safari 3rd party cookies

Apple Pencil
Apple Watch
All Smart TVs

You Need It for a Web App. Some web-based apps require third-party cookies to work properly. You can change your Safari settings to always allow third-party cookies so you can access the apps you need anytime.
You Want Targeted Ads. Allowing third-party cookies on Safari or any other web browser will help generate ads targeted to you. This is especially helpful if you’re looking for a specific product, say, new clothes.

Here are the steps to allow 3rd-party cookies on Safari. iOS (iPad and iPhone) settings are the same because they share the same operating system.

Allow 3rd-party Cookies on Mac

Step1. Launch the Safari browser by clicking its icon (it looks like a blue compass).

Click in Preferences to access General Settings of Safari.

Step 3. Click the “Privacy” tab.

Select Privacy Tab in Preferences Settings

Step 4. Navigate to “Cookies and Website Data” and un-tick the option “Block all cookies” .

Deselect Block all cookies to enable third-party cookies on Safari

This will enable 3rd party cookies on Mac’s Safari.

Allow 3rd-Party Cookies on iPhone or iPad

Step 1. Go to “Settings” .

Step 2. Scroll down to “Safari” and click on it.

Click on Safari to enter the App Settings

Step 3. Turn off “Prevent Cross-Site Tracking” under “Privacy and Security”. Also, turn off “Block All Cookies” (Turning off makes the green bar go white.)

Turn off the settings to enable third-party cookies on Safari

Do you know you can also use Safari to do reverse image search on Mac ?

Here are the steps to allow third-party cookies on Firefox on Mac:

Step 1. Open Firefox & click the three lines in the upper right corner.
Step 2. Click “Preferences > Privacy & Security > Custom” .
Step 3. Either allow all cookies or allow third-party cookies with exceptions.

To enable all cookies, uncheck the box labeled “Cookies”. To allow third-party cookies but block those from sites you haven’t visited, keep “Cookies” checked and choose “Cookies from unvisited websites” from the menu.

Allow Third-Party Cookies on Chrome

These are the steps to allow third-party cookies on Chrome on Mac:

Step 1. Open Google Chrome & click the three dots button on the upper right corner.
Step 2. Click “Settings > Privacy and Security > Third-party cookies” .
Step 3. Tick “Allow third-party cookies” and close the settings tab.

Change Privacy preferences in Safari on Mac
Manage Cookies and Website Data in Safari on Mac
9+ Best Web Browsers for Mac
Best Web Browsers for Apple TV
Change Default Browser in Windows 11
Best Database Software For Mac

Kimanthi Sammy

Kimanthi Sammy is a tech enthusiast and writer passionate about web development, design, video games, software, and tech in general. She combines creativity with technical prowess to produce captivating and informative content.

Don’t Miss…

Legal Notice
Terms & Conditions
Privacy Policy

A project by Alvaro Trigo

Apple updates Safari’s anti-tracking tech with full third-party cookie blocking

Beating google by two years to the privacy feature.

By Nick Statt , is a Senior Producer on Decoder. Previously, he wrote about technology and gaming for Naavik, Protocol, and The Verge.

Share this story

Illustration of a glowing apple on a blue, dotted background

Apple on Tuesday released a major update to its Safari Intelligent Tracking Prevention (ITP), the privacy feature that allows the company’s web browser to block cookies and prevent advertisers from snooping on your web habits. According to Apple’s John Wilander, the WebKit engineer behind the feature, Safari now blocks all third-party cookies . That means that, by default, no advertiser or website is able to follow you around the internet using the commonplace tracking technology.

It’s a significant milestone for web privacy, and it puts Apple’s browser officially two whole years ahead of Chrome, after Google said in January that it would start phasing out third-party cookies but not fully until some time in 2022.

“Cookies for cross-site resources are now blocked by default across the board. This is a significant improvement for privacy since it removes any sense of exceptions or ‘a little bit of cross-site tracking is allowed,’” Wilander notes in the announcement post on the blog for WebKit, which is Apple’s in-house browser engine that powers many of its features under the hood.

Wilander notes that users might not notice a big change because ITP has been doing this more or less already. “It might seem like a bigger change than it is. But we’ve added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari.”

How to use Safari’s tools to protect your privacy while browsing
How your browser protects your privacy
Advertisers are furious with Apple for new tracking restrictions in Safari 11

Apple first launched ITP within Safari nearly three years ago, where it immediately set a new bar for web privacy standards on both desktop and mobile by blocking some, but not all, cookies by default. Alongside the substantial privacy work of Mozilla’s Firefox, which also blocks third-party cookies by default as of last summer , Apple has been pioneering a machine learning approach to web tracking prevention that has made Safari one of the most widely used and secure web tools available.

In addition to blocking third-party cookies across the board and by default, Wilander says ITP now has safeguards against trackers using the very nature of tracking prevention as a way to keep tabs on users . He adds that the new feature set also ensures that websites and trackers can’t use login IDs to digitally fingerprint users who might otherwise be using tracking prevention or other privacy tools.

Wilander thanks Google for helping Apple improve ITP

“Full third-party cookie blocking makes sure there’s no ITP state that can be detected through cookie blocking behavior. We’d like to again thank Google for initiating this analysis through their report,” he writes, referencing Google’s research published earlier this year on ITP that revealed the possibility of using some elements of it as a fingerprint. (Apple had to disable the Do Not Track feature in Safari in 2019 for similar reasons.)

Wilander goes on to detail some other, more technical elements of the ITP update. But in general, he says Safari is again setting a new bar for web privacy that he and Apple hope other companies will follow.

“Safari continues to pave the way for privacy on the web, this time as the first mainstream browser to fully block third-party cookies by default. As far as we know, only the Tor Browser has featured full third-party cookie blocking by default before Safari, but Brave just has a few exceptions left in its blocking so in practice they are in the same good place. We know Chrome wants this behavior too and they announced that they’ll be shipping it by 2022,” he writes. “We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.”

Don’t ever hand your phone to the cops

Marques brownlee says ‘i hear you’ after fans criticize his new wallpaper app, meta’s big tease, i played the ps5 pro, and it’s clearly better, openai cto mira murati is leaving.

More from Policy

A graphic illustration representing the European Union flag.

The EU’s tough new moderation rules are about to cover a lot more of the internet

Apple unbanned Epic so it can make an iOS games store in the EU

An illustration depicting a feature-less face against a pink, white, and blue background.

New bill would let defendants inspect algorithms used against them in court

Accountable Tech And Design It For Us Lead A Rally To Protect Kids And Teens Online

Kids Online Safety Act gains enough supporters to pass the Senate

Skip to main content
Skip to search
Sign up for free

Saying goodbye to third-party cookies in 2024

The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024 — starting with 1% of users from Q1 2024 to facilitate testing and ramping up from there.

This article explains the issues behind third-party cookies, what has been done already to mitigate those issues, Chrome's plans to disable them starting in Q1 2024, and how this all affects web developers and the users of their products.

The problem with cookies

Cookies have been around for a very long time on the web. In a nutshell, the idea is that a site can set a cookie on a user's browser via the Set-Cookie response header once a resource has been requested. This cookie can contain whatever data strings the site owners wish, and is generally used to provide state to websites.

For example, a cookie allows websites to retrieve information such as whether the user previously logged in, what they added to their shopping cart, their theme preferences and other personalization settings, saved game state, etc.

Note: Cookies used to be the primary method of storing client-side site data, although now more useful technologies exist for that purpose such as Web Storage and IndexedDB .

The above use cases can all be achieved with cookies set for documents existing on the same domain as the URL loaded in the browser. These are referred to as first party cookies .

Problems can arise when cookies are set for components that exist on different domains than the embedding document, such as images, or other documents embedded via <iframe> s. These cross-site cookies are commonly referred to as third-party cookies —but the behavior and potential issues are the same whether you own all the involved sites or not.

Third-party components can store information in their cookies from any and all documents they are embedded in. The originating third-party domain can then get access to all those third-party cookies, aggregating information from each one. This may sound harmless at first, and there are many legitimate uses of third-party cookies — for example a company might want to share user login state and profile information across multiple sites that it owns that are on different domains, or record analytics across its different properties to investigate user journeys and build more usable experiences. An ad tech company might want to infer user interests from the sites they visit to serve them more relevant ads.

However, in the worst cases, third-party cookies are used to track users around the web, building up a detailed profile of them that could include not only interests but also deeply personal information such as gender, sexuality, religion, political affiliation, etc. This information can be used to build creepy, invasive online experiences and is also sold to other third parties. In such cases, they are referred to as tracking cookies .

Legislation such as the General Data Privacy Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) have helped by making it a legal requirement for companies to be transparent about the cookies they set and the information they collect, for example by asking customers to opt in to such data collection, allowing them to see what data a company hold on them, and allowing them to delete it if they wish. However, it is still not always crystal clear to customers how their data is being used.

How browsers have responded to this

Browser vendors such as Mozilla and Apple provide general defaults that block third-party cookies, while also including exceptions and heuristics in their source code to work around long-standing third-party cookie issues with popular websites.

