Chat widget functionality_storage

Intercom — consent fix

Intercom live chat widget loads on page visit and sets tracking cookies (intercom-id, 9 months) before consent. Intercom also sends visitor data (page visits, user-agent) to Intercom servers.

Domains

  • intercom.io
  • widget.intercom.io
  • js.intercomcdn.com
  • api-iam.intercom.io

Cookies

  • intercom-id-*
  • intercom-session-*
  • intercom-device-id-*

Intercom's live chat widget loads on every page visit and immediately sets intercom-id-* cookies that remain valid for up to 9 months. It also automatically sends visitor data (such as visited pages and browser details) to Intercom's servers. Although live chat is often seen as a 'functional' addition, the long lifespan of the cookies and the tracking functionality mean that under strict GDPR interpretations, you need explicit consent before you can load Intercom.

Why Intercom loads too early

Intercom is often pasted directly as JavaScript code into the source code (<head> or right before the </body>) of a website. This script does not check on its own whether consent has already been given via your cookie banner. As a result, the widget always starts immediately upon page load.

The Fix: Only load Intercom after consent

To make Intercom GDPR-compliant, we need to move the script to Google Tag Manager (GTM) and only activate it when the visitor has agreed to functional cookies (functionality_storage).

1. Move the code to GTM

Is the code hardcoded on your website? Then remove it from the source code first. If you leave the code there, it is nearly impossible to reliably block it from loading.

2. Create a Custom HTML Tag

  1. Go to your GTM workspace and click New to add a tag.
  2. Name the tag, for example, "Intercom Chat Widget".
  3. Choose the tag type Custom HTML.
  4. Paste your full Intercom script into the empty field.

3. Set the correct consent

Tell GTM that this tag must wait for consent.

  1. Below your pasted code, expand the Advanced Settings.
  2. Scroll to Consent Settings.
  3. Select Require additional consent for tag to fire.
  4. Enter: functionality_storage (or the specific category your CMP uses for this).

4. Add the correct Trigger

  1. Scroll down to the Triggering section.
  2. Add a trigger that listens for the moment the page is loaded AND consent is present (for example, a Custom Event trigger from your CMP).

Optional advanced method (Consent API): Intercom also supports an API command Intercom('shutdown') to hide the chat, but this does not prevent the initial loading of the script. Managing the script in GTM is the safest method.

How to Verify the Fix

Use your browser's Network tab to see if Intercom actually stops.

  1. Open your website in an incognito window.
  2. Ignore the cookie banner (do not click anything).
  3. Open Developer Tools (F12) and navigate to the Network tab.
  4. Search for intercom. There must be no calls to widget.intercom.io or api-iam.intercom.io visible.

Not sure if the fix worked, or want to verify that no other scripts are leaking data? Run a free scan with ConsentChecker.eu for instant confirmation.

Sources

No CMP yet?

A Cookie Management Platform (CMP) handles consent automatically for Intercom and other trackers — including the correct GTM integration.

Cookiebot → CookieYes → CookieFirst → Complianz → Borlabs Cookie → Enzuzo → ConsentOS →

Check your own site

Scan your website for free to see if Intercom (or other trackers) loads before consent.

Start free scan →