Setup Matomo Analytics with Drupal and respect “Do Not Track” header (GDPR compliant)
In this guide I’ll show you how you can setup Matomo Analytics together with Drupal (will work fine with other systems with some minor adjustments, too) to be GDPR compliant and to respect the “Do Not Track” (DNT) setting of your users.
Drupal
Install the “EU Cookie Compliance” Module
- Make sure you’re using the EU Cookie Compliance module.
- Set the module up to your liking.
This module will provide you with a customisable consent banner
Note: I’ve added the Matomo tracking code with a simple JS file, but if you like to configure Matomo on the Drupal backend you can also install https://www.drupal.org/project/matomo for that
Matomo Analytics
Matomo already provides you a setting to respect users with a “Do Not Track” (DNT) header set. But to also not bore those users with a cookie consent banner we need to do some adjustments.
Adjust the Matomo tracking code
To respect the “Do Not Track” (DNT) header we need to adjust the default Matomo tracking code snippet to check if the user is actually sending the DNT header. We can easily check this with:
navigator.doNotTrack // Returns 1 if user doesn't want to be trackedWe combine this with a handy function of the Drupal EU Cookie module to automatically decline the consent if the DNT is present:
// If browser sends DNT, automatically decline
if (navigator.doNotTrack) {
Drupal.eu_cookie_compliance.declineAction();
}Now let’s adjust the code for the users which do not send the DNT header:
We can check if the user has decided to NOT give us his consent. In this case we will disable the tracking cookie(s) for him:
// If consent is not given
if (!Drupal.eu_cookie_compliance.hasAgreed()) {
_paq.push(['disableCookies']);
}Finally we need to take care of the users which have actually given us a consent. We’ll set consent to true and save this consent in a cookie:
// If consent is given
if (Drupal.eu_cookie_compliance.hasAgreed()) {
_paq.push(['setConsentGiven']);
_paq.push(['rememberCookieConsentGiven']);
}Note: Matomo has an option to always track users even if they don’t give you a consent (so it will track the minimal possible GDPR compliant data – anonymised of course and without any cookie set). Learn more about this here.
To use this feature we can add:
_paq.push(['requireCookieConsent']);Now let’s wrap this all up in a final code snippet:
var idSite = SITEID; // Most likely ID 1
var matomoTrackingApiUrl = 'https://YOURMATOMOHOST/matomo.php';
var _paq = window._paq = window._paq || [];
_paq.push(['setTrackerUrl', matomoTrackingApiUrl]);
_paq.push(['setSiteId', idSite]);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
_paq.push(['requireCookieConsent']);// Check if user has given consent or not
document.addEventListener('DOMContentLoaded', function() { // If browser sends DNT, automatically decline
if (navigator.doNotTrack) {
Drupal.eu_cookie_compliance.declineAction();
} // If consent is not given
if (!Drupal.eu_cookie_compliance.hasAgreed()) {
_paq.push(['disableCookies']);
} // If consent is given
if (Drupal.eu_cookie_compliance.hasAgreed()) {
_paq.push(['setConsentGiven']);
_paq.push(['rememberCookieConsentGiven']);
}}, false);
Note: Replace SITEID with your Site ID of Matomo and YOURMATOMOHOST with the URL of your Matomo instance.
