Skip to main content
Intercom Messenger Cookies

How we use cookies in the Messenger

Thibault Candebat avatar
Written by Thibault Candebat
Updated today

Cookies used by the Intercom messenger are "first-party" cookies assigned to the domain of your website. We take the privacy of your data seriously and these cookies cannot be read by Intercom on other sites, or by other sites using the Intercom messenger. All cookies are unique to your domain.

Here are the cookies used by the Intercom Messenger, their purpose, duration and a brief description:

Cookie name

Purpose

Default Duration

Description

intercom-id-[app_id]

Unique anonymous identifier

9 months

Anonymous visitor identifier cookie. As people visit your site they get this cookie.

intercom-session-[app_id]

Keeping track of sessions

1 week

Identifier for each unique browser session. This session cookie is refreshed on each successful logged-in ping, extending it one week from that moment.

The user can access their conversations and have data communicated on logged-out pages for 1 week, as long as the session isn’t intentionally terminated with Intercom('shutdown');, which usually happens on logout.

intercom-device-id-[app_id]

Unique device identifier

9 months

Identifier for each unique device that interacts with the Messenger. It is refreshed on each successful ping, extending it another 9 months.

We use this cookie to determine the unique devices interacting with the Intercom Messenger to prevent abuse.

For more information on how we use cookies for the Intercom website and our application, see our Cookie Policy.

FAQs

Can unidentified users be tracked across multiple top-level domains (e.g. www.example.com and www.example.co.uk?

No. We use first-party cookies, which are only readable within a single domain, and therefore we cannot create identities that are shared across domains. We do not track users across domains.

Why don’t you have the secure flag set on your cookies?

We cannot assume that customers use HTTPS and as such, we cannot enforce this on our cookies.

If your site only uses HTTPS you can get in touch with our support team and request us to enable the secure flag for your Messenger cookies.

Why don’t you set the HTTPOnly flag for your cookies?

Our cookies need to be accessed by the Intercom Javascript and therefore we cannot enable this flag.

How does this work with a cookie consent mechanism?

If you have a cookie consent banner on your site and would like to control Messenger cookies, you will need to implement the following script to place the Messenger behind your cookie banners.

  1. Use Case: When cookie consent is required, but has not yet been granted: Intercom will load but not boot. No cookies will be used. The user will not be able to see or interact with Messenger.

    window.intercomSettings = {

    app_id: ‘abc123’,

    disabled: true

    }

  2. Use Case: When consent is given, boot Intercom by running:

    window.Intercom(‘boot’, { disabled: false });

  3. Use Case: Consent is required, and has already been granted:

    Intercom will boot as normal

    window.intercomSettings = {

    app_id: ‘abc123’

    }


💡Tip

Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts


Did this answer your question?