For example:

Mozilla's Anti-tracking policy has led to Firefox blocking third-party cookies from known trackers by default (see Firefox tracking protection and Enhanced tracking protection ). Firefox also gives third-party cookies a separate cookie jar per site, so they can't be used to track users across sites (see Total Cookie Protection ).
Apple also has a similar Tracking prevention policy ; following this has led to a similar set of third-party cookie protections that are enabled by default; see Intelligent Tracking Prevention (ITP) for details.
The Brave browser also blocks tracking cookies by default.

It is possible to allow usage of third-party cookies on a case-by-case basis in Firefox via browser settings. In Safari however, control is more limited — you can turn off cross-site tracking prevention, but allowing access to third-party cookies per frame can only be done at the code level, via the Storage Access API .

Google's long(er) game

This brings us on to Google who, from a cursory glance, seem to be slower off the mark than other browsers with regards to third-party cookie protection. At time of writing, third-party cookies are blocked only when in Incognito mode by default, although users can set Chrome to block third-party cookies all the time if they wish.

Note: Microsoft Edge also currently does not block third-party cookies by default.

Google's seemingly-slow response is a result of its vested interest in the business uses of third-party cookies, which includes advertising by a wide range of different organizations, including Google, as well as third-party authentication services and many other uses besides. Chrome also has a large share of the browser market which amplifies concern about the potential of breaking critical journeys for their user base, for example logging into government services or buying groceries.

Rather than quickly going for a blanket disabling option, Google has opted for a more nuanced solution — phasing out third-party cookies more slowly while developing new technologies to ensure that valid use cases have a privacy-focused way forward after third-party cookies are disabled by default, rather than potentially motivating sites to move to more covert forms of tracking or moving content behind sign-ins and paywalls.

These new web platform features are collected under the blanket of the Privacy Sandbox project, and have already undergone much development and testing. Some now enjoy cross-browser support, for example the Storage Access API , paving the way towards better cross-browser consistency in handling cross-site cookies.

These features have now reached the point where Google feels that they are mature enough to support their intended use cases, allowing Google to proceed to the step of starting to disable third-party cookies.

Chrome will disable third-party cookies for 1% of users from Q1 2024 to facilitate testing, gradually ramping up to 100% of users from Q3 2024. Reaching the 100% figure depends on Google addressing any remaining competition concerns from the UK's Competition and Markets Authority (CMA).

How this affects web developers

As a result of this change, web developers may well experience higher volumes of users having broken experiences on their web properties, especially if they directly set third-party cookies, or use third-party services that set third-party cookies.

To work around such issues, you are advised to:

Audit your third-party cookie usage. Third party cookies have a SameSite=None value set; you should therefore be able to identify them by searching for this setting in your browser DevTools, for example in the Firefox Storage Inspector or the Chrome Application panel .
You should validate if your SameSite=None cookies are really still needed. It's possible that they could have been marked as such to provide a quick fix in the past.
Initially at least, you could make your code more resilient so that it provides a less personalized experience when third party cookie data is not available rather than breaking altogether. Follow the principles of graceful degradation .
You could choose to gather such data via alternative means, such as user surveys or quizzes, or looking at data you already have such as product order histories to infer trends.
If you've already implemented a solution using the Storage Access API for Firefox or Safari then this is a good time to check your implementation against Chrome's behavior, which was updated to provide full support in version 119.
Related Website Sets can be considered a progressive enhancement of the Storage Access API: The API can be used in just the same way, but sites in the set will not prompt users for permission to access third party cookies.
If your third-party cookies are being used on a 1:1 basis with the top-level sites they are generated on, you could use Cookies Having Independent Partitioned State (CHIPS) , or partitioned cookies, to opt your cookies into partitioned storage with a separate cookie jar per top-level site. This only requires adding the partitioned attribute to your existing cross-site cookies. They can then be used in an unrestricted fashion, but they can't be shared with other sites. Note that CHIPS is currently Chromium-only.
Federated Credential Management (FedCM) API : Enables federated identity services allowing users to sign in to sites and services.
Private State Tokens : Enables anti-fraud and anti-spam by exchanging limited, non-identifying information across sites.
Topics API : Enables interest-based advertising and content personalization.
Protected Audience API : Enables remarketing and custom audiences.
Attribution Reporting API : Enables measurement of ad impressions and conversions.

Getting rid of third-party cookies from the web has been a long time coming, and the story is not yet finished. However, Chrome's announcement is a big step towards making it happen. You can help — use the resources above to check whether your sites and apps could migrate away from using third-party cookies using the features available today. Spread the word on this to encourage others to do the same. And give browser vendors feedback on what's still missing.

Note: The developer.chrome.com article Preparing for the end of third-party cookies has more information about testing from a Chrome point of view, and how to use privacy sandbox technologies to work around your issues.

Previous Post Baseline's evolution on MDN

Next post build ai-powered applications using openllm and vultr cloud gpu, stay informed with mdn.

Get the MDN newsletter and never miss an update on the latest web development trends, tips, and best practices.

PRO Courses Guides New Tech Help Pro Expert Videos About wikiHow Pro Upgrade Sign In
EDIT Edit this Article
EXPLORE Tech Help Pro About Us Random Article Quizzes Request a New Article Community Dashboard This Or That Game Happiness Hub Popular Categories Arts and Entertainment Artwork Books Movies Computers and Electronics Computers Phone Skills Technology Hacks Health Men's Health Mental Health Women's Health Relationships Dating Love Relationship Issues Hobbies and Crafts Crafts Drawing Games Education & Communication Communication Skills Personal Development Studying Personal Care and Style Fashion Hair Care Personal Hygiene Youth Personal Care School Stuff Dating All Categories Arts and Entertainment Finance and Business Home and Garden Relationship Quizzes Cars & Other Vehicles Food and Entertaining Personal Care and Style Sports and Fitness Computers and Electronics Health Pets and Animals Travel Education & Communication Hobbies and Crafts Philosophy and Religion Work World Family Life Holidays and Traditions Relationships Youth
Browse Articles
Learn Something New
Quizzes Hot
Happiness Hub
This Or That Game
Train Your Brain
Explore More
Support wikiHow
About wikiHow
Log in / Sign up
Computers and Electronics
Internet Browsers
Safari Browser

How to Enable Cookies on an iPhone, iPad, or Mac Browser

Last Updated: July 4, 2024 Tested

Enabling Cookies on a Mac

Enabling cookies on iphone and ipad, troubleshooting.

This article was reviewed by Luigi Oppido and by wikiHow staff writer, Nicole Levine, MFA . Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years. The wikiHow Tech Team also followed the article's instructions and verified that they work. This article has been viewed 588,642 times.

Cookies are enabled by default in Safari on your Mac, iPhone, and iPad. If the features of a certain website aren't working properly or you're getting errors about cookies, you may have disabled cookies in your settings. This wikiHow article will teach you how to allow cookies in Safari, and show you what to do if cookies aren't working properly.

Enabling Cookies in Safari on Mac or iPhone

Open the Safari app on your Mac device.
Choose Safari → Preferences… → “Advanced.”
Uncheck “Block All Cookies.”

In most cases, you'll probably want to leave a checkmark in front of this option to preserve your privacy. However, if websites aren't loading properly or you can't use the features of certain sites, you may need to enable this option.

In most cases, you'll probably want to leave this switch on, as this protects your privacy. However, if websites aren't loading properly or you're unable to use features of certain sites, you can enable this option and see if it resolves the problem.

Mac: Click the Safari menu, select Preferences , click Privacy , and then remove the checkmark from "Prevent cross-site tracking."
iPhone/iPad: Open your Settings , tap Safari , and then toggle the "Prevent Cross-Site Tracking" switch to the Off (white) position.

First, check to make sure private browsing is not always set to turn on—click the Safari menu, select Preferences , click General , and click the "New windows open with" menu. [6] X Research source If "A new private window" is selected, choose A new window instead.
Then, to open a new window, just close the currently open Safari window, click the File menu, and then select New Window .
iPhone/iPad: Open Safari and tap the overlapping squares at the bottom. [7] X Research source Tap Private at the bottom (if you see it), select (number of) Tabs , and then tap Done .

Mac: Click the Safari menu, click Preferences , click Privacy , click Manage Website Data , and then click Remove All .
iPhone/iPad: Open Settings , tap Safari , tap Advanced , select Website Data , and then tap Remove All Website Data . [8] X Research source

Community Q&A

Enabling cookies can often allow you to view and have access to a larger number of websites that require cookies in order to function or display properly. Thanks Helpful 0 Not Helpful 0
Despite their poor reputation, cookies aren't inherently malicious. Thanks Helpful 0 Not Helpful 0

Delete Cookies Using the Safari Web Browser

↑ https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
↑ https://support.apple.com/en-us/105082
↑ https://support.ewu.edu/support/solutions/articles/10000057364-how-do-i-disable-prevent-cross-site-tracking-in-safari-
↑ https://support.apple.com/guide/safari/use-private-browsing-ibrw1069/mac
↑ https://support.apple.com/en-us/HT203036

About This Article

1. Open Safari. 2. Click the Safari menu 3. Click Preferences... . 4. Click the Privacy tab. 5. Remove the checkmark from "Block all cookies." Did this summary help you? Yes No

Send fan mail to authors

Is this article up to date?

