We have integrated Analytics with our platform, based on the script compatibility with Matomo. Some clients are asking for TagManager integration, since that was recommended. We do see the benefit of the additional abilities to track more events the Tag Manager script will enable. Especially that it allows our clients to setup their trigger / tags themselves.
Besides CSP are there other options to prohibit these functions, other then asking clients not to use those custom tags? The injected tags for “custom code” will reuse the nonce that is present in the tag where we load the tagmanager script?