Cookies & Integrations
With CCM19, you can inform your visitors about the tools used on the website and enable granular consent.
To ensure that the elements requiring consent are displayed in the banner, the tools and external sources used must be created as integrations and tested.
You can find an overview of the existing integrations under the menu item "Integrations & Cookies".
Overview of Existing Integrations
Here you can edit existing entries and add new ones.
Clicking the green pencil-icon in an entry’s row takes you to edit mode; clicking the red trash can deletes an entry after confirmation; the yellow button allows you to manually sync the entry individually with the central cookie database.
The "Create New Entry" button takes you to the creation form, where you can create your own entry. In most cases, however, it is worth first using the "Select Entry from Database" button first to check whether a template for the element you want to create already exists and can be used. We regularly update and expand the underlying database so that the most common tools are already listed.
The yellow button above updates all entries in the overview from the central Cookie-database. The update also occurs automatically every 24 hours.
Entries from the automatic crawler
When data has been added by the automatic crawler, two additional columns appear in the list, indicating when and on which specific subpage the element was found.
Invisible Banner
The Invisible Banner is an innovative feature in CCM19 that obtains consent exactly where external content is integrated, such as with embedded content like YouTube-videos or Google Maps. Context-sensitive and user-friendly!
Instead of the cookie-banner appearing on the first page load, the prompt only appears where a user actively accesses external content. This makes consent simpler, legally compliant, and seamlessly integrated into the usage context—without any additional integration effort. A win---win--situation for everyone involved! The following areas are relevant:
- Display: If the cookie---banner is visually disabled, a message appears confirming that there is no technical error.
- Activation: The mode can be activated via the toggle—but only if the conditions are met.
- Functionality check: Verify that all embedded content works correctly even without the standard cookie-banner.
Here’s how easy it is to check functionality: In normal mode, reject all cookies, then check whether embedded content (e.g., YouTube) can be activated individually and functions as desired. Done!
Embedding Database / Select Entry from Database
Here you can see a list of entries from our database that are available to you. Click the green button in the "Apply" column to transfer the data to the editing screen.
You can also import multiple entries at once. To do so, simply check the boxes in the left column and click the "Add Selected Integrations" button at the bottom.
The text in our database is neutral and generic, so it should be suitable for most companies. However, you may still need to customize entries for your company or website. All texts are freely editable, and edited texts are automatically protected from being overwritten during database updates by the lock-icon next to the field.
Embedding Edit Screen
In the edit screen, you have the following options:
Automatic Update
This option allows you to control whether the integration should be automatically synchronized with the CCM19 database. All changes from the database are transferred to the integration. To prevent data from being overwritten, you can click the lock icon (-) to retain your entered text.
Integration Name
The name of the integration as it appears in the banner. You should use descriptive names here that clearly indicate which tool the user is being asked to consent to.
Purpose
In this dropdown menu, you can select a category for the integration. However, always keep the legal framework in mind: A meta-pixel, for example, is not “technically necessary.” You should definitely consult a lawyer for an accurate legal assessment.
Integration is active
Use this to activate or deactivate the entry. An inactive entry remains listed under "Integrations & Cookies," but is not displayed in the banner.
Integration Source Code
In the integration source code field, you can enter code that should be embedded in the page after consent is given. In our example, this would be the Matomo code. Enter the complete code (including the opening and closing script-tags).
Important: If you integrate the code into the page in this way, it must be removed from the direct website text, as otherwise you would be embedding the code twice. This can lead to technical issues!
Matomo Example
<!-- Matomo / fully anonymized, data remains on company-owned servers -- > <script type="text/javascript">
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
_paq.push(["setCookieDomain", "*.www.xy.de"]);
_paq.push(["setDomains", ["*.www.xy.de"]]);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//analytics.xy.de/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '1']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script><!-- End Matomo Code -- >
Manufacturer / Provider
The company name of the provider supplying the script must be entered here. In most cases, this should be the company that provides the software. However, if you host the software on your own server and act as the operator yourself, you should enter your own company name here.
Script-Loader
If you use the "Block scripts containing the following text" feature, your scripts can remain on the website and CCM19 will block them when the page loads. However, modern browsers can load these resources via automatic preloading before CCM19 intervenes, even if they are correctly integrated. Neither CCM19 nor other tools can prevent this, as the download of the resources starts before the browser begins executing the scripts. This is especially the case when the scripts contain an async or - attribute.
To effectively prevent this, it is possible to block scripts directly in the website’s source code and have CCM19 release and execute them only after the site visitor’s consent. This option is available for both inline-scripts and external scripts. The general procedure is as follows:
- The
type-attribute is replaced or defined as follows:type="text/x-ccm-loader" - For external scripts, the
src-attribute is replaced:data-ccm-loader-src
With this adjustment, a browser no longer recognizes the corresponding script as JavaScript-code, so the script cannot be executed.
CCM19 recognizes scripts defined according to this scheme and treats them like any other script. All rules stored in the CCM19-configuration of your domain for scripts apply.
Treat every script-tag on your website that is to be blocked, allowed, or reloaded according to this function. As an example, this could look like the following:
External script:
Inline-script:
```html```
Group for the script-loader
If you use the HTML-modification to block scripts on your website, you can group the affected scripts and enable them uniformly via a single inclusion.
