Identify Matomo Cookies to comply with the "General Data Protection Regulation (EU)"

My question regards Matomo Version 3.13.4.

The names of the cookies that are being set seem to differ somewhat from what is specified on this

Examples in Firefox 75 (MacOS):

Where does the suffix part come from and what does it mean? For compliance with European privacy laws we have to accurately describe all cookies used by a website which is sort of problematic since the cookie names in our Matomo installation seem to be dynamic. Any clarification on that is much appreciated.

Have a nice day and be safe.

André Runzer


The only place that can tell you this for sure is the source of matomo.js:

So _pk is the prefix (that is always set to _pk), the next part is the name of the cookie, then the siteID and then the domainHash.

This brings us to the question: What is the domainHash?

It is the first 4 characters of the hash of the domains the cookie is set to.

And the last question is answered here:

hash is simply an alias for the sha1 hash algorithm.

So I hope this explains why the cookies are called like that.