Setup Matomo Analytics with Drupal and respect “Do Not Track” header (GDPR compliant)

In this guide I’ll show you how you can setup Matomo Analytics together with Drupal (will work fine with other systems with some minor adjustments, too) to be GDPR compliant and to respect the “Do Not Track” (DNT) setting of your users.

Drupal

Install the “EU Cookie Compliance” Module

Note: I’ve added the Matomo tracking code with a simple JS file, but if you like to configure Matomo on the Drupal backend you can also install https://www.drupal.org/project/matomo for that

Matomo Analytics

Matomo already provides you a setting to respect users with a “Do Not Track” (DNT) header set. But to also not bore those users with a cookie consent banner we need to do some adjustments.

Adjust the Matomo tracking code

To respect the “Do Not Track” (DNT) header we need to adjust the default Matomo tracking code snippet to check if the user is actually sending the DNT header. We can easily check this with:

navigator.doNotTrack // Returns 1 if user doesn't want to be tracked

We combine this with a handy function of the Drupal EU Cookie module to automatically decline the consent if the DNT is present:

// If browser sends DNT, automatically decline
if (navigator.doNotTrack) {
Drupal.eu_cookie_compliance.declineAction();
}

Now let’s adjust the code for the users which do not send the DNT header:

We can check if the user has decided to NOT give us his consent. In this case we will disable the tracking cookie(s) for him:

// If consent is not given
if (!Drupal.eu_cookie_compliance.hasAgreed()) {
_paq.push(['disableCookies']);
}

Finally we need to take care of the users which have actually given us a consent. We’ll set consent to true and save this consent in a cookie:

// If consent is given
if (Drupal.eu_cookie_compliance.hasAgreed()) {
_paq.push(['setConsentGiven']);
_paq.push(['rememberCookieConsentGiven']);
}

Note: Matomo has an option to always track users even if they don’t give you a consent (so it will track the minimal possible GDPR compliant data – anonymised of course and without any cookie set). Learn more about this here.

To use this feature we can add:

_paq.push(['requireCookieConsent']);

Now let’s wrap this all up in a final code snippet:

var idSite = SITEID; // Most likely ID 1
var matomoTrackingApiUrl = 'https://YOURMATOMOHOST/matomo.php';
var _paq = window._paq = window._paq || [];

_paq.push(['setTrackerUrl', matomoTrackingApiUrl]);
_paq.push(['setSiteId', idSite]);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
_paq.push(['requireCookieConsent']);
// Check if user has given consent or not
document.addEventListener('DOMContentLoaded', function() {
// If browser sends DNT, automatically decline
if (navigator.doNotTrack) {
Drupal.eu_cookie_compliance.declineAction();
}
// If consent is not given
if (!Drupal.eu_cookie_compliance.hasAgreed()) {
_paq.push(['disableCookies']);
}
// If consent is given
if (Drupal.eu_cookie_compliance.hasAgreed()) {
_paq.push(['setConsentGiven']);
_paq.push(['rememberCookieConsentGiven']);
}
}, false);

Note: Replace SITEID with your Site ID of Matomo and YOURMATOMOHOST with the URL of your Matomo instance.

Sascha Eggenberger. Senior User Experience Designer @unic @Drupal Contributor. Drupal Design System, Claro, Gin. #OpenSource https://sascha.is/