Featured Articles

Watch Articles

Terms of Use
Privacy Policy
Do Not Sell or Share My Info
Not Selling Info

wikiHow Tech Help Pro:

Level up your tech skills and stay ahead of the curve

How to allow 3rd party cookies on safari?

Allowing 3rd Party Cookies on Safari: A Step-by-Step Guide

How to allow 3rd party cookies on Safari?

By default, Safari browser sets 3rd party cookies to "Block" under its default settings. To allow 3rd party cookies on Safari, follow these simple steps:

Open Safari : Go to the Safari browser and click on the Safari icon in the top left corner of the screen.
Click on Preferences : Click on the "Preferences" button in the toolbar.
Select ‘ Privacy ‘: In the General panel, click on the Privacy** tab.
Select ‘Manage Website Data’: Under "Cookies and website data from websites I visit", select Manage Website Data…
Choose 3rd Party Cookies Options: In the "Block cookies" section, move the slider to Allow , and then select Block only third-party cookies , or Allow all cookies depending on your preferences.

Why Allow 3rd Party Cookies on Safari?

Reasons to Allow 3rd Party Cookies:

Enhanced Personalization : Allowing 3rd party cookies helps websites to personalize your browsing experience, such as storing your login credentials or adjusting your preferences.
Improved Analytics : 3rd party cookies help web analytics tools to track and analyze your behavior on multiple websites, providing valuable insights for website owners.
Better Advertising : Cookies help advertisers to deliver targeted ads, making your online experience more relevant and helpful.

How 3rd Party Cookies Work?

How 3rd Party Cookies are set by Websites:

First-Party Cookies: Websites set first-party cookies to store user data such as login credentials, preference settings, and session details.
Third-Party Cookies: Ad networks, social media platforms, and other third-party service providers set cookies to track user behavior, collect user data, and deliver targeted ads.

Types of 3rd Party Cookies

Session Cookies : These cookies are deleted when you close your browser window.
Persistent Cookies : These cookies remain stored on your device until their expiration date or until they are manually deleted.

How to Manage 3rd Party Cookies on Safari

Managing 3rd Party Cookies: Once allowed, you can manage 3rd party cookies on Safari by:

Delete Cookies: Go to Preferences > Privacy > Manage Website Data and select Clear Website Data to remove all cookies.
Block Specific Cookies: Open the Safari browser and tap the Share button. Select Safari > Settings for This Website > Cookies and toggle on Block to restrict specific cookies.
View Cookie Details: Access the Cookie Details page by clicking on Manage Website Data in the Safari preferences and examining the list of cookies, including their expiration dates, domains, and types.

In this article, we have learned how to allow 3rd party cookies on Safari, the reasons to do so, and how cookies work. By understanding and managing 3rd party cookies, you can customize your browsing experience, help website owners improve their content, and enjoy more relevant online advertising.

Cookies Settings Table

Additional Tips:

Keep Cookie Settings Up-to-Date : Regularly review your cookie settings to ensure that you are allowing or blocking cookies as desired.
Use a VPN for Enhanced Security : Consider using a Virtual Private Network (VPN) to encrypt your internet traffic and enhance cookie security.
Contact Website Owners : If a website is not functioning correctly due to cookie restrictions, contact the website owner and ask them to consider providing alternative options.

By understanding and managing 3rd party cookies on Safari, you can take control of your online experience and maintain a balance between security, personalization, and customization.

Save money with car insurance and credit card tips!

Is total drama leaving Netflix 2024?
Can You search someone on Facebook by phone number?
Why is my website not showing up on Google search?
How to remove discover people on Instagram?
How to update WhatsApp for iphone?
How to make money off playing video games?
How did Japan plan to solve its economic problems?
Who has most twitch subs?

How To Allow Third-Party Cookies on Mac for Safari, Chrome and Firefox

It is common for most browsers to disable third-party cookies.
Remember that cookies often invade your privacy and are typically used to target specific advertising to the user.
Try to remember to disable these features again once you are finished.

Allow Third Party Cookies Mac April 2024 Featured

Typically it’s a great idea to avoid third-party cookies, but some may want to know how to allow them on a Mac anyway. While this sounds insane, there are a couple of good reasons for this. For example, I was recently helping my uncle plan a vacation, and enabling cookies gave us more specific advertising on deals we were looking for. Allowing certain things to be on your Mac can sometimes be a good thing, so continue reading to explore the options.

How to Allow Third-Party Cookies with Safari

When it comes to a Mac’s native browser, there are two settings that users should change.

Time needed: 1 minute

How to enable third-party cookies in Safari:

Allow Third Party Cookies Mac Safari Settings

In just a few simple clicks, Safari can accept all third-party cookies.

How to Allow Third-Party Cookies with Google Chrome

Of course, Safari isn’t for everybody, so let’s take a look at how to do the same thing within Google Chrome:

Allow Third Party Cookies Mac Three Dots Chrome

The nice thing about Google Chrome is that it allows that extra option for Incognito mode. This can be great for allowing cookies while browsing normally, yet still keeping things private when they need to be.

How to Allow Third-Party Cookies with Mozilla Firefox

Who can forget this one? Firefox is another staple within the world of alternative web browsers, as it should be. Like the other browsers before it, enabling the proper settings is as easy as a few clicks.

Allow Third Party Cookies Mac Three Lines Firefox

Select Privacy & Security .
Scroll a bit and select Custom .

Allow Third Party Cookies Mac Custom Privacy and Security

Additionally, it may be of interest to read about why Mozilla decided to block third-party cookies automatically .

What About Other Browsers?

By now, astute readers should begin noticing a theme. If a user needs to enable third-party cookies in other web browsers, it’s simply a matter of exploring the Settings menu within that browser. With luck, enabling third-party cookies will most likely be within a Privacy and/or Security section. It may take some exploring, but as long as users avoid shutting things off randomly, the settings shouldn’t be too hard to find.

You may also want to know how to clear the cache of the three of the most popular Mac browsers .

WIN an iPhone 16 Pro!

Apple updates Safari on iOS and Mac to block third-party cookies

Safari is getting better at protecting you on the web.

Safari is blocking third-party cookies.

Annoyed at how much data companies gather from your web browsing? Apple's giving Safari on iOS and MacOS an update to help.

Announced Tuesday by Apple WebKit engineer John Wilander in a blog post on the WebKit site, the move fully blocks third-party cookies, bringing the latest version of Safari in-line with other browsers like Tor. (WebKit is the browser engine that powers Safari.)

Google said in a blog post of its own earlier this year that it hopes to add similar functionality to Chrome "within two years."

Cookies allow for tracking behavior across websites, something that has been under increasing scrutiny in recent years as the internet community began taking stock of how much data was being collected online by these trackers, known as third-party cookies and often used by social networks and advertising companies. With this new update, the newest Safari will no longer allow those cookies to operate.

In tweets accompanying his blog post, Wilander says that Apple will report back its experience to privacy groups such as the Worldwide Web Consortium to "help other browsers take the leap."

This update takes several important steps to fight cross-site tracking and make it more safe to browse the web. First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap. — John Wilander (@johnwilander) March 24, 2020

The move is Apple's latest to fight against data trackers. Last year the company built a new browser technology called Privacy Preserving Ad Click Attribution. It was designed to let advertisers figure out when their ads successfully got you to buy something, but without tracking you across the internet and harvesting personal details to do so.

The company has taken other steps to try and limit the gathering of people's information, including creating Sign In with Apple , a way for people to sign in to apps and websites without having to necessarily divulge personal information such as their actual email address.

The new version of Safari is out now in iOS and iPadOS 13.4 and in Safari version 13.1 on MacOS.

CNET's Stephen Shankland contributed to this report.

Computing Guides

Best Laptop
Best Chromebook
Best Budget Laptop
Best Cheap Gaming Laptop
Best 2-in-1 Laptop
Best Windows Laptop
Best Macbook
Best Gaming Laptop
Best Macbook Deals
Best Desktop PC
Best Gaming PC
Best Monitor Under 200
Best Desktop Deals
Best Monitors
M2 Mac Mini Review
Best PC Speakers
Best Printer
Best External Hard Drive SSD
Best USB C Hub Docking Station
Best Keyboard
Best Webcams
Best Laptop Backpack
Best Camera to Buy
Best Vlogging Camera
Best Tripod
Best Waterproof Camera
Best Action Camera
Best Camera Bag and Backpack
Best E-Ink Tablets
Best iPad Deals
Best E-Reader
Best Tablet
Best Android Tablet
Best 3D Printer
Best Budget 3D Printer
Best 3D Printing Filament
Best 3D Printer Deals

WebKit Features in Safari 18.0

Sep 16, 2024

by Jen Simmons

New in Safari 18

Web apps for mac, spatial web, managed media source, web inspector, safari extensions, deprecations, bug fixes and more, updating to safari 18.0.

Safari 18.0 is here. Along with iOS 18, iPadOS 18, macOS Sequoia and visionOS 2, today is the day another 53 web platform features, as well as 25 deprecations and 209 resolved issues land in WebKit, the rendering engine driving Safari.

