@sgiehl I've haven't implemented the requirement that if the tracker cannot be found then detect if the user is logged into the Matomo dashboard and show an error on the webpage and log an application error. I'm not seeing a straightforward way to do this without trying to read Matomo session cookies and add new API calls to log errors, which seems like an overkill. Any suggestions?

In case it's helpful for testing, this is the tracking page I used during development, it can load the tracker after a random delay (or not at all) and includes a URL string with all the parameters.

<html>
  <head>
    <meta charset="utf-8">
    <title>OptOutJS</title>

    <!-- Matomo -->
    <script>

    // Test variables
    let loadTracker = true;
    let maxRandomDelay = 10;
    let minRandomDelay = 5;
    // ---

    function loadMatomoTracker() {
      console.log('.. now loading Matomo tracker');
      var _paq = window._paq = window._paq || [];
      _paq.push(['trackPageView']);
      _paq.push(['enableLinkTracking']);
      (function() {
        var u="//matomo/";
        _paq.push(['setTrackerUrl', u+'matomo.php']);
        _paq.push(['setSiteId', '3']);
        var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
        g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
      })();
    }

    if (loadTracker === true)  {
      let randomInterval = (Math.floor((Math.floor(Math.random() * ((maxRandomDelay * 1000) - (minRandomDelay * 1000)) ) + (minRandomDelay * 1000)) / 1000) * 1000);
      setTimeout(function() { loadMatomoTracker() }, randomInterval);
      console.log('delaying Matomo tracker load for '+randomInterval / 1000+' seconds...');
    } else {
      console.log('tracker loading disabled');
    }
    </script>
    <!-- End Matomo Code -->

  </head>
  <body>
  OptOutJS
  <br><br>

  <div id="matomo-opt-out" style="text-align:center;width:350px;padding:10px">...opt-out loading...</div>
  <script src="https://matomo//index.php?module=CoreAdminHome&action=optOutJS&useCookiesTimeout=10&div=m-opt-out&language=auto&backgroundColor=BBBBFF&fontColor=444444&fontSize=16px&fontFamily=TimesNewRoman&showIntro=1&useCookiesIfNoTracker=1"></script>

  </body>
</html>

I've haven't implemented the requirement that if the tracker cannot be found then detect if the user is logged into the Matomo dashboard and show an error on the webpage and log an application error. I'm not seeing a straightforward way to do this without trying to read Matomo session cookies and add new API calls to log errors, which seems like an overkill. Any suggestions?

I guess I would have tried to solve that using the opt out code. The page, that includes the optout, fetches some javascript from Matomo, so in case the user is logged in you could simply add some more javascript code, that if matomo.js can't be loaded displays a warning and/or sends back a request to matomo, to log an error. But that for sure would only work if the javascript returned for the optout wasn't cached.
Maybe @tsteur has a better idea.

The page, that includes the optout, fetches some javascript from Matomo, so in case the user is logged in you could simply add some more javascript code, that if matomo.js can't be loaded displays a warning and/or sends back a request to matomo, to log an error.

That was my plan, but the optOutJS request in many cases is likely to be cross-site and therefore doesn't pass any Matomo session cookies (which are Same-site:Lax and httpOnly by default), so when processing the optOutJS request Matomo doesn't know about the current session and is unaware that the user is logged in. For the similar reasons there's not going to be a secure way for the optOutJS code running on domain a to access the Matomo session for domain b at runtime either.

Without access to the Matomo API I suppose we could still use the tracking API to force some sort of tracking failure log (eg. GET https://matomo/matomo.php?idsite=9999998&rec=1), but I'm not sure that we'd want to create failure logs for every visitor who can't load the tracker JS.

Thanks for the feedback @tsteur and @sgiehl

I've made the following changes:

• Added a checkbox to toggle custom styling
• Made the 'Remember to test...' box more visible (bootstrap blue background)
• Added a separate header for the developer guide for custom opt-out section: 'Build your own'
• Updated the change log to explain the new options and that the iframe call will still work
• Added a 'What's new?' entry

The code should now be ready for further review.

To document the various ways the opt-out can work, would it be better to add another section to this guide: https://developer.matomo.org/guides/tracking-javascript-guide#optional-creating-a-custom-opt-out-form or maybe the custom opt-out form guide and the new information about how the opt-out can work should be moved to a separate developer docs section?

I can create draft updates of both these FAQs too:
https://matomo.org/faq/general/faq_20000/
https://matomo.org/faq/general/configure-privacy-settings-in-matomo/
Not sure if there is any other documentation to update?

Great to see our first what's new entry 🎉 That's awesome.

Had another quick look. I believe the information box uses a custom color that we maybe usually don't use in that combination?

Using class system notification notification-info + white color should do the trick.

I haven't tested the opt out otherwise. It be great to only merge though once we've created all the documentation (especially all the different flows and what we expect to happen in which cases), and possibly a small blog post? Not sure what's there already. Just wanting to make sure we won't forget it.