Problem with privacy banner (need to update Content-Security-Policy and to avoid extra pageviews)

Hi all :slight_smile: !

In a site I manage, there is a privacy banner displayed for each new visitor. The choice made by the visitor (accept/decline) causes a page refresh, because I need to update the Content-Security-Policy meta tag and I can’t do it via Javascript.

The trouble is: such page refresh causes an extra page view and also affects the bounce rate.

Is there a technique to avoid that?

Thanks in advance for your support,

Why do you need to update the CSP?
How do you proceed exactly (with some pseudo-code)?

I need to update it because of some youtube videos in the site. Depending on the user choice, the “frame-src” part of the CSP (that always contains may contain also and

Anyway, as I can’t make decisions on this part, the CSP update must be considered mandatory for me.

The current flow is:

  • the (new) user loads the page [–> one page view in matomo].
  • the user select accept/decline
  • the JS code updates a cookie (but can’t update the CSP; I’ve already tried that) and forces a page refresh
  • the new page contains the right CSP [but matomo changes the page view count and the bounce rate]

Then you can, for the new page, load all Matomo but not hit the PageView…
Do you track by MTM? just JavaScript (via _paq variable)? or by another manner?

I track using the _paq variable.

var _paq = _paq || [];
_paq.push(["setDomains", [MY_DOMAIN_LIST]);
(function() {
_paq.push(['setTrackerUrl', u+'piwik.php']);
_paq.push(['setSiteId', MYSITE_ID]);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);

To implement your solution, should I simply avoid executing _paq.push(['trackPageView']); ?

Yes just ignore the _paq.push(['trackPageView']);, be sure the document title and page URL haven’t changed (except for parameters that are ignored by Matomo in Administration > Measurables > Manage > {Your site} > Excluded Parameters), and this should work well!

Let me get this straight to find the perfect solution.

  1. for the 1st user visit (when the user sees the privacy banner), I can set a cookie
  2. in the code above I write something like:
if(thereIsNOT(cookie)) {
  1. after the user makes his choice about the privacy (yes/no), I delete the cookie

If you delete the cookie, you won’t be able to remember:

  • who he is (in case of consent given)
  • if he gave consent or not…

My mistake, 'cause I was writing in a hurry.

I didn’t mean to delete the whole cookie but just the specific entry in the cookie to distinguish whether I have to fire or not the trackPageView.

Then this should work, but I think that just putting some parameter in the URL or manage the writting of _paq.push(['trackPageView']); server-side would be a little bit easier…