Distraction Control

Distraction Control lets you hide distracting items as you browse the web, such as sign-in banners, cookie preference popups, newsletter signup overlays, and more, in Safari for iOS 18, iPadOS 18 and macOS Sequoia.

We always recommend using semantic HTML when creating a website, including <video> , <main> , <article> and other elements that describe content. Doing so helps ensure both Safari Reader and Safari Viewer work best for the users of your website.

Safari windows on a Mac, with a video playing, big, in one window. The website is faintly visible behind the large video.

iPhone Mirroring and remote inspection

With iPhone Mirroring on macOS Sequoia, you can use your iPhone from your Mac. Combine it with remote inspection from Safari, and now it’s easier than ever to test and debug websites on iOS using Web Inspector .

Get set up for remote inspection by first ensuring you have Safari’s developer tools enabled on your Mac (if you can see the Develop menu in Safari, you’ve already done this step). Next, enable Web Inspector on your iPhone at Settings > Apps > Safari > Advanced > Web Inspector. Then, you’ll need to connect the device to your Mac using a cable to grant permission. Once plugged in, your device will appear in the Develop menu in Safari. Finally, to enable wireless debugging, go to Safari on macOS > Develop > [your device] > Connect via Network.

Now you can use Web Inspector to wirelessly debug websites running on iPhone anytime. And with iPhone Mirroring, you don’t even have to pull out your phone. Everything is on your Mac’s screen.

Learn more about remote inspection by reading Inspecting iOS and iPadOS , or by watching Rediscover Safari developer features from WWDC. Learn more about iPhone Mirroring 1 on apple.com .

Last year , we added support for web apps in macOS Sonoma. You can add any website to your dock — whether or not it was built with a Manifest file, Service Worker, or other technology to customize the web app experience. Go to the site in Safari, then File > Add to Dock… where you can customize the icon, change the name, and even adjust the URL. Then, just click on the web app icon in your Dock, and the website will open as a stand-alone app.

This year brings two improvements to web apps on Mac.

Opening links

macOS Sequoia adds support for opening links directly in web apps. Now, when a user clicks a link, if it matches the scope of a web app, that link will open in the web app instead of their default web browser. For example, imagine you have added MDN Web Docs to your Dock. Then a colleague sends you a link to an MDN page in Messages, Mail, Slack, Discord, IRC, or any non-browser application on your Mac. Now when you click on that link, it will open in the MDN Web Docs web app instead of your default browser.

Clicking a link within a browser will maintain the current behavior. This feature only affects links opened elsewhere. (When a user is in Safari, clicking on a link that matches the scope of a web app that is added to Dock, they will see an “Open in web app” banner, unless they have previously dismissed the banner.)

By default, this behavior applies when the link matches the host of the web page used to create the web app. As a developer, you can refine this experience by defining the range of URLs that should open in the web app with the scope member in the web app manifest .

Extension support

Now users can personalize web apps on Mac with Safari Web Extensions and Content Blockers. Navigate to the web app’s Settings menu to access all the installed Content Blockers and Web Extensions. Any enabled in Safari will be on by default in the web app. Each web app is uniquely customizable, just like Safari profiles.

View Transitions

WebKit added support for the View Transitions API in Safari 18. It provides an optimized browser API to animate elements from one state to another. Safari supports the CSS View Transitions Module Level 1 specification that adds new CSS properties and pseudo-elements for defining transition animations, along with a new browser API to start transition animations and react to different transition states. It works by capturing the current (old) state of the page and applying an animated transition to the new state. By default, the browser applies a cross-fade between the states.

Call the document.startViewTransition() method to initiate the capture. You can pass a callback function as the first argument to make DOM state changes between the old and new captures. The method returns a ViewTransition object which contains promises that can be used to track when the view transition starts or ends.

Once the states are captured, a pseudo-element tree is built which can be targeted with CSS, allowing you to modify the CSS animations used for the transitions. The animations out of the old page state and into the new page state can be modified via the ::view-transition-new(*) and ::view-transition-old(*) selectors. You can also ask the browser to independently track state changes for a specific element by naming it with the CSS view-transition-name property. You can then use the pseudo-elements to customize animations for it.

The :active-view-transition pseudo-class becomes active on the root element when a view transition is running.

The example below demonstrates state management with tabbed navigation. Each tab view has a custom transition animation out and a subtly different animation in, while the tabs themselves rely on the default page transition.

Style Queries

WebKit for Safari 18.0 adds support for Style Queries when testing CSS Custom Properties. Similar to how developers can use Sass mixins, Style Queries can be used to define a set of reusable styles that get applied as a group.

Here, if the --background custom property is set to black, then certain styles will be applied — in this case to make the headline and paragraph text color white.

Don’t forget to pay attention the HTML structure. By default, Style Queries reference the styles on the direct parent element. You can create a different reference through the use of Container Query names.

currentcolor and system color keywords in Relative Color Syntax

Support for Relative Color Syntax shipped in Safari 16.4 . It lets you define colors in a more dynamic fashion, creating a new color from an existing color. The value lch(from var(--color) calc(L / 2) C H) for instance uses the lch color space to take the variable --color and calculate a new color that’s half its lightness, calc(L / 2) .

Now in Safari 18.0, the first browser to ship support, you can reference the currentcolor or a system color keyword as you define the new color. For example, this code will set the background color to be the same color as the text color, only 4 times lighter, as calculated in the oklch color space.

Being able to reference system color keywords opens up another world of options. System colors are like variables that represent the default colors established by the OS, browser, or user — defaults that change depending on whether the system is set to light mode, dark mode, high contrast mode, etc. For example, canvas represents the current default background color of the HTML page, while fieldtext matches the color of text inside form fields. Find the full list of system colors in CSS Color level 4 .

Relative Color Syntax lets you define dynamic connections between colors in your CSS, lessening the need to control color through variables in a tightly-regimented design system. Learn more about Relative Color Syntax by watching this portion of What’s new in CSS from WWDC23.

Translucent accent colors

Partially transparent colors in accent-color are now blended on top of the Canvas system color to match the latest updates to the web standard. This means that any of the many ways to define colors using an alpha channel will now work as expected when used to define an accent color for a form control.

Animating display

WebKit for Safari 18.0 adds support for transition animation of the display property.

Many developers are excited to use @starting-style along with transition-behavior and display: none interpolation. WebKit for Safari 17.4 added general support for transition-behavior , including transition-behavior: allow-discrete . WebKit for Safari 17.5 added support for @starting-style , letting you define starting values for transitioning an element as it’s created (or re-created). Now in WebKit for Safari 18.0, you can use these features together to transition the display property.

Backdrop Filter

Originally shipped in Safari 9.0, backdrop filter provides a way to apply graphics effects to the content behind a particular element. You can apply backdrop-filter to a headline, for example, and everything behind the headline will be blurred, or have decreased saturation, or increased contrast. Any of the filter functions from SVG can be used — blur() , brightness() , contrast() , drop-shadow() , grayscale() , hue-rotate() , invert() , opacity() , saturate() , and sepia() .

For many years, backdrop filter only worked in Safari. It was available when you prefixed the property with -webkit-backdrop-filter . Now, starting in Safari 18.0, you don’t need the prefix. We also improved our implementation, fixing bugs and boosting interoperability.

This demo shows eight different filters and what you might do with each one alone. You can, of course, combine filters to create even more interesting results. With backdrop filter supported in Safari since 2015, Edge since 2018, Chrome since 2019, Samsung Internet since 2020, and Firefox since 2022, this is a great time to consider the kind of graphic design possibilities it enables.

Content visibility

WebKit for Safari 18.0 adds support for content-visibility . This property controls whether or not an element renders its contents in a fashion that’s useful for making performance optimizations. It lets you communicate to the browser that certain portions of the page will likely be initially offscreen, and suggest they be omitted from layout and rendering. This can make the page load faster.

WebKit for Safari 18.0 adds parsing support for the custom value for the prefers-contrast media query. (It does not return “true” on Apple platforms, since there is no forced-colors mode in iOS, iPadOS, macOS or visionOS.)

Safari 18.0 for visionOS 2 adds support for immersive-vr sessions with WebXR . Now you can create fully immersive experiences for people using Apple Vision Pro and deliver them through the web. WebXR scenes are displayed using hardware-accelerated graphics driven by WebGL .

A beautiful garden rendered in created graphics. There's a tree with bright red leaves. A blue sky full of puffy white clouds. Bright green grass, with a path leading by plants and garden sculpture. It's a world created in WebXR.

Safari for visionOS 2 supports the new WebXR transient-pointer input mode. It lets you make the most of natural input on visionOS, and allow your users to interact with a look and a pinch.

We are in a rendered 3d environment, in a garden. We look at a chess board, with a real human hand lifting a rendered chess piece to make the next move in the game. A floating panel has two buttons reading "Leave garden" and "Reset game".

If you want to animate a 3D model of the user’s hands, Safari for visionOS 2 also includes support for WebXR hand tracking . To ensure privacy, permission to allow hand tracking will be requested from users at the start of their WebXR session.

Learn all about WebXR on visionOS 2 by watching Build immersive web experiences with WebXR from WWDC. Learn more about transient-pointer input mode by reading Introducing natural input for WebXR in Apple Vision Pro . And learn all about how to use Safari’s developer tools on Mac to inspect and debug in Apple Vision Pro by reading Try out your website in the spatial web .

