Wordpress post with embedded scripts result in Cloudflare XSS blocked page

This only seems to happen on a subdomain, not the primary domain.

When I remove the script tag, save works fine.

We need this functionality to post Instagram and Twitter embeds. Is there a way that I can “allowlist” certain embed scripts to safely save?