follow-up to #12540
With ePrivacy and co. many people will start asking questions about how cookies work in Matomo and it will be easier if Matomo only sets the tracking cookies on tracked websites and not also MATOMO_SESSID when the Opt-Out iFrame is loaded.
This is needed for the nonce CSRF protection @Findus23 unless I misunderstood?
That would make sense (I didn't see this mentioned in the original issue)
Added this to the cookies list faq: https://matomo.org/faq/general/faq_146/
Also when the opt-out feature is used, there is a cookie called
MATOMO_SESSIDbeing created, this cookie is only temporary (it is called a nonce and helps prevent CSRF security issues).