Problem with privacy banner (need to update Content-Security-Policy and to avoid extra pageviews)

Marco_Sciamanna · August 26, 2022, 2:40pm

Hi all !

In a site I manage, there is a privacy banner displayed for each new visitor. The choice made by the visitor (accept/decline) causes a page refresh, because I need to update the Content-Security-Policy meta tag and I can’t do it via Javascript.

The trouble is: such page refresh causes an extra page view and also affects the bounce rate.

Is there a technique to avoid that?

Thanks in advance for your support,
Marco

heurteph-ei · August 26, 2022, 2:58pm

Why do you need to update the CSP?
How do you proceed exactly (with some pseudo-code)?

Marco_Sciamanna · August 26, 2022, 3:49pm

I need to update it because of some youtube videos in the site. Depending on the user choice, the “frame-src” part of the CSP (that always contains www.youtube-nocookie.com) may contain also www.youyube.com and youtu.be.

Anyway, as I can’t make decisions on this part, the CSP update must be considered mandatory for me.

The current flow is:

the (new) user loads the page [–> one page view in matomo].
the user select accept/decline
the JS code updates a cookie (but can’t update the CSP; I’ve already tried that) and forces a page refresh
the new page contains the right CSP [but matomo changes the page view count and the bounce rate]

heurteph-ei · September 2, 2022, 2:50pm

Then you can, for the new page, load all Matomo but not hit the PageView…
Do you track by MTM? just JavaScript (via _paq variable)? or by another manner?

Marco_Sciamanna · September 7, 2022, 10:59am

I track using the _paq variable.

var _paq = _paq || [];
_paq.push(["setDomains", [MY_DOMAIN_LIST]);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u= MY_MATOMO_URL
_paq.push(['setTrackerUrl', u+'piwik.php']);
_paq.push(['setSiteId', MYSITE_ID]);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
})();

To implement your solution, should I simply avoid executing _paq.push(['trackPageView']); ?

heurteph-ei · September 7, 2022, 11:36am

Yes just ignore the _paq.push(['trackPageView']);, be sure the document title and page URL haven’t changed (except for parameters that are ignored by Matomo in Administration > Measurables > Manage > {Your site} > Excluded Parameters), and this should work well!

Marco_Sciamanna · September 7, 2022, 12:22pm

Let me get this straight to find the perfect solution.

for the 1st user visit (when the user sees the privacy banner), I can set a cookie
in the code above I write something like:

...
if(thereIsNOT(cookie)) {
   _paq.push(['trackPageView']);
}
...

after the user makes his choice about the privacy (yes/no), I delete the cookie

heurteph-ei · September 7, 2022, 2:07pm

If you delete the cookie, you won’t be able to remember:

who he is (in case of consent given)
if he gave consent or not…

Marco_Sciamanna · September 8, 2022, 11:49am

My mistake, 'cause I was writing in a hurry.

I didn’t mean to delete the whole cookie but just the specific entry in the cookie to distinguish whether I have to fire or not the trackPageView.

heurteph-ei · September 8, 2022, 3:51pm

Then this should work, but I think that just putting some parameter in the URL or manage the writting of _paq.push(['trackPageView']); server-side would be a little bit easier…