Spatial photos and panoramas

One of the amazing experiences you can have on Apple Vision Pro is looking at spatial photos and panoramas. The web is a great place to share these photos with others.

A family blows out candles on a birthday cake in a photo — that's floating in a frame in midair, in a living room. This is a still from the WWDC23 Keynote that introduced Apple Vision Pro. It's an example of how spatial photos work.

When you open the Photos app in visionOS, you see your library of photos. When you tap an image, it appears alone in a floating frame in front of you. Spatial photos appear at just the right height and viewing angle to make it feel like you’ve gone back to a moment in time. A second tap of the UI breaks a spatial photo out of its frame, becoming even more immersive. Similarly, a panorama floats in a frame on first tap. Then on second tap of the UI, it expands to wrap all around you, creating a fully immersive experience.

Now in Safari 18.0 for visionOS 2, you can use the JavaScript Fullscreen API to create a similar experience on the web. You can embed the photo in a web page, and provide the ability to tap. The photo will pop into a floating frame as the Safari window disappears. Then when the user taps on the spatial photo or panorama UI that visionOS provides, the photo will further expand to create a more immersive experience. When they exit the image, the Safari window will return.

Let’s walk through how to support experiencing a spatial photo or panorama on the web using Fullscreen API. First, include the image on your web page using any of the techniques used for years. Here, we can embed a flattened panoramic photo into the web page using simple HTML.

Then using JavaScript, we’ll trigger .requestFullscreen() on tap. Perhaps like this.

You could, of course, create your own UI for the user to tap, rather than making the entire photo the tap target.

Spatial images work just the same, although it’s likely we want to provide fallbacks for browsers that do not support HEIC files . We can do so with the picture element.

Spatial images are stereoscopic, with both a left and right channel. In Safari, when the image is embedded in the web page, the browser will show the left channel. And there’s no need to worry about providing a fallback of any sort for Safari on macOS, iOS, or iPadOS — the stereoscopic HEIC file works great.

This technique will also cause images to go fullscreen in any browser that supports Fullscreen API. Learn more about adding panorama and spatial photos to your websites by watching Optimize for the spatial web from WWDC.

Shaping interaction regions on visionOS

As a web developer, you’re very familiar with how link styling works on the web. For decades you’ve been able to use CSS to style text-decoration , color and more for :link , :hover , :active , and :visited states. You’ve also been able to adjust the size of the invisible tap target through use of padding.

Apple Vision Pro adds a new dimension to how links work — tap targets are visible on visionOS. Anytime a user looks at an interactive element, it’s highlighted to let them know that it can be tapped. And you as a designer or developer can intentionally design how an interaction region looks. You may want to add padding, for instance, or even a rounded corner to the otherwise invisible box.

Now in Safari in visionOS 2 , when you use CSS clip-path to change the shape of tappable area of a link, the visible interaction region will change shape as well. Interactive UI elements built with SVG and cursor: pointer will also be highlighted with the proper shape. Learn more by watching Optimize for the spatial web from WWDC.

Video on visionOS

Safari for visionOS 2 adds support for docking fullscreen videos into the current Environment . Anytime a user is watching a video fullscreen, they can tap the mountain symbol to enter an immersive experience. Turning the Digital Crown adjusts the immersion.

Writing Suggestions

At last year’s WWDC, Apple unveiled inline predictive text on iOS, iPadOS, macOS and more. It helps users input text faster by predicting what they might be typing and finishing the word, phrase or even a whole sentence when the user taps the space bar. Now, WebKit for Safari 18.0 on iOS, iPadOS, visionOS, macOS Sequoia and macOS Sonoma brings inline predictive text to the web.

While inline predictive text makes for a fantastic, personalized user experience, there might be specific situations on the web where it’s better to not have predictions. WebKit for Safari 18.0 on iOS, iPadOS, visionOS, macOS Sequoia and macOS Sonoma gives web developers the opportunity to disable inline predictions through the writingsuggestions attribute. By default, writing suggestions is set to true. You can turn off the capability by including the writingsuggestions="false" attribute on any type of text input field.

WebKit for Safari on iOS 18 adds haptic feedback for <input type=checkbox switch> . This means, now when a user taps a switch control on iPhone, a single tap is felt — just like how toggling a switch feels in Settings app on iOS. Try this demo to see what it’s like.

Date and time inputs

WebKit for Safari 18.0 on macOS improves accessibility support for date and time input field types. Now <input type="date"> , <input type="datetime-local"> , and <input type="time"> elements work properly with VoiceOver.

Usually elements have the labels they need, but sometimes there is no text label for a particular button or UI. In this situation, ARIA can be used to provide an accessible label. The aria-label attribute provides names of labels while aria-roledescription provides the description for the role of an element.

On very rare occasions, you may need to override aria-label or aria-roledescription to provide different names or descriptions specifically for braille. The aria-braillelabel and aria-brailleroledescription attributes provide such an ability. They exist to solve very specific needs, including educational contexts where the site needs to render the specific braille table dot pattern. If you do use braille-related ARIA attributes, be sure to test them using a braille reader. If in doubt, relying on the accessible name from content or aria-label / aria-roledescription is almost always the better user experience . WebKit has supported these ARIA attributes for years.

Now, WebKit for Safari 18.0 adds support for the ariaBrailleLabel and ariaBrailleRoleDescription element reflection properties. These make it possible to get and set the aria-braillelabel and aria-brailleroledescription ARIA attributes on DOM elements directly via JavaScript APIs, rather than by using setAttribute and getAttribute .

WebKit for Safari 18.0 adds support for Unicode 15.1.0 characters in RegExp. Unicode 15.1 added 627 characters, bringing the total of characters to 149,813. Now, these new characters can be used in regular expressions.

WebKit for Safari 18.0 also adds support for the v flag with RegExp.prototype[Symbol.matchAll] . providing more powerful ways to match Unicode characters, as specified in the ECMAScript 2024 standard.

For example, you can now specify to only match on Latin characters, while avoiding matching on Cyrillic script characters.

Or split a string matching on Emojis.

WebKit for Safari 18.0 adds support for URL.parse() , a way to parse URLs which returns null rather than an exception when parsing fails.

WebKit for Safari 18.0 expands Declarative Shadow tree support by adding the shadowRootDelegatesFocus and shadowRootClonable IDL attributes to the <template> element. It also adds the shadowRootSerializable attribute and shadowRootSerializable IDL attribute to the <template> element, enabling those using Declarative Shadow roots to opt into making them serializable. Serializing can be done through the new getHTML() method that has been added at the same time.

WebKit for Safari 18.0 adds support for PopStateEvent ’s hasUAVisualTransition , indicating whether the user agent has a visual transition in place for the fragment navigation.

WebKit for Safari 18.0 adds support for subresource integrity in imported module scripts, which gives cryptographic assurances about the integrity of contents of externally-hosted module scripts.

WebKit for Safari 18.0 adds support for the bytes() method to the Request, Response , Blob , and PushMessageData objects. This replaces the need for web developers to call arrayBuffer() , which can be difficult to use, and wraps the result in a Uint8Array . Calling bytes() is now the recommended way going forward when you need to access the underlying bytes of the data these objects represent.

WebKit for Safari 18.0 adds support for feature detecting text fragments by exposing document.fragmentDirective . Note that the returned object (a FragmentDirective ) doesn’t provide any functionality, but it’s helpful if you need to know if Fragment Directives are supported by the browser.

WebKit for Safari 18.0 adds support for the willReadFrequently context attribute for the getContext() method. It indicates whether or not a lot of read-back operations are planned. It forces the use of a software accelerated 2D or offscreen canvas, instead of hardware accelerated. This can improve performance when calling getImageData() frequently.

WebKit for Safari 18.0 extends 2D canvas support for currentcolor . It can now be used inside color-mix() or Relative Color Syntax. Here currentcolor will default to the computed color property value on the canvas element.

WebKit for Safari 18.0 adds Workers support for both Managed Media Source (MMS) and Media Source Extensions ( MSE ). This can be especially helpful on complex websites that want to ensure continuous and smooth video playback even when other site activity (such as live commenting) causes a very busy main thread. You can see the performance difference in this demo .

WebKit for Safari 18.0 adds support for the WebRTC HEVC RFC 7789 RTP Payload Format. Previously, the WebRTC HEVC used generic packetization instead of RFC 7789 packetization. This payload format provides a new option for improving videoconferencing, video streaming, and delivering high-bitrate movies and TV shows.

WebKit for Safari 18.0 adds support for MediaStreamTrack processing in a dedicated worker. And it adds support for missing WebRTC stats.

WebKit for Safari 18.0 adds support for secure HTTPS for all images, video, and audio by upgrading passive subresource requests in mixed content settings. This means that if some files for a website are served using HTTPS and some are served using HTTP (known as “mixed content”), all images and media will now be auto-upgraded to HTTPS, in adherence with Mixed Content Level 2 .

