Zum Inhalt

Cookies & integrations

With CCM19 you can give your visitors the opportunity to decide for themselves what data is collected about them.

For this to work, all relevant data must be available in CCM19 and the integrations must be tested. Even if CCM19 can perform a lot of automatic tests, it is always up to the operator to check all functions.

An overview of existing integrations can be found under the menu item "Integrations & Cookies".

Overview of the existing integrations

screenshot-2020.09.29-16_01_49-CCM19 - Cookie Consent Management Software.jpg

Here you can see a list of the bindings used on your site. You can see at a glance which bindings are active, what they are called and who they are from.

Clicking on the green symbol takes you to edit mode, clicking on the red trash can deletes an entry on request.

The "Create new entry" button takes you to the creation screen. The blue "Select entry from database" button is usually more useful. Here your CCM19 instance connects to our central database and lists the available entries.

Available integrations

screenshot-2020.09.29-16_05_01-CCM19 - Cookie Consent Management Software.jpg

Here you can see a list of the entries from our database that are available to you. Click on the green button in the "Apply" column to transfer the data to the editing screen.

It may be necessary to adapt the data to your company or website. You should check this so that you are on the safe side legally.

Editing mask of the embeddings


You can enter the following in the editing mask:

Name of the integration

The name of the integration - this can be Matomo, for example. Meaningful names should be used here.


The categories mentioned above appear here again. You can assign any entry to any category. Please note, however, that you must observe the legal framework - a Facebook pixel, for example, is not technically necessary. For a precise legal classification, you should always consult a lawyer.


This activates the entry so that it can also be checked off in the frontend.

Source code of the integration

In the source code of the integration, you must insert the code that generates the integration. In our example, this would be Matomo. ** If you insert a code, it must be unique and must not be entered in any other cookie. **

It must also be removed from the direct website text, as otherwise you would embed the code twice. This leads to technical problems!**

Example Matomo

<!-- Matomo / voll anonymisiert, Daten verbleiben auf Firmeneigenen Servern -->
 <script type="text/javascript">
    var _paq = window._paq = window._paq || [];
    /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
    _paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
    _paq.push(["setCookieDomain", "*.www.xy.de"]);
    _paq.push(["setDomains", ["*.www.xy.de"]);
    (function() {
        var u="//analytics.xy.de/";
        _paq.push(['setTrackerUrl', u+'matomo.php']);
        _paq.push(['setSiteId', '1']);
        var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
        g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
<!-- End Matomo Code -->


The company name of the provider who provides the script must be entered here - in our case it would be your company. You can also enter the full address of the company here.

Block scripts

Here you can block scripts that are embedded in the source code of your page using CCM19. If you use Matomo, for example, enter "matomo" in the field - this will block any JavaScript on your site that contains this character (string) and the script will not be executed unless consent has been given.

In this way, you do not necessarily have to rebuild your site.

However, please note the following: &gt The browser manufacturers always endeavor to load all content as quickly as possible, so it can happen that, despite correct blocking, a browser loads a file anyway if the loading process was initiated faster than it can be blocked by CCM19. This is a matter of milliseconds. No cookie manager in the world can prevent this process, as it is not possible to intervene in the browser's internal processes. &gt To ensure that the scripts are not preloaded, you can remove scripts from the source code of your page and integrate them in the "Source code of integration" field instead. CCM19 will inject the stored script into the head of the page after consent has been granted for the integration.

Script loader

If you use the "Block scripts that contain the following text" function, your scripts can remain on the website and CCM19 will block them when the page is loaded. However, all current browsers load these resources before CCM19 intervenes, despite correct integration, as they are loaded by the browsers through automatic preloading. Neither CCM19 nor other tools can prevent this, as the download of the resources starts before the execution of scripts by browsers begins.

Alternatively, it is possible to block scripts directly in the source code of the website and to release and execute them with the consent of the site visitor through CCM19. This variant is available for both inline scripts and external scripts. The basic procedure is as follows:

  1. The type attribute is replaced or defined as follows: type="text/x-ccm-loader"
  2. For external scripts, the src attribute is replaced: data-ccm-loader-src

This adjustment means that a browser no longer recognizes the corresponding script as JavaScript code to be executed and initially refrains from processing it.

CCM19 recognizes scripts that are defined according to this scheme and treats them like any other script. All rules that are stored for scripts in the CCM19 configuration of your domain apply.

