Cookie warning in Chrome

Hi Intercom.

I started getting this warning in Chrome today:

A cookie associated with a cross-site resource at was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and

So how can we remove this warning - can I configure the SameSite attribute somewhere?

I am running Intercom in an SPA.

Thanks in advance,


Hey there,

It looks like Chrome made a recent change where this warning pops up everywhere. To clarify the warning is not isolated to Intercom. You should also be able to see it on various websites:

Our team will need to investigate this warning a bit more but at this time there shouldn’t be any functional issues. No action should needed on your side currently to address this specific instance of this warning message.

Hi @daniel.logue - thanks.

This was the response I was expecting from you - thanks :nerd_face: But please don’t forget this issue, even though it’s not causing problems right now. It’s frustrating to look at in the console as a developer :sunglasses:

Just wanted to update, with a link to the Chrome documentation of SameSite updates.

So the changes to the protocol are scheduled to go live with Chrome 80 in Feb 2020

Just wanted to flag this as an issue that is still prevalent and needs to be corrected ASAP. Beyond just being a nuisance for development it’s obviously got the potential to cause some major issues in a little over 2 months.

Hey @Kent_Safranski :wave:

Just a heads up that we ended up pushing a fix for this a few weeks ago. Any new cookies that are created shouldn’t have this problem. If you open up your site in an Incognito window or clear your current cookies then you shouldn’t run into this warning.

:+1: thanks for the quick reply, seems good in incognito.

@adam.lamar Its easy to clear cookies on developers’ computers, but what about our customers out there in the wild? will cookies expire sometime soon for them automatically? or do we need to take some action in our code for that to happen?

NB. it also seems fine in incognito for me. but clearing cookies in non-incognito mode does not help. any ideas why?

@Kent_Safranski can you plz check if clearing cookies works for you?

@Dmytro_Gokun ran a test before my original reply and clearing the cookies for my browser worked for me.

Visitor/Lead cookies have an expiration date of 9 months:

Calling our JavaScript shutdown method should cause the cookies to expire:


Not 100% sure what the impact will be if someone has the old cookie come February but for the timeline Chrome gave everyone for this I’d image they’re not expecting everyone to immediately delete their old cookies.

Just going to and I’m seeing cookies that still have the SameSite warning and are set to expire in 2021.

1 Like

@adam.lamar I’ve tried clearing cached pages as well as cookies and that helped. Looks like some intercom script was cached and produced old-style cookies, hence the warning. In incognito mode cache is disabled and that’s why there was no problem there.

Anyways, i think Intercom needs to test all this scenarios carefully. Otherwise, many users are under the risk of having Intercom broken when February arrives and Chrome does not play well.

1 Like

@adam.lamar Okay. So, it’s helped initially. But now the warning is back. Looks like Intercom’s JS script is cached on a CDN or something like that. And most likely that old script produces ‘bad’ cookie.

Here’s what i see (while cache is disabled in my browser):

  1. Initial request to https ://{AppId} returns 302 with:

age: 218
content-length: 0
date: Tue, 03 Dec 2019 08:54:15 GMT
location: https ://
server: AmazonS3
status: 302
via: 1.1 (CloudFront)
x-amz-cf-id: uufT2-4bWEdtaRHirmWDq7x3IwYKJlrdIzZ-QIvn3V93vE7ZaVq3QQ==
x-amz-cf-pop: BRU50-C1
x-cache: Hit from cloudfront

  1. The following request to https :// returns 200 with:

accept-ranges: bytes
age: 125
cache-control: max-age=300, s-maxage=300, public
content-encoding: gzip
content-length: 2781
content-type: application/javascript; charset=UTF-8
date: Fri, 06 Dec 2019 08:06:57 GMT
etag: “580c6fd92486423262ccc4eeddd6cff0”
last-modified: Thu, 05 Dec 2019 01:26:32 GMT
server: AmazonS3
status: 200
via: 1.1 (CloudFront)
x-amz-cf-id: ze0DTSdYdT3LkQyZ_FVQsSbLGd4YsMtgnGOFXLhVXJ0FT-qNW-MQxQ==
x-amz-cf-pop: WAW50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

  1. Requests to https :// and https ://

  2. Cookie warning appears in the console.

So, something is clearly wrong here and Intercom component still produces ‘bad’ cookies even after the browser’s cache have been busted and disabled altogether. Please investigate.

We’re still seeing this issue too.

Confirmed via chrome://flags/#same-site-by-default-cookies that Intercom breaks with the future defaults.

Please help!

We encounter the same problem. Removing cookies did not do the job.

Hey guys - thanks for starting this thread! I likewise am frustrated by the ‘SameSite’ warning clogging up the console and have not reached a permanent solution by clearing cache / cookies. Will keep checking!

Hey everyone :wave:

Just wanted to add another note here. It looks like if you personally go to:

Then you’ll still receive this warning if you then go to a different site that has the Messenger installed on it. This is because these sites of ours still set a number of cookies on and without a SameSite attribute, e.g. “gtm-id”.

So if you open up an incognito window and go to your site then you shouldn’t see the warning but if you visit our site then yours it will appear. Our teams are still working on fixing the SameSite warnings on our own properties.

We’ll provide an update here once that should be fixed :+1:

Are there any updates towards this soon-coming change? Anything to be updated on our behalf?

Note: I use the shutdown method, and it shuts down Intercom, and deletes my intercom-session cookie. I then reload my page, and the cookie is re-created with the same attributes: SameSite=Lax and Secure=False. The expiration date for these is one week.

Next Tuesday, Feb/04/2020, Shopify’s going to require all cookies set within our app to abide by the same requirements, SameSite=None, and Secure=True.

We’re ready to go across our app, except for Intercom. Like the user above me, intercom-session-xxxxxxxxx still hasn’t been addressed.

We may need to consider removing Intercom until this has been resolved.

Please Intercom team, what is the status of this bug and what can be expected in terms of planning?

We have the same issues and tomorrow is the deadline.
Any news or we have to switch to some other service?
Please at least reply to us.

I am seeing this console alert even after having cookies cleared.
I tried with Chrome Canary v. 82 and I haven’t seen the alert.
Intercom folks, can we be confident that this won’t be an issue after the release of Chrome 80?