ skip section.Thank you! Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [fabiodalez](https://wordpress.org/support/users/fabiodalez/) * (@fabiodalez) * [1 day, 20 hours ago](https://wordpress.org/support/topic/how-to-bypass-an-inline-script/#post-18898767) * Hi [@rwky](https://wordpress.org/support/users/rwky/)! FAZ blocks scripts by scanning the page HTML and matching script tags against a database of known trackers and cookie providers. If your inline script contains a string that matches a known provider pattern — for example a tracking variable like `fbq(` or `gtag(`— FAZ will block it even if the script itself is not a tracker.Here is a typical example of the problem. Say you have a product configuration script like this: FAZ might block this script because the text “facebook.com” or “youtube.com” appears inside it, even though the script is just passing data — it is not running any Facebook or YouTube tracker code at all.There are two ways to resolve this. OPTION A — WHITELIST THE SCRIPT BY ID (works right now)Step 1 — Add an id to your inline script tag:Step 2 — Add that id to the FAZ exception list.Go to FAZ Cookie Manager → Settings → Script Blocking. You will see a textarea called “ Script Blocking Exceptions”. Add the id you chose, one per line:my-product-configSave the settings.How the field works: patterns without dots or slashes are matched against the script’s id and class attributes. Patterns with dots or slashes ( e.g. googleapis.com/maps) are URL fragments matched against the src attribute instead. Since your script has no src, a bare id handle is the correct format. Step 3 — Clear your cache.If you are running a caching plugin (LiteSpeed Cache, WP Rocket, W3 Total Cache, etc.), clear the full page cache after saving. FAZ’s blocking runs in PHP during page generation — cached pages will not reflect the new exception until the cache is invalidated.After clearing the cache, reload the page: the script should now execute normally.OPTION B — WAIT FOR THE NEXT FAZ RELEASE (will fix the root cause automatically)A fix for this class of false positives is already merged and will ship in the next FAZ release. The change: URL-fragment patterns (e.g. facebook.com, youtu.be) will only match against a script’s src attribute, never against inline text content. Code-level tracking signatures (fbq(, gtag(, _gaq) will still match inline content as before.If your script is being blocked because it references a tracker domain inside data (not because it actually runs tracker code), updating FAZ when the next version is out will resolve the false positive automatically — no whitelist entry needed. The same release will also rename the Settings field from “Whitelisted URL Patterns” to “Script Blocking Exceptions” with a clearer description explaining that script IDs and handles are accepted alongside URL fragments.IF YOU CANNOT MODIFY THE SCRIPT TAGIf the script is rendered by a third-party plugin and you cannot add an id attribute, try injecting it via your theme’s functions.php:add_filter( ‘ script_loader_tag’, function( $tag, $handle ) {if ( $handle === ‘your-plugin- handle’ ) {return str_replace( ‘