Our CMS developers are attempting to configure our Word Press site by adding the Osano Cookie Consent plugin. As such, this is done by adding a header to the site with a URL (+ API key etc), but when saving the config in Word Press, the entire domain is (temporarily) blocked to the user.
I can see the rule triggered is the Cloudflare Special rule “XSS, HTML Injection - Script Tag”
We are already whitelisting the source IPs to the URL with a wild card (subdomain.domain.com/*) but the rule is still triggered. I think this can be handled by whitelisting the source IP to the whole firewall, but might there be a better solution?