GDPR-compliant website tracking with Matomo

Data protection-compliant tracking of website visitors without a cookie banner?
Yes, that's possible!
You can find out which tool can be used to implement this in this article.

Since the GDPR came into force in 2018 and other court rulings and guidelines, tracking website visitors has become increasingly difficult and cumbersome. Most tracking tools, such as Google Analytics, may only be activated with the user's active consent via a cookie banner. As a result, cookie banners are becoming more and more intrusive and it is sometimes no longer possible (or only possible with a lot of time) to reject cookies at all if you want to see the content of a website.

For the online marketing industry, user tracking and especially conversion tracking is one of the most important things there is, which is why work is constantly being done to track even more user data, preferably with server-side tracking so that it can no longer be detected.

From our point of view, it is important to have active tracking on the website so that you can see whether visitors come to the website at all, how many visitors come to the website and which pages they visit.

Things like the exact IP address and the exact origin, which is determined based on the IP address, are rather secondary. Tracking returning users is also not a top priority for most websites. If you can do without these things, you can use tracking with IP anonymization and without cookies and don't even need a cookie banner.

We have discovered the open source tool Matomo for our websites. Matomo offers many advantages:

  • It can be used in compliance with GDPR 
  • It works reliably and covers all our needs
  • Local installation on the customer's web server is possible, i.e. the data is not passed on to third parties
  • Installation on the server and subsequent configuration is very simple
  • The self-hosting version is free of charge

Matomo can be installed very easily on your own server. The duration of the installation - depending on your technical knowledge - can easily be done in 1 hour or take a little longer ;)

How to install Matomo on your server

We recommend installing Matomo on a subdomain of the main domain used for your website. For example, if you want to track the data from, we recommend installing it under the subdomain or Why? The reason is that you can see that the tracking data does not leave your own domain. (Of course, the subdomain could point to a different server, but we are not assuming that here). Alternatively, you can also run the Matomo installation under a subdomain such as


To prepare, you should do the following:

  • Create a subdomain, e.g.
  • Activate SSL certificate for the subdomain
  • Create a directory on the server for Matomo, e.g. matomo or analytics
  • Point the subdomain to the correct directory on the server
  • Create a database for the Matomo installation



  1. Download the ZIP from the Matomo website and then upload the files to the server via SFTP, directly into the directory you created for Matomo. You can find the download here => Matomo Download Page
  2. Open the directory/subdomain in the browser and go through the installation process. You can find more information about the installation process on the Matomo download page.



  1. Create user for customer (super user for admin is already created during the installation process)
  2. The IP address must be anonymized under Administration -> Privacy -> Anonymize data. It is best to select the 2nd variant "2 byte(s) - e.g.". This means that the last two areas of the IP address are set to "0" and you can therefore no longer be identified by the IP address.
  3. Tracking-Code
    • You can find the tracking code under Administration -> Websites -> Tracking code
    • Under the item "Show advanced Options" you will find the item "Deactivate all tracking cookies" in order to operate Matomo cookie-free. This checkmark changes the JavaScript snippet and adds the following code:


  4. Tracking can now be tested by integrating the tracking code into the website and calling up the website in the browser. The first website visits should now be visible in Matomo.
  5. If required, you can also set up conversion goals to define certain pages as conversion goals - although this may take more time.


  • If Matomo is operated with cookies, we can clearly recommend the Open Source Cookie banner klaro.
  • If you want to be on the safe side with regard to the GDPR, you can disable the transmission of browser data with Matomo. Based on this data, a "device fingerprint" is created and theoretically enables recognition, which is not entirely clear from a GDPR perspective as to whether this is permitted or not. By default, Matomo records which browser is in use, which screen resolution and which browser plugins are installed. The storage of this information can be deactivated by adding the following line of code:


Exclude specific website calls

If you want to exclude certain views of your website, such as the views from a monitoring tool or the views that you make yourself, you have various options.


Exclude IP-Adresses

You can exclude certain IP addresses from tracking.

You can find the configuration for this under Administration -> Websites -> Settings -> Global website settings. Under "Global list of Excluded IPs" you can add several IP addresses (one IP address per line). If your website is accessed via these IP addresses, they will no longer be added to your statistics.


  • Many monitoring tools offer lists with the IP addresses of their monitoring services so that these can be transferred to the tracking tool.

Opt-Out Cookie

Your own IP address is not always static, but can change. It therefore makes sense to set an opt-out cookie for the browser used so that visits from this browser are not tracked.

Under Administration -> Personal -> Settings at the bottom of the page you will find the option "Exclude your visits using a cookie". Below this is a link. By clicking on the link, a cookie is set in the browser that prevents tracking on your website. However, you must click on the link separately on all devices and in all browsers if you want to prevent your own visits from being tracked.


  • Only click the link for the opt-out cookie after the tracking has been tested, otherwise you will not be able to see whether it works.
  • Leave a browser "cookie-free" for testing so that you can test later configurations. Of course, you can also delete the cookie in the browser at any time and set it again.

Get support with website management

Do you need help with website management?
SYSSY works for you in the background!

Register now for free

You might also be interested in

Why TYPO3 Monitoring is important

Regular TYPO3 monitoring provides a good overview and enables you to react quickly to problems and security gaps.

This article explains what the…

Read more

Data protection-compliant tracking of website visitors without a cookie banner?

Yes, that's possible! You can find out which tool can be used to…

Read more

We have investigated a hacked WordPress website and tried to find out what happened.

How to track down the hack and the conclusions drawn from it you…

Read more