[VoxPelli]

100% this, the marketing team wants to have Google Tag Manager to inject random marketing scripts all across the page and management backs them up and then the development team has no insight to or no say in what actual scripts are run on a specific page.

That said: This is a GDPR nightmare and so is Google Tag Manager

[mavhc]

Subresource Integrity fixes that: "hmm, must be a bug at Google's end"

[jon-wood]

It really doesn’t fix it, since the whole point of GTM is to allow arbitrary code execution on any page by marketing teams. (Yes, this is as bad of an idea as it sounds)

[mavhc]

You just don't allow GTM, citing a security and GDPR risk

[cccbbbaaa]

More like GDPR violation thanks to Schrems II.