Handle each script tag of your website that is to be blocked or released and reloaded according to this function. As an example, this could look as follows:

External script:

<script data-ccm-loader-src="https://your.site/script.js"

Inline script:

<script type="text/x-ccm-loader">
    // Your code here

Group for the script loader

If you use HTML modification to block scripts on your website, you can group the treated scripts and release them uniformly via an integration.

A group is defined for this purpose; you choose the group name yourself - for the following examples, we have chosen example-group. The group is specified using thedata-ccm-loader-groupattribute.

External script:

<script data-ccm-loader-group="example-group"

Inline script:

<script type="text/x-ccm-loader" data-ccm-loader-group="example-group">
    // Your code here

Enter the group name in the relevant integration under "Group for the script loader" to link the integration to the selected scripts on your website.


As soon as a site visitor allows such an integration, the grouped scripts are reloaded.

Enable iframes

In order for the activation via the embeddings to work, you must activate the iframe blocker viaIframes > Activate iframe blocking .

It is possible to enable iframes (e.g. from YouTube, Google Maps etc.) via the cookie banner.

To enable iframes via the cookie banner, enter character strings that appear in the iframe in the "Block iframes that contain the following text" field - a concise part of the URL such as the domain is usually a good place to start.

For a YouTube iframe, for example, the character string could be "youtube.com".

For a Google Maps iframe, the character string could be "maps.google.com", for example.

Alternatively, you can mark iframes with the attributes data-ccm-loader-src and data-ccm-loader-group of the script loader - the src attribute is replaced in this case. This prevents resources from being loaded prematurely. Use the same group name that you have defined in the "Group for the script loader" field of an integration to bind iframes to this integration.

Accepting the category automatically activates all corresponding iframes.

Please continue to observe the legal regulations regarding iframes and correct categorization.

Entries per language


The following language-dependent content can still be created for each language used.


Enter the task of the integration in the description. Why is it set? What does this integration do?

The link to the provider's privacy policy belongs here. You can usually find this when you go to the provider's website.

What data is collected?

Exactly what data is collected? Just the IP? Or also click data, browser data, logins, behavior and much more? Find out exactly from the provider of the script and enter as precisely as possible what happens to the data. This is the only way to obtain informed consent from your visitors.

For what purpose is the data collected?

Why do you collect this data? What do you want to do with it? Conversion optimization? Improve the user experience? Or just to implement a shopping cart function?

Here you define the legal basis on the basis of which you want to carry out this integration. In the case of tracking scripts, only "consent, Art. 6 para. 1 lit. a GDPR" usually applies - consent of the visitor through an informed decision. So purely voluntary.

Place of processing

Where the data is processed. Here not only the address of your office applies, but also where the server is located. Please also bear in mind that you are currently not allowed to transfer data to unsafe third countries. Providers that export data to the USA are probably not legally possible at present (as of 29.09.2020).

List of cookies and storage elements


All cookies and storage elements set by the script are listed here. You can enter additional elements manually, as the automatic scan cannot always find all data. For example, the scanner cannot find any data for a logged-in status. The database maintained manually by CCM19 does not necessarily have to be complete - always check the data carefully.


The name in the browser - e.g. _ga for a Google Analytics cookie or _pk_id.* for Matomo - the * is a placeholder.


This determines whether it is a dynamic variable - e.g. _pk_id.* blocks all cookies that begin with _pk_id, i.e. _pk_id.123 etc.

Memory type

How the data is stored in your browser.

Livetime / Expires

When does the storage entry expire automatically.


What value does the cookie transport - usually it is cryptic data that is stored here.


Google Consent Mode is a new functionality for websites that use Google Tag Manager to integrate Google services such as Google Ads, Floodlight or Google Analytics.

If you use Google Tag Manager, please select which consent types should be implied for Google with this integration.

You can find more information about Google's Google Consent Mode here: <https://support.google.com/analytics/answer/9976101?hl=de&gt

Exclude URLs


Do NOT play the integration on these pages, which means that the currently selected integration does not activate the integration in Tag Manager mode or does not enable it in block mode.

This can make sense under various circumstances.

Enter one URL per line. At the end you can use a * as a placeholder. Without a placeholder, the URL will be compared exactly! So please only enter complete and valid URLs.

Example: https://my.domain/embed* has the following effect

  • https://my.domain/embed
  • https://my.domain/embed-map
  • https://my.domain/embed/video?id=xyz

... and so on.


By clicking on the Save button, the data is transferred to the CCM19 administration of your site and is then directly available for the frontend widget.