Cookies & integrations
With CCM19 you can give your visitors the opportunity to decide for themselves what data is collected about them.
For this to work, consent-based tools and external sources must be created and tested as integrations. Even if CCM19 can take over a lot of automatic tests, it is always up to the operator to check all functions.
An overview of existing integrations can be found under the menu item "Integrations & Cookies".
Overview of the existing integrations
Here you can see a list of the bindings used on your site. You can see at a glance which bindings are active, what they are called and who they are from.
Clicking on the green symbol takes you to edit mode, clicking on the red trash can deletes an entry on request.
The "Create new entry" button takes you to the creation screen. The blue "Select entry from database" button is usually more useful. Here your CCM19 instance connects to our central database and lists the available entries.
Available integrations
Here you can see a list of the entries from our database that are available to you. Click on the green button in the "Apply" column to transfer the data to the editing screen.
It may be necessary to adapt the data to your company or website. You should check this so that you are also on the safe side legally.
Editing mask of the embeddings
You can enter the following in the editing mask:
Name of the integration
The name of the integration - this can be Matomo, for example. Meaningful names should be used here.
Purpose
The categories mentioned above appear here again. You can assign any entry to any category. Please note, however, that you must observe the legal framework - a Facebook pixel, for example, is not technically necessary. For a precise legal classification, you should always consult a lawyer.
Activate
This activates the entry so that it can also be checked off in the frontend.
Source code of the integration
In the source code of the integration, you must insert the code that generates the integration. In our example, this would be Matomo. ** If you insert a code, it must be unique and must not be entered in any other cookie. **
It must also be removed from the direct website text, otherwise you would embed the code twice. This leads to technical problems!**
Example Matomo
<!-- Matomo / fully anonymized, data remains on the company's own servers -- >
<script type="text/javascript">
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
_paq.push(["setCookieDomain", "*.www.xy.de"]);
_paq.push(["setDomains", ["*.www.xy.de"]);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//analytics.xy.de/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '1']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<!-- End Matomo Code -- >
Provider
The company name of the provider that provides the script must be entered here - in our case it would be your company. You can also enter the full address of the company here.
Block scripts
Here you can block scripts that are embedded in the source code of your page using CCM19. If you use Matomo, for example, enter "matomo" in the field - this will block any JavaScript on your site that contains this character (string) and the script will not be executed unless consent has been given.
In this way, you do not necessarily have to modify your site.
However, please note the following: > The browsers-manufacturers always endeavor to load all content as quickly as possible, so it can happen that despite correct blocking a browser loads a file anyway, which the loading process was initiated faster than it can be blocked by CCM19. This is a matter of milliseconds. No cookie manager in the world can prevent this process, as it is not possible to intervene in the browser's internal processes. > To ensure that the scripts are not preloaded, you can remove scripts from the source code of your page and integrate them in the "Source code of integration" field instead. CCM19 will inject the stored script into the head of the page after consent has been granted for the integration.
Script-Loader
If you use the "Block scripts that contain the following text" function, your scripts can remain on the website and CCM19 will block them when the page is loaded. However, all current browsers load these resources before CCM19 intervenes, despite correct integration, as they are loaded by the browsers through automatic preloading. Neither CCM19 nor other tools can prevent this, as the download of the resources starts before the execution of scripts by browsers begins.
Alternatively, it is possible to block scripts directly in the source code of the website and to release and execute them with the consent of the site visitor through CCM19. This variant is available both for inline-scripts and for external scripts. The basic procedure is as follows:
- The
type
-attribute is replaced or defined as follows:type="text/x-ccm-loader"
- For external scripts, the
src
-attribute is replaced:data-ccm-loader-src
This adjustment means that a browser no longer recognizes the corresponding script as JavaScript-code to be executed and initially refrains from processing it.
CCM19 recognizes scripts that are defined according to this scheme and treats them like any other script. All rules that are stored in the CCM19-configuration of your domain for scripts apply.
Treat every script
-tag of your website that is to be blocked or released and reloaded according to this function. As an example, this could look as follows:
External script:
Inline-script:
Group for the script-Loader
If you use the HTML-modification to block scripts on your website, you can group the treated scripts and release them uniformly via an integration.
A group is defined for this purpose; you choose the group name yourself - for the following examples, we have chosen example-group
. The group is specified using the attributedata-ccm-loader-group
.