To do this, define a group; you can choose the group name yourself—for the following examples, we’ll use example-group. The group is specified using the attribute data-ccm-loader-group .
External script:
<script data-ccm-loader-group="example-group"
data-ccm-loader-src="https://your.site/script.js"
type="text/x-ccm-loader"></script>
Inline-Script:
<script type="text/x<nt>-</nt>ccm<nt>-</nt>loader" data-ccm-loader-group="example-group">
// Your code here
</script>
Enter the group name in the relevant integration under "Group for the Script-Loader" to link the integration to the marked scripts on your website.
As soon as a site visitor allows such an integration, all grouped scripts are reloaded.
Block scripts containing the following text
By entering text in this field, you can use CCM19 to block scripts embedded in your page’s source code. For example, if you use Matomo, enter "matomo"—this will block any JavaScript on your page that contains this string, and the script will not be executed unless consent has been given.
This way, you do not necessarily have to redesign your page.
However, please note the following:
Browser-s always strive to load all content as quickly as possible. Therefore, it may happen that, despite correct blocking, the browser still loads a file because the loading process was initiated faster than CCM19 could block it. We’re talking about milliseconds here.
To ensure that scripts are not preloaded without consent, you can remove scripts from your page’s source code and instead integrate them in the “Embedding Source Code” field. CCM19 will inject the stored script into the page’s head section for embedding once consent has been granted.
Entries per Language
For each language used, the following language-specific content can still be created.
Description
In the description, enter the purpose of the integration. Why is this being implemented? What does this integration do?
Privacy Policy-Link
This is where you should include the link to the provider’s privacy policy. You can usually find this by visiting the provider’s website.
What data is collected?
Exactly what data is collected? Just the IP address? Or also click data, browser data, logins, user behavior, and more? Check with the script provider for details and describe as precisely as possible what happens to the data. This is the only way to ensure your visitors give informed consent.
For what purpose is the data collected?
Why are you collecting this data? What do you intend to do with it? Conversion optimization? Improving the user experience? Or simply to implement a shopping cart feature?
Legal basis
Here you define the legal basis on which you intend to implement this integration. For tracking-scripts, generally only "Consent, Art. 6(1)(a) GDPR)" applies—the visitor’s consent through an informed decision. In other words, purely voluntary.
Place of Processing
Where is the data processed? This refers not only to your office address but also to the location of the server. Please also note that you are currently not permitted to transfer data to non-EU countries. Providers that export data to the U.S. are currently likely not legally permissible (as of September 29, 2020).
" - " Tab: Legal Basis
In the "Legal Basis" section, you can customize the legal provisions on which the integration or consent is based. You can also add supplementary legal bases here if the structured legal basis is insufficient.
" - " Tab: List of Cookies and Storage Elements
All cookies and storage elements set by the script are listed here. You can manually add additional items, as the automatic scan cannot always find all data. For example, the scanner cannot find data for a logged-in state. Even the database maintained manually by CCM19 may not be complete—always check the data carefully.
Name
The name in the browser - e.g., _ga for a Google Analytics cookie or _pk_id.* for Matomo - the * is a placeholder.
dyn.
This determines whether it is a dynamic variable - e.g., _pk_id.* blocks all cookies that start with _pk_id., i.e., _pk_id.123, etc.
Storage Type
How the data is stored in your browser.
Expiration
How long the cookie remains active
Description
Description of the cookie (What is the cookie used for, what data is retrieved, if any)
"Iframes" Tab
To ensure that activation via embeddings works, you must enable the IFrame-blocker under theIframes > Enable Iframe-Blocking .
It is possible to initially block iframes (e.g., from YouTube, Google Maps, etc.) via the-banner and enable them after consent is given.
To block and unblock iframes via the "-" banner, enter strings that appear in the iframe into the field " Block iframes containing the following text "—typically a concise part of the URL from the src-attribute is well-suited here.
For a YouTube-iframe, the string could be "youtube.com," for example.
Alternatively, you can mark up iframes with the attributes data-ccm-loader-src and data-ccm-loader-group of the Script-Loader—the src-attribute is replaced in this process. This prevents resources from being loaded prematurely. Use the same group name that you defined in the "Group for the Script-Loader" field of an integration to link iframes to that integration.
Accepting the category automatically enables all corresponding iframes.
Please also note the legal regulations regarding iframes and the correct categorization, which you can set in the "Basic Data" tab.
" - " Tab Google Consent Mode v2
Google Consent Mode is a new feature for websites that use Google Tag Manager to integrate Google-services such as Google Ads, Floodlight, or Google Analytics.
If you use Google Tag Manager, please select which types of consent-should be implied for Google with this integration.
For more information on Google Consent Mode from Google, click here: https://support.google.com/analytics/answer/9976101?hl=de
Exclude URLs from the " - " tab
Do NOT display the integration on these pages; this means that the currently selected integration in Tag Manager mode will not activate the integration, or in Block mode, will not allow it.
This can be useful in various situations.
Enter one URL per line. You can use a * as a wildcard at the end. Without a wildcard, the URL is compared exactly! Therefore, please enter only complete and valid URLs.
Example: https://my.domain/embed* applies to
- https://my.domain/embed
- https://my.domain/embed-map
- https://my.domain/embed/video?id=xyz
… and so on.
Save
Clicking the Save button will transfer the data to the CCM19 Administration of your site, where it will then be immediately available for the frontend widget.