Currently, when a user opts-out of tracking, the requests will be ignored by the Tracking API, but the requests are still sent anyway. For better privacy, we should try not to send the requests at all, after a user has opted out.

This was discussed in #12598 (comment):

Unfortunately because the opt-out cookie is third party, it is not really possible to read it in JS and therefore not send the tracking requests... I'm not sure how we could handle this problem.

There could be couple of things but didn't think too much about it...

• If the site that embeds the opt out iframe also embeds the JS tracker, then they could potentially communicate with each other eg using messages or by listening to URL changes on the iframe. This would not be supported in older browsers though and might depend on the security policy set for the website... https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
• We could also offer eventually users an upgrade to the opt-out iframe and rather give them some HTML to copy/paste to not having to use an iframe and it would let Matomo users allow the advantage that they wouldn't be opt out on all websites that Matomo hosts but only an individual website
• Also directly in piwik.php we should directly check for an opt out cookie and if present stop the request as early as possible to make sure this is respected to avoid problems like there were with QueuedTracking etc and to make sure no data is being processed.

There are also tools like https://github.com/contently/xdomain-cookies but they insert eg an iframe into the page to read cookies cross domain in which a request would be sent again which defeats the purpose...

Note:

it would let Matomo users allow the advantage that they wouldn't be opt out on all websites that Matomo hosts but only an individual website

it is also a big strength that we do opt-out across all websites on the Matomo instance at once, so would be great to keep this functionality.

refs #12600