External script:
<script data-ccm-loader-group="example-group"
data-ccm-loader-src="https://your.site/script.js"
type="text/x-ccm-loader"></script>
Inline-script:
<script type="text/x<nt>-</nt>ccm<nt>-</nt>loader" data-ccm-loader-group="example-group">
// Your code here
</script>
Enter the group name in the relevant integration under "Group for the script-loader" to link the integration to the selected scripts on your website.
As soon as a site visitor allows such an integration, the grouped scripts are reloaded.
Enable iframes
In order for the activation via the embeddings to work, you must activate the IFrame-blocker via the itemIframes > Activate iframe-blocking .
It is possible to enable iframes (e.g. from Youtube, Google Maps and Co.) via the cookie-Banner.
To enable iframes via the-banner cookie, enter character strings that appear in the iframe in the "Block iframes that contain the following text" field - a concise part of the URL such as the domain is usually a good place to start.
For a YouTube-iframe, the character string could be "youtube.com", for example.
For a Google-Maps-iframe, the character string could be "maps.google.com", for example.
Alternatively, you can mark iframes with the attributes data-ccm-loader-src
and data-ccm-loader-group
of the script-loader - the src
-attribute is replaced in this case. This prevents resources from being loaded prematurely. Use the same group name that you defined in the "Group for the script-loader" field of an integration to bind iframes to this integration.
By accepting the category, all corresponding iframes are automatically activated.
Please continue to observe the legal regulations regarding iframes and correct categorization.
Entries per language
The following language-dependent content can still be created for each language used.
Description
Enter the task of the integration in the description. Why is it set? What does this integration do?
Data protection-Link
The link to the provider's privacy policy belongs here. You can usually find this when you go to the provider's website.
What data is collected?
Exactly what data is collected? Just the IP? Or also click data, browser data, logins, behavior and much more? Find out exactly from the provider of the script and enter as precisely as possible what happens to the data. This is the only way to obtain informed consent from your visitors.
For what purpose is the data collected?
Why do you collect this data? What do you want to do with it? Conversion optimization? Improve the user experience? Or just to implement a shopping cart function?
Legal basis
Here you define the legal basis on the basis of which you want to carry out this integration. For tracking-scripts, usually only "consent, Art. 6 para. 1 lit. a GDPR" applies - consent of the visitor through an informed decision. So purely voluntary.
Place of processing
Where the data is processed. Here not only the address of your office applies, but also where the server is located. Please also bear in mind that you are currently not allowed to transfer data to unsafe third countries. Providers that export data to the USA are probably not legally possible at present (as of 29.09.2020).
List of cookies and storage elements
All cookies and storage elements set by the script are listed here. You can enter additional elements manually, as the automatic scan cannot always find all data. For example, the scanner cannot find any data for a logged-in status. The database maintained manually by CCM19 does not necessarily have to be complete - always check the data carefully.
Name
The name in the browser - e.g. _ga for a Google Analytics cookie or _pk_id.* for Matomo - The * is a placeholder.
dyn.
This determines whether it is a dynamic variable - e.g. _pk_id.* blocks all cookies that begin with _pk_id, i.e. _pk_id.123 etc.
Memory type
How the data is stored in your browser.
Livetime / Expires
When does the storage entry expire automatically.
Value
What value does the cookie transport - usually it is cryptic data that is stored here.
Google Consent Mode v2
Google Consent Mode is a new functionality for websites that use Google Tag Manager to integrate Google-services such as Google Ads, Floodlight or Google Analytics.
If you use Google Tag Manager, please select which consent-types should be implied for Google with this integration.
You can find more information about Google's Google Consent Mode here: <https://support.google.com/analytics/answer/9976101?hl=de>
Exclude URLs
Do NOT play the integration on these pages, which means that the currently selected integration does not activate the integration in Tag Manager mode or does not enable it in block mode.
This can make sense under various circumstances.
Enter one URL per line. At the end you can use a * as a placeholder. Without a placeholder, the URL will be compared exactly! So please only enter complete and valid URLs.
Example: https://my.domain/embed*
has the following effect
- https://my.domain/embed
- https://my.domain/embed-map
- https://my.domain/embed/video?id=xyz
... and so on.
Save
By clicking on the Save button, the data is transferred to the CCM19 administration of your site and is then directly available for the frontend widget.