If you're using Wordpress with the Wordfence plugin, you'll notice that Wordfence says the site is all clear, but when checking your error logs, you'll likely find something similar to the following:
[Thu Apr 20 20:54:18.774155 2017] [:error] [pid 296442:tid 140513210464000] [client IP] ModSecurity: Access denied with code 403 (phase 4). Pattern match "<[^a-zA-Z0-9_]{0,}iframe\\s+(?!src=\"//www\\.googletagmanager\\.com)[^>]{1,}?\\b(?:height|width)\\b[^a-zA-Z0-9_]{0,}?=[^a-zA-Z0-9_]{0,}?[\"']{0,1}[^\"'123456789]{0,}?(?:0123 {0,1}%|(?:1{0,1}0-9 {0,1}|20)(?![0-9%.]))" at RESPONSE_BODY. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/20_Outgoing_FilterInFrame.conf"] [line "14"] [id "214530"] [rev "3"] [msg "COMODO WAF: Possibly malicious iframe tag in output||www.domainname|F|4"] [data "Matched Data: <iframe src=\x22https://www.googletagmanager.com/ns.html?id=GTM-ML3LBPRX26Xx22\x0aheight=\x220 found within RESPONSE_BODY: <!DOCTYPE html>\x0d\x0a<!--[if IE 6]>\x0d\x0a<html id=\x22ie6\x22 lang=\x22en-GB\x22 prefix=\x22og: http://ogp.me/ns#X38Xx22>\x0d\x0a<![endif]-->\x0d\x0a<!--[if IE 7]>\x0d\x0a<html id=\x22ie7\x22 lang=\x22en-GB\x22 prefix=\x22og: http://ogp.me/ns#X50Xx22>\x0d\x0a<![endif]-->\x0d\x0a<!--[if IE 8]>\x0d\x0a<html id=\x22ie8\x22 lang=\x22en-GB\x22 [hostname "www.domainname"] [uri "/index.php"] [unique_id "WPkD2X6S5T9dV8tjWI5Q3QAAANQ"]
At this point you have a few options:
1) Disable or remove the Google Tag Manager tool
2) Disable ModSecurity
3) Fix the file creating the issue
Option 1 will certainly resolve the issue, but you've incorporated Google Tag Manager for a reason and would likely prefer to keep it active.
Option 2 will also resolve the issue, but removing the firewall will make your site vulnerable to hacks and other seciruty risks.
Of course, we also implement imunify360 and another protection layer, so the risks are minimised - especially if you are using Wordfence too.
Option 3 will resolve the issue without having to quit Google Tag Manager or opening your site to real risks.
The standard GTM code looks as follows:
<!-- Google Tag Manager -->
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-XXXXXX"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXX');</script>
<!-- End Google Tag Manager --><!-- Google Tag Manager -->
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-XXXXXX"
height="21" width="21" class ="noDisplay"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXX');</script>
<!-- End Google Tag Manager -->.noDisplay {
display:none;
visibility:hidden;
}If your site is still loading slow, consider taking a look at how many external DNS look-ups your site is making (you can test this at gtmetrix.com).
You should also ensure that all images on your site have been compressed, as uncompressed images take up a lot of space and will slow your site's loading time.
