Matomo

Matomo

Open-source web analytics platform that self-hosting teams use as a privacy-respecting alternative to Google Analytics. Matomo tracks page views, events, goals, and funnels. Can operate without cookies when configured for cookieless tracking, keeping all data under the site owner's control.

Back to Vendor Library

Overview

Matomo (formerly Piwik) is an open-source web analytics platform that organizations self-host as a privacy-respecting alternative to Google Analytics. It tracks page views, events, goals, conversions, and funnels while keeping all data under the site owner's direct control.

What This Script Does

The Matomo tracking script (matomo.js or piwik.js) operates differently depending on configuration:

Standard mode (with cookies):

  • Sets first-party cookies to identify returning visitors, track session duration, and attribute conversions across visits. The default cookie prefix is _pk_ with configurable expiration (typically 13 months for the visitor cookie, 30 minutes for the session cookie).
  • Records page views (URL, page title, referrer), site search queries, outbound link clicks, and file downloads.
  • Sends tracking requests to the site owner's Matomo server (self-hosted) or Matomo Cloud instance on each page event.
  • Supports custom event tracking, goal conversions, and e-commerce transaction logging.

Cookieless mode:

  • When configured with disableCookies(), Matomo tracks without setting any cookies. It uses a combination of IP address and user agent to generate a daily-rotating visitor hash for basic visit counting.
  • In this mode, returning visitor recognition is limited (visitors are treated as new each day), but page view and event tracking still functions.
  • This mode significantly reduces ePrivacy compliance requirements.

Data stays on your server (self-hosted):

  • Unlike Google Analytics, self-hosted Matomo does not share data with any third party. All analytics data is stored on infrastructure the site owner controls.
  • Matomo Cloud is hosted by Matomo's company (InnoCraft) on EU-based servers, with a DPA available.

IP anonymization:

  • Matomo supports IP anonymization (masking 1-3 octets) which can be enabled in the admin panel. When fully anonymized, the stored data does not contain complete IP addresses.

Do Not Track:

  • Matomo can be configured to respect the browser's Do Not Track (DNT) header, skipping tracking entirely for users who have enabled it.

Consent & Compliance

Matomo is an analytics tool, but its compliance posture varies significantly by configuration:

Under GDPR:

  • Self-hosted + cookieless + IP anonymization: Several European data protection authorities (including CNIL in France) have confirmed that Matomo can be used without consent when configured with cookieless tracking, IP anonymization, and self-hosting. In this configuration, Matomo qualifies for the "strictly necessary" or "legitimate interest" exemption because no personal data leaves the site owner's control and no cookies are set.
  • Standard mode with cookies: Requires consent under GDPR/ePrivacy because it sets non-essential cookies for analytics purposes.
  • Matomo Cloud: Requires a DPA with InnoCraft. May still qualify for consent-free use if cookieless mode is enabled and the CNIL-approved configuration is followed.

Under ePrivacy:

  • Cookieless mode avoids the cookie consent requirement entirely.
  • Standard mode with cookies requires consent for setting the analytics cookies.

Under CCPA:

  • Self-hosted Matomo does not share data with third parties, simplifying CCPA compliance. Disclosure in the privacy policy is still required.

Should You Block This Without Consent?

Conditional. If Matomo is self-hosted with cookieless tracking and IP anonymization enabled, it can run without consent — this is one of the few analytics tools that can legitimately operate consent-free. If using standard cookie-based tracking, it should be blocked until analytics consent is granted. Check your specific Matomo configuration before deciding.

Visit website

Consent Categories

Analytics

Also Known As

matomopiwikpiwik analyticsopen source analyticsself-hosted analyticscookieless analyticsgoogle analytics alternativeGDPR analytics

Industries

Computers Electronics and Technology

Tracked Domains (2)

matomo.orgAnalytics
cdn.matomo.cloudAnalytics

Frequently Asked Questions

Does Matomo analytics require cookie consent?

It depends on configuration. In standard mode, Matomo sets first-party cookies (prefixed _pk_) to identify returning visitors and track sessions, requiring consent under GDPR. In cookieless mode, Matomo tracks without setting any cookies, which may exempt it from consent requirements in some jurisdictions depending on local regulations.

What tracking data does the Matomo script collect?

Matomo records page views with URL, page title, and referrer. It tracks site search queries, outbound link clicks, file downloads, and custom events. In standard mode, it sets first-party _pk_ cookies for visitor identification and session tracking. All data stays on the site owner's self-hosted or cloud instance, not shared externally.

How does ConsentStack work with Matomo tracking?

ConsentStack detects the Matomo tracking script (matomo.js or piwik.js) and categorizes it under analytics. If Matomo uses cookies, ConsentStack blocks the script until analytics consent is granted. For cookieless configurations, ConsentStack can allow the script without consent since no persistent identifiers are stored.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for Matomo

ConsentStack automatically detects and manages Matomo trackers so your site stays compliant with global privacy regulations.

Get started free