WebKit for Safari 18.0 adds support for six new WebGL extensions:

EXT_texture_mirror_clamp_to_edge
WEBGL_render_shared_exponent
WEBGL_stencil_texturing
EXT_render_snorm
OES_sample_variables
OES_shader_multisample_interpolation

WebKit for Safari 18.0 adds support for fuzzy search code completion in the Web Inspector’s CSS source editor.

Two years ago at WWDC22, we announced support for passkeys — a groundbreaking industry-standard way to login to websites and app services. Passkeys provide people with an extremely easy user experience, while delivering a profound increase in security. To learn more, watch Meet Passkeys or read Supporting passkeys .

WebKit for Safari 18.0 adds support for three new features as we continue to improve passkeys. First, Safari 18.0 adds support for using mediation=conditional for web authentication credential creation. This allows websites to automatically upgrade existing password-based accounts to use passkeys. Learn more by watching Streamline sign-in with passkey upgrades and credential managers from WWDC.

Second, WebKit for Safari 18.0 adds support for using passkeys across related origins. This lets websites use the same passkey across a limited number of domains which share a credential backend.

And third, WebKit for Safari 18.0 adds support for the WebAuthn prf extension. It allows for retrieving a symmetric key from a passkey to use for the encryption of user data.

Safari 18.0 also adds support for Mobile Device Management of extension enabled state, private browsing state, and website access on managed devices. This means schools and businesses that manage iOS, iPadOS, or macOS devices can now include the configuration of Safari App Extensions, Content Blockers, and Web Extensions in their management.

WebKit for Safari 18.0 adds support for funds transfer via Apple Pay.

While it’s rare to deprecate older technology from the web, there are occasions when it makes sense. We’ve been busy removing -webkit prefixed properties that were never standardized, aging media formats that were never supported in other browsers, and more. This helps align browser engines, improve interoperability, and prevent compatibility problems by reducing the possibility that a website depends on something that’s not a web standard.

WebKit for Safari 18.0 removes support for OffscreenCanvasRenderingContext2D ’s commit() method.

WebKit for Safari 18.0 deprecates support for a number of rarely used -webkit prefixed CSS pseudo-classes and properties — and even one -khtml prefixed property.

-webkit-alt and alt properties
:-webkit-animating-full-screen-transition pseudo-class
:-webkit-full-screen-ancestor pseudo-class
:-webkit-full-screen-controls-hidden pseudo-class
:-webkit-full-page-media pseudo-class
:-webkit-full-screen-document pseudo-class
:-khtml-drag pseudo-class

WebKit for Safari 18.0 also deprecates support for the resize: auto rule. Support for the resize property remains, just as it’s been since Safari 4. The values Safari continues to support include : none , both , horizontal , vertical , block , inline , plus the global values. Early versions of CSS Basic User Interface Module Level 3 defined auto , but it was later written out of the web standard.

WebKit for Safari 18.0 also deprecates support for non-standardize WEBKIT_KEYFRAMES_RULE and WEBKIT_KEYFRAME_RULE API in CSSRule .

WebKit for Safari 18.0 removes support for the JPEG2000 image format. Safari was the only browser to ever provide support.

If you’ve been serving JPEG2000 files using best practices, then your site is using the picture element to offer multiple file format options to every browser. Safari 18.0 will simply no longer choose JPEG2000, and instead use a file compressed in JPEG XL, AVIF, WebP, HEIC, JPG/JPEG, PNG, or Gif — choosing the file that’s best for each user. Only one image will be downloaded when you use <picture> , and the browser does all the heavy lifting.

We have noticed that some Content Deliver Networks (CDN) use User Agent sniffing to provide one file to each UA, offering only JPEG2000 images to Safari — especially on iPhone and iPad. If you expect this might be happening with your site, we recommend testing in Safari 18.0 on both macOS Sequoia and iOS or iPadOS 18. If you see problems, contact your SaaS provider or change your image delivery settings to ensure your website provides fallback images using industry best practices.

If you notice a broken site, please file an issue at webcompat.com .

WebKit for Safari 18.0 removes [[VarNames]] from the global object to reflect changes in the web standard, a change that now allows this code to work:

WebKit for Safari 18.0 removes support for non-standard VTTRegion.prototype.track .

WebKit for Safari 18.0 removes the last bits of support for AppCache.

When AppCache first appeared in 2009, in Safari 4, it held a lot of promise as a tool for caching web pages for use offline. It was imagined as “HTML5 Application Cache” back when HTML itself was being further expanded to handle more use cases for web applications. A developer could create a simple cache manifest file with a list of files to be cached. Its simplicity looked elegant, but there was no mechanism for cache busting, and that made both developing a site and evolving the site over time quite frustrating. AppCache also had security challenges. So new web standards were created to replace it. Today, developers use Service Workers and Cache Storage instead.

WebKit deprecated AppCache with a warning to the Console in Safari 11.0. Then in 2021, we removed support for AppCache from Safari 15.0, with a few exceptions for third-party users of WKWebView . Now we are removing those exceptions. This change to WebKit will only affect the rare web content loaded in older third-party apps that have JavaScript code which relies on the existence of AppCache related interfaces.

WebKit for Safari 18.0 removes the SVGAnimateColorElement interface, as well as the non-standard getTransformToElement from SVGGraphicsElement .

WebKit for Safari 18.0 removes support for four non-standard Web APIs:

KeyboardEvent.altGraphKey
AES-CFB support from WebCrypto
KeyboardEvent.prototype.keyLocation
HashChangeEvent ’s non-standard initHashChangeEvent() method

Deprecated some legacy WebKit notification names including:

WebViewDidBeginEditingNotification
WebViewDidChangeNotification
WebViewDidEndEditingNotification
WebViewDidChangeTypingStyleNotification
WebViewDidChangeSelectionNotification

In addition to all the new features, WebKit for Safari 18.0 includes work to polish existing features.

Accessibility

Fixed role assignment for <header> inside <main> and sectioning elements.
Fixed range input not firing an input event when incremented or decremented via accessibility APIs.
Fixed setting aria-hidden on a slot not hiding the slot’s assigned nodes.
Fixed VoiceOver to read hidden associated labels.
Fixed comboboxes to expose their linked objects correctly.
Fixed VoiceOver support for aria-activedescendant on macOS.
Fixed time input accessibility by adding labels to subfields.
Fixed aria-hidden=true to be ignored on the <body> and <html> elements.
Fixed datetime values being exposed to assistive technologies in the wrong timezone.
Fixed wrong datetime value being exposed to assistive technologies for datetime-local inputs.
Fixed ignored CSS content property replacement text when it is an empty string.
Fixed the computed role for these elements: dd , details , dt , em , hgroup , option , s , and strong .
Fixed hidden elements targeted by aria-labelledby to expose their entire subtree text, not just their direct child text.
Fixed accessible name computation for elements with visibility: visible inside a container with visibility: hidden .
Fixed updating table accessibility text when its caption dynamically changes.
Fixed updating aria-describedby text after the targeted element changes its subtree.
Fixed the transition property to produce the shortest serialization.
Fixed the animation property to produce the shortest serialization.
Fixed arbitrary 8 digit limit on a line item’s total amount.

