Using OneTrust Consent Manager (CMP) with Matomo

OneTrust Consent Manager is a user-friendly consent management platform that helps you comply with global privacy regulations by managing user consent for data collection and cookies on your website.

This guide explains how to integrate the OneTrust Consent Manager with Matomo. OneTrust can request and track visitor consent, with Matomo enabling or disabling analytics tracking based on the consent status provided by the consent manager.

Prerequisites

Before following the instructions in this guide, set up your OneTrust account and complete the necessary steps to add the consent manager code to your website.

For Matomo to always use the visitor consent status provided by OneTrust, add the following code to the header of each website page (below the OneTrust code added previously).

Important note: Replace the C0004 value in the script with your specific OneTrust ID for statistics.

<script>
  var waitForTrackerCount = 0;
  function matomoWaitForTracker() {
    if (typeof _paq === 'undefined' || typeof OnetrustActiveGroups === 'undefined') {
      if (waitForTrackerCount < 40) {
        setTimeout(matomoWaitForTracker, 250);
        waitForTrackerCount++;
        return;
      }
    } else {
      window.addEventListener('OneTrustGroupsUpdated', function (e) {
          consentSet();
      });
    }
  function consentSet() {
    if (OnetrustActiveGroups.includes("C0004")) {  //replace with your specific OneTrust identifier for statistics cookies
      _paq.push(['rememberCookieConsentGiven']);
      _paq.push(['setConsentGiven']);      
    } else {
      _paq.push(['forgetCookieConsentGiven']); 
      _paq.push(['deleteCookies']);   
    }
  }
  document.addEventListener('DOMContentLoaded', matomoWaitForTracker());
</script>

Matomo will only track visitors if they have given consent via OneTrust. If a visitor revokes consent, the cookies are deleted.

If consent to use cookies is not given, then Matomo will still track visitors without using cookies and provide a full range of metrics, however the accuracy of some metrics may be reduced.

Step 2: Insert Matomo tracking code

  1. Go to Administration > Measurables > Tracking Code in your Matomo dashboard and make sure the correct website is selected.
  2. Copy the tracking code shown in the Matomo dashboard and paste it into a text editor.

  3. Add the line _paq.push(['requireCookieConsent']); just before the first line starting with _paq.push. The resulting code should now look similar to this:

    <!-- Matomo -->
<!-- SAMPLE CODE - DO NOT COPY THIS -->
<!-- COPY THE TRACKING CODE FROM YOUR MATOMO DASHBOARD -->
<script>
  var _paq = window._paq = window._paq || [];
  _paq.push(['requireCookieConsent']);
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//matomo/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '1']);
  })();
</script>
<script src="//matomo/matomo.js"></script>
<!-- End Matomo Code -->

  4. This code must be added to all pages on your website before the </head> tag. If you already have the Matomo tracking code on the page, replace it with this updated version.

Find out more about personal data processing in Matomo.

To setup Matomo to track visitor metrics without using cookies, add the following code to the header of each website page and insert below the OneTrust code:

Important note: Replace the C0004 value in the script with your specific OneTrust ID for statistics.

<script>
  var waitForTrackerCount = 0;
  function matomoWaitForTracker() {
    if (typeof _paq === 'undefined' || typeof OnetrustActiveGroups === 'undefined') {
      if (waitForTrackerCount < 40) {
        setTimeout(matomoWaitForTracker, 250);
        waitForTrackerCount++;
        return;
      }
    } else {
      window.addEventListener('OneTrustGroupsUpdated', function (e) {
          consentSet();
      });
    }
  }
  function consentSet() {
    if (OnetrustActiveGroups.includes("C0004")) {  //replace with your specific OneTrust identifier for statistics cookies
      _paq.push(['setConsentGiven']);
    } else {
      _paq.push(['forgetConsentGiven']);
    }
  }
  document.addEventListener('DOMContentLoaded', matomoWaitForTracker());
</script>

If consent is not given in OneTrust, then Matomo will not perform any tracking at all.

Step 2: Insert Matomo tracking code

  1. Go to Administration > Measurables > Tracking Code in your Matomo dashboard and make sure the correct website is selected.
  2. Copy the tracking code shown in the Matomo dashboard and paste it into a text editor.

  3. Add the line _paq.push(['requireConsent']); just before the first line starting with _paq.push. The resulting code should now look similar to this:

    <!-- Matomo -->
<!-- SAMPLE CODE - DO NOT COPY THIS -->
<!-- COPY THE TRACKING CODE FROM YOUR MATOMO DASHBOARD -->
<script>
  var _paq = window._paq = window._paq || [];
  _paq.push(['requireConsent']);
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//matomo/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '1']);
  })();
</script>
<script src="//matomo/matomo.js"></script>
<!-- End Matomo Code -->

  4. This code must be added to all pages on your website before the </head> tag. If you already have the Matomo tracking code on the page, replace it with this updated version.

If you successfully followed the steps in this guide, then your website will have both OneTrust and Matomo working together. OneTrust will manage all visitor consent and the Matomo JavaScript tracker will only track visitors who have given consent.

Previous FAQ: Using Klaro Consent Manager (CMP) with Matomo