How to configure Consent in the Matomo Configuration Variable

To comply with regulations such as the GDPR and the ePrivacy Directive, you must obtain and manage consent for tracking visitors with cookies. Unless exemptions apply in your jurisdiction, consent must be obtained before placing cookies or using tracking tools.

Whether integrating Matomo Tag Manager with a consent platform or handling consent manually, the Matomo Configuration Variable ensures that tracking respects the selected tracking consent options.

The default installation of Tag Manager includes an auto-configured container with the predefined Matomo Analytics Pageview tag, the Matomo Configuration Variable and a Pageview trigger to initiate page tracking.

Edit the Matomo Configuration Variable

The following steps explain how to set up the consent and cookie management preferences in the Matomo variable.

  1. Go to Matomo > Tag Manager and open the container being used to track your website.
  2. Navigate to Variables and open the Matomo Configuration Variable.
  3. Scroll down to the three consent management options: Disable cookies; Require tracking consent; Require cookie consent:
    matomo tag manager variable consent options
  4. When you select one consent option, the other two unselected checkboxes are hidden. To change this, untick the current selection to reveal all consent checkboxes (in the default unchecked status).
  5. If no consent options are selected, Matomo will set cookies and track visitors without requiring consent.

Disable Cookies

When the Disable cookies setting is selected, Matomo tracks visitors without cookies. It does not create or use cookies that identifies visitors across sessions, so there is no need to store data such as unique visitor identifiers or session details.

Visitor interactions are tracked using cookieless methods, such as server-side session tracking or anonymised data collection. This approach allows Matomo to gather analytics data, such as pageviews and events. Learn more about how cookieless tracking impacts reports.

This setting can be used in different configurations, for example:

  • Default for All Visits: Cookies are disabled for all visitors.
  • Conditional: Cookies are initially disabled but can be enabled later based on specific criteria, such as after explicit user consent.

Note: By not setting cookies, you may not need a cookie consent banner in some regions. However, depending on the privacy laws applicable to certain countries, you may still need to obtain consent for tracking, regardless of whether cookies are used.

When the Require cookie consent setting is selected, Matomo only uses cookies after visitors have explicitly provided consent. This ensures compliance with privacy regulations that require consent before placing non-essential cookies.

When consent is granted, Matomo enables cookie-based tracking. If consent is revoked/denied, Matomo adjusts to cookieless tracking and functions similarly to the Disable cookies setting.

This setting works well with websites that rely on cookie-based tracking or to enable advanced features while adhering to strict consent requirements. Matomo integrates seamlessly with Consent Management Platforms (CMPs), allowing you to dynamically adjust tracking behaviours based on visitors’ consent preferences.

As part of ensuring compliance, you can enable features like Heatmaps and Session Recording only after visitors provide their consent.

The following example explains how to enable features, such as Heatmaps and Session Recording, only after visitors have provided cookie consent.

  1. Open the Matomo Configuration Variable and select the option, Require Cookie Consent. This ensures that cookies and cookie-based features are only enabled after consent is explicitly granted.
  2. Navigate to Tags.
  3. To enable Heatmaps and Session Recording after granting consent via the CMP, create a Custom HTML Tag and insert your CMP’s method for checking the consent status.
  4. If you are already using Matomo’s consent handling script, modify it as needed to enable or disable Heatmaps and Session Recording based on consent.
  5. This script uses the Cookiebot CMP:
<script>
_paq.push(['HeatmapSessionRecording::disable']); // Disable Heatmaps and Session Recording by default

var waitForTrackerCount = 0;

function matomoWaitForTracker() {
  if (typeof _paq === 'undefined' || typeof Cookiebot === 'undefined') {
    if (waitForTrackerCount < 40) {
      setTimeout(matomoWaitForTracker, 250);
      waitForTrackerCount++;
      return;
    }
  } else {
    // Add event listeners for consent updates
    window.addEventListener('CookiebotOnAccept', function () {
      consentSet();
    });
    window.addEventListener('CookiebotOnDecline', function () {
      consentSet();
    });

    // Handle the initial consent state
    consentSet();
  }
}

function consentSet() {
  // Ensure Cookiebot.consent is defined before accessing statistics
  if (Cookiebot.consent && Cookiebot.consent.statistics) {
    // Consent granted: Enable tracking and heatmaps
    _paq.push(['rememberCookieConsentGiven']);
    _paq.push(['setConsentGiven']);
    _paq.push(['HeatmapSessionRecording::enable']); // Enable heatmaps and session recording
  } else {
    // Consent denied/revoked or consent object undefined: Disable tracking and heatmaps
    _paq.push(['forgetCookieConsentGiven']);
    _paq.push(['deleteCookies']);
    _paq.push(['HeatmapSessionRecording::disable']); // Disable heatmaps and session recording
  }
}

// Initialise tracker wait function
matomoWaitForTracker();
</script>
  1. Set the Position to Head Start with the highest priority. This ensures Heatmaps and Session Recording are disabled before Matomo initialises and prevents tracking prior to consent.
  2. Link a DOM Ready Trigger to execute this tag when the browser has parsed the HTML document. This ensures the script runs at the appropriate time to evaluate the visitor’s consent state.

With Require Cookie Consent, Matomo cookies are disabled by default when visitors access your website. When a visitor interacts with the CMP and provides consent, the DOM Ready Trigger fires the Custom HTML Tag. The tag evaluates the consent state and when consent is granted, cookies and Heatmaps and Session Recording are enabled. If consent is revoked, Matomo stops these features and deletes previously set cookies.

The Require Tracking Consent option is the strictest method for ensuring compliance with privacy regulations. It prevents all tracking, both cookie-based and cookieless, until the visitor gives explicit consent.

Enable this consent option in strict privacy jurisdictions where regulations mandate explicit consent for all forms of tracking, including cookieless methods. Use it when integrating Matomo with a CMP to capture and manage visitor consent before any tracking begins.

It is also possible to request consent before enabling specific features to ensure that no tracking occurs until visitors explicitly agree.

Refer to the Matomo Tag Manager and CMP guides for step-by-step instructions on integrating with popular consent managers to dynamically adjust tracking based on your visitors’ consent updates.

Previous FAQ: How do I set the User ID using Matomo Tag Manager?