Authentication

Fixed navigator.credentials.create() rejects with “NotAllowedError: Operation Failed” after a conditional UI request is aborted.
Fixed setting the cancel flag once the cancel completes regardless of a subsequent request occurring.
Fixed drawImage(detachedOffscreenCanvas) to throw an exception.
Fixed OffscreenCanvas failing to render to the placeholder with nested workers.
Fixed losing the contents layer of the placeholder canvas of OffscreenCanvas when switching off the tab.
Fixed drawImage to not alter the input source or the destination rectangles.
Fixed toggling the visibility on a canvas parent undoing the effect of clearRect() .
Fixed the Canvas drawImage() API to throw an exception when the image is in broken state.
Fixed a detached OffscreenCanvas to not transfer an ImageBuffer.
Fixed treating the lack of an explicit “SameSite” attribute as “SameSite=Lax”.
Fixed setting white-space to a non-default value dynamically on a whitespace or a new line.
Fixed custom counter styles disclosure-open and disclosure-closed to point to the correct direction in right-to-left.
Fixed backface-visibility to create a stacking context and containing block.
Fixed getComputedStyle() to work with functional pseudo-elements like ::highlight() .
Fixed: Aliased :-webkit-full-screen pseudo-class to :fullscreen .
Fixed: Aliased :-webkit-any-link to :any-link and :matches() to :is() .
Fixed getComputedStyle() pseudo-element parsing to support the full range of CSS syntax.
Fixed @supports to correctly handle support for some -webkit prefixed pseudo-elements that were incorrectly treated as unsupported.
Fixed updating media-query sensitive meta tags after style changes.
Fixed changing color scheme to update gradients with system colors or light-dark() .
Fixed incorrect inline element size when using font-variant-caps: all-small-caps with font-synthesis .
Fixed :empty selector to work with animations.
Fixed preserving whitespace when serializing custom properties.
Fixed updating style correctly for non-inherited custom property mutations.
Fixed element removed by parent to end up losing the last remembered size.
Fixed an incorrect difference between implicit and explicit initial values for custom properties.
Fixed the contrast of Menu and MenuText system colors.
Fixed keeping the shorthand value for CSS gap as-is in serialized and computed values.
Fixed the style adjuster for @starting-style incorrectly invoking with a null element.
Fixed excluding -apple-pay-button from applying to any element that supports appearance: auto and is not a button.
Fixed missing color interpretation methods added to CSS color specifications.
Fixed hsl() and hsla() implementation to match the latest spec changes.
Fixed the implementation of rgb() and rgba() to match the latest spec.
Fixed the hwb() implementation to match the latest spec.
Fixed the remaining color types to be synced with the latest spec changes.
Fixed carrying analogous components forward when interpolating colors.
Fixed applying the fill layer pattern for mask-mode .
Fixed backdrop-filter: blur to render for elements not present when the page is loaded.
Fixed: Improved large Grid performance.
Fixed some CSS properties causing quotes to be reset.
Fixed an issue where input method editing would sporadically drop the composition range.
Fixed dictation UI no longer showing up when beginning dictation after focusing an empty text field. (FB14277296)
Fixed displayed datalist dropdown to sync its options elements after a DOM update.
Fixed input elements to use the [value] as the first fallback step base.
Fixed <select multiple> scrollbars to match the used color scheme.
Fixed updating the input value when selecting an <option> from a <datalist> element. (FB13688998)
Fixed the value attribute not getting displayed in an input element with type="email" and the multiple attribute.
Fixed the iOS animation for <input type=checkbox switch> .
Fixed form controls drawing with an active appearance when the window is inactive.
Fixed constructed FormData object to not include entries for the image button submitter by default.
Fixed the properties of History to throw a SecurityError when not in a fully active Document.
Fixed “about:blank” document.referrer initialization.
Fixed parsing a self-closing SVG script element. It now successfully executes.
Fixed RegExp.prototype.@@split to update the following legacy RegExp static properties: RegExp.input , RegExp.lastMatch , RegExp.lastParen , RegExp.leftContext , RegExp.rightContext , and RegExp.$1, ... RegExp.$9 .
Fixed String.prototype.replace to not take the fast path if the pattern is RegExp Object and the lastIndex is not numeric.
Fixed spec compliance for Async / Await, Generators, Async Functions, and Async Generators.
Fixed async functions and generators to properly handle promises with throwing “constructor” getter.
Fixed return in async generators to correctly await its value.
Fixed Symbol.species getters to not share a single JS Function.
Fixed throwing a RangeError if Set methods are called on an object with negative size property.
Fixed eval() function from another realm to not cause a direct eval call.
Fixed eval() call with ...spread syntaxt to be a direct call.
Fixed try/catch to not intercept errors originated in [[Construct]] of derived class.
direct eval() in a default value expression inside a rest parameter creates a variable in the environment of the function rather than the separate one of the parameters;
a ReferenceError is thrown when accessing a binding, which is defined inside rest parameter, in eval() , or a closure created in a default value expression of a preceding parameter, but only if there is a var binding by the same name;
a closure, created in the default value expression inside a rest parameter, is created in a different VariableEnvironment of the function than its counterparts in preceding parameters which causes the incorrect environment to be consulted when querying or modifying parameter names that are “shadowed” by var bindings.
Fixed TypedArray sorting methods to have a special-case for camparator returning false .
Fixed programming style for bitwise and in setExpectionPorts.
Fixed emitReturn() to load this value from arrow function lexical environment prior to the TDZ check.
Fixed NFKC normalization to work with Latin-1 characters.
Fixed parsing of private names with Unicode start characters.
Fixed instanceof to not get RHS prototype when LHS is primitive.
Fixed bracket update expression to resolve property key at most once.
Fixed bracket compound assignement to resolve the property key at most once.
Fixed Object.groupBy and Map.groupBy to work for non-objects.
Fixed Array.fromAsync to not call the Array constructor twice.
Fixed inconsistent output of Function.prototype.toString for accessor properties.
Fixed Set#symmetricDifference to call this.has in each iteration.
Fixed logical assignment expressions to throw a syntax error when the left side of the assignment is a function call.
Fixed throwing a syntax error for nested duplicate-named capturing groups in RegEx.
Fixed ArrayBuffer and SharedArrayBuffer constructor to check length before creating an instance.
Fixed Intl implementation to ensure canonicalizing “GMT” to “UTC” based on a spec update.
Fixed RegEx lookbehinds differing from v8.
Fixed fractionalDigits of Intl.DurationFormat to be treated as at most 9 digits if it is omitted.
Fixed optimized TypedArrays giving incorrect results.
Fixed Intl.DurationFormat for numeric and 2-digit .
Fixed navigator.cookieEnabled to return false when cookies are blocked.
Fixed MediaSession to determine the best size artwork to use when the sizes metadata attribute is provided. (FB9409169)
Fixed video sound coming from another window after changing tabs in the Tab Bar in visionOS.
Fixed playback for MSE videos on some sites.
Fixed allowing a video’s currentTime to be further than the gap’s start time.
Fixed broken audio playback for a WebM file with a Vorbis track.
Fixed sampleRate and numberOfChannels to be required and non-zero in a valid AudioEncoderConfig.
Fixed media elements appending the same media segment twice.
Fixed an issue where Safari audio may be emitted from the wrong window in visionOS.
Fixedrejecting valid NPT strings if ‘hours’ is defined using 1 digit.
Fixed picture-in-picture when hiding the <video> element while in Viewer.
Fixed the return button not working after the video is paused and played in picture-in-picture.
Fixed upgrading inactive or passive subresource requests and fetches in would-be mixed security contexts to match standards.
Fixed incorrect Sec-Fetch-Site value for navigation of a nested document.
Fixed loading WebArchives with a non-persistent datastore.
Fixed Timing-Allow-Origin to not apply to an HTTP 302 response.
Fixed print buttons with a print action implementation.
Fixed Open in Preview for a PDF with a space in its name.
Fixed “Open with Preview” context menu item to work with locked PDF documents.
Fixed Greek uppercase transforms failing for some characters.
Fixed resizing a <textarea> element with 1rem padding.
Fixed the color correctness of the color matrix filter.
Fixed backdrop-filter to apply to the border area of an element with a border-radius .
Fixed intrinsic inline size calculators to account for whitespace before an empty child with nonzero margins.
Fixed overlapping elements with flex box when height: 100% is applied on nested content.
Fixed incorrect grid item positioning with out-of-flow sibling.
Fixed break-word with a float discarding text.
Fixed min-content calculation for unstyled only-child inlines elements.
Fixed ellipsis rendering multiple times when position: relative and top are used.
Fixed a bug for inline elements inserted in reverse order after a block in a continuation.
Fixed the flash of a page background-colored bar in the footer when the window is resized.
Fixed garbled bold text caused by glyph lookup using the wrong font’s glyph IDs when multiple installed fonts have the same name. (FB13909556)
Fixed selecting Japanese text annotated with ruby in a vertical-rl writing mode table.
Fixed support for border, padding, and margin on mfrac and mspace elements in MathML.
Fixed the cursor not updating as content scrolls under it on some pages.
Fixed stripping the scroll-to-text fragment from the URL to prevent exposing the fragment to the page.
Fixed CORS bypass on private localhost domain using 0.0.0.0 host and mode “no-cors”.
Fixed blocking cross-origin redirect downloads in an iframe.
Fixed blocked cross-origin redirect downloads to attempt rendering the page instead.
Fixed the SVG parser to interpret “form feed” as white space.
Fixed error handling for invalid filter primitive references.
Fixed displaying an SVG element inside a <switch> element.
Fixed SVG title to have display: none as the default UA style rule.
Fixed the UA stylesheet for links in SVGs to apply cursor: pointer matching standards.
Fixed returning the initial value for the SVG gradient stop-color if it is not rendered in the page.
Fixed the SVG marker segment calculations if the marker path consists of sub-paths.
Fixed SVGLength to sync with the WebIDL specification.
Fixed disclosure counter styles to consider writing-mode .

Web Animations

Fixed percentage transform animations when width and height are animated.
Fixed updating an animation when changing the value of a transform property while that property is animated with an implicit keyframe.
Fixed display transition to none .
Fixed cssText setter to change the style attribute when the serialization differs. (FB5535475)
Fixed history.pushState() and history.replaceState() to ignore the title argument.
Fixed URL text fragment directives not fully stripped from JavaScript.
Fixed showPicker() method to trigger suggestions from a datalist .
Fixed lang attribute in no namespace to only apply to HTML and SVG elements.
Fixed unnecessarily unsetting the iframe fullscreen flag.
Fixed DOM Range to correctly account for CDATASection nodes.
Fixed getGamepads() to no longer trigger an insecure contexts warning.
Fixed inserting a <picture> element displaying the same image twice.
Fixed throwing exceptions in navigation methods if in a detached state.
Fixed a minor issue in URL’s host setter.
Fixed cloning of ShadowRoot nodes following a DOM Standard clarification.
Fixed GeolocationCoordinates to expose a toJSON() method.
Fixed IntersectionObserver notifications that sometimes fail to fire.
Fixed GeolocationPosition to expose a toJSON() method.
Fixed setting CustomEvent.target when dispatching an event.
Fixed navigator.language only returning the system language in iOS 17.4.
Fixed: Removed presentational hints from the width attribute for <hr> .
Fixed an issue when inserting writing suggestions into an editable display: grid container.
Fixed the warning message for window.styleMedia .
Fixed resolving www. sub-domain for Associated Domains for all web apps.

Web Assembly

Fixed initialization of portable reference typed globals.

Web Extensions

Fixed getting an empty key from storage. (FB11427769)
Fixed Service Workers not appearing in the Develop menu or remote Web Inspector menu. (130712941)
Fixed web extensions unable to start due to an issue parsing declarativeNetRequest rules. (FB14145801)
Fixed font sizes in the Audits tab.
Fixed expanded sections of Storage to not collapse.
Fixed Web Inspector to show nested workers.
Fixed CSS font property values marked !important not getting overridden when using the interactive editing controls.
Fixed an issue where the Web Inspector viewport might appear cut off.
Fixed runtimes to be aligned in the Audit tab.
Fixed remembering the message type selection in the Console tab.
Fixed autocomplete for the text-indent property suggesting prefixed properties instead of each-line or hanging .
Fixed background autocompletion suggestion to include repeating-conic-gradient .
Fixed the list of breakpoints in the Sources tab disappearing when Web Inspector is reloaded.
Fixed console clearing unexpectedly when Web Inspector reopens.
Fixed console code completion to be case-insensitive.
Fixed overflow: scroll elements to scroll as expected when highlighting an element from the DOM tree.
Fixed showing additional Safari tabs from an iOS device in the Develop menu.
Fixed Console and code editor completion not auto-scrolling the suggestion into view.
Fixed search in the DOM tree view unexpectedly chaning the text display.
Fixed clicking the “goto” arrow for computed CSS when “show independent Styles sidebar” is disabled.
Fixed inspectable tabs from Safari in the visionOS Simulator don’t appear in Developer menu on the host macOS.
Fixed Accessibility inspector for switch controls to report “State: on/off” instead of “Checked: true/false”.
Fixed Gamepad API in WKWebView.
Fixed repainting HTML elements when their width or height change in legacy WebView.
Fixed retrieving titles containing multibyte characters.
Fixed RTCEncodedVideoFrame and RTCEncodedAudioFrame to match the WebIDL specification.
Fixed VideoTrackGenerator writer to close when its generator track (and all its clones) are stopped.
Fixed WebRTC AV1 HW decoding on iPhone 15 Pro.
Fixed black stripes with screen sharing windows.
Fixed black stripes with getDisplayMedia captured windows when the window is resized.

Safari 18.0 is available on iOS 18 , iPadOS 18 , macOS Sequoia , macOS Sonoma, macOS Ventura, and in visionOS 2 .

If you are running macOS Sonoma or macOS Ventura, you can update Safari by itself, without updating macOS. Go to  > System Settings > General > Software Update and click “More info…” under Updates Available.

To get the latest version of Safari on iPhone, iPad or Apple Vision Pro, go to Settings > General > Software Update, and tap to update.

We love hearing from you. To share your thoughts on Safari 18.0, find us on Mastodon at @[email protected] and @[email protected] . Or send a reply on X to @webkit . You can also follow WebKit on LinkedIn . If you run into any issues, we welcome your feedback on Safari UI (learn more about filing Feedback ), or your WebKit bug report about web technologies or Web Inspector. If you notice a website that seems broken in Safari, but not in other browsers, please file a report at webcompat.com . Filing issues really does make a difference.

Download the latest Safari Technology Preview on macOS to stay at the forefront of the web platform and to use the latest Web Inspector features.

You can also find this information in the Safari 18.0 release notes .

1. iPhone Mirroring is available on Mac computers with Apple silicon and Intel-based Mac computers with a T2 Security Chip. Requires that your iPhone and Mac are signed in with the same Apple ID using two-factor authentication, your iPhone and Mac are near each other and have Bluetooth and Wi-Fi turned on, and your Mac is not using AirPlay or Sidecar. iPhone Mirroring is not available in all regions.

How To Enable Third-Party Cookies On Safari

Software & Applications
Browsers & Extensions

how-to-enable-third-party-cookies-on-safari

Introduction

In today's digital age, web browsers have become an integral part of our daily lives, serving as gateways to the vast realm of the internet. Among the myriad of features and settings that browsers offer, the management of cookies holds significant importance. Cookies, particularly third-party cookies, play a crucial role in tracking user behavior, personalizing online experiences, and enabling targeted advertising.

As the default web browser for Apple devices, Safari is renowned for its robust privacy and security features. However, in its pursuit of safeguarding user data, Safari has taken a strict stance on third-party cookies. By default, Safari blocks these cookies, aiming to protect user privacy and prevent cross-site tracking.

While this default setting aligns with Apple's commitment to user privacy, it can sometimes lead to a less-than-optimal browsing experience for users who rely on third-party cookies for various functionalities. Therefore, understanding how to enable third-party cookies on Safari is essential for those who wish to access certain websites and services that depend on these cookies.

In this article, we will delve into the intricacies of third-party cookies, explore the reasons for enabling them on Safari, and provide a comprehensive guide on how to do so. Whether you're a casual internet user or a web developer seeking to ensure seamless functionality across different browsers, this article will equip you with the knowledge and tools to navigate Safari's cookie settings effectively. Let's embark on this journey to unravel the world of third-party cookies and harness the full potential of Safari's browsing capabilities.

Understanding Third-Party Cookies

In the realm of web browsing, cookies serve as small pieces of data that websites store on a user's device. These data snippets are designed to facilitate various functionalities, such as remembering login credentials, personalizing content, and tracking user interactions. While first-party cookies are set by the website being visited, third-party cookies originate from domains other than the one displayed in the address bar.

Third-party cookies play a pivotal role in enabling cross-site tracking and targeted advertising. When a user visits a website that contains resources from third-party domains, such as embedded advertisements or social media plugins, these third-party domains can set cookies to track the user's activity across different sites. This tracking mechanism allows advertisers and data analytics companies to gather insights into user behavior, preferences, and browsing patterns, thereby facilitating the delivery of personalized ads and content.

From a user experience standpoint, third-party cookies contribute to the seamless functioning of various online services. For instance, they enable social media integration, allowing users to share content across platforms and interact with social plugins on different websites without the need for repeated authentication. Additionally, third-party cookies are instrumental in supporting e-commerce functionalities, such as retaining items in a shopping cart across multiple sites and providing personalized product recommendations based on browsing history.

However, the pervasive use of third-party cookies has raised concerns about user privacy and data security. Critics argue that the extensive tracking facilitated by these cookies can lead to intrusive profiling and potential exploitation of personal information. In response to these concerns, major web browsers, including Safari, have implemented measures to restrict or block third-party cookies by default, aiming to enhance user privacy and mitigate the risks associated with cross-site tracking.

By understanding the role of third-party cookies in web browsing, users can gain insights into the trade-offs between personalized experiences and privacy protection. This understanding is particularly relevant when navigating Safari's cookie settings, as it empowers users to make informed decisions about enabling or disabling third-party cookies based on their preferences and requirements.

Why Enable Third-Party Cookies on Safari

Enabling third-party cookies on Safari can significantly enhance the functionality and user experience across various websites and online services. While Safari's default setting of blocking third-party cookies aligns with its commitment to user privacy, there are compelling reasons why users may choose to enable these cookies in certain scenarios.

Seamless Cross-Site Functionality

Many websites rely on third-party cookies to deliver seamless cross-site functionality. For instance, social media integration features, such as the ability to share content and interact with social plugins across different websites, often depend on third-party cookies. By enabling these cookies, users can experience uninterrupted social media interactions and sharing capabilities, without encountering authentication hurdles at every turn.

Enhanced Personalization

Third-party cookies play a pivotal role in delivering personalized content and recommendations across the web. By tracking user behavior and preferences across multiple sites, these cookies enable platforms to tailor content, advertisements, and product recommendations to individual users' interests. Enabling third-party cookies on Safari can thus lead to a more personalized and relevant online experience, particularly when engaging with e-commerce websites, content platforms, and personalized advertising networks.

Uninterrupted E-Commerce Functionality

In the realm of online shopping, third-party cookies are instrumental in maintaining a seamless e-commerce experience. These cookies enable features such as retaining items in a shopping cart across different sites, providing personalized product recommendations based on browsing history, and facilitating streamlined checkout processes. By enabling third-party cookies on Safari, users can ensure that their e-commerce interactions remain smooth and uninterrupted, without encountering obstacles related to cross-site functionality.

Access to Certain Services and Platforms

Some websites and online services may have functionalities that rely on third-party cookies for essential operations. By enabling these cookies on Safari, users can gain access to specific platforms, features, or content that require the utilization of third-party cookies. This can be particularly relevant for individuals who rely on Safari as their primary web browser and encounter limitations in accessing certain services due to the default blocking of third-party cookies.

In essence, enabling third-party cookies on Safari empowers users to unlock a myriad of cross-site functionalities, personalized experiences, and seamless interactions across various online platforms. By carefully considering the implications and benefits of enabling these cookies, users can make informed decisions that align with their preferences and browsing requirements.

Steps to Enable Third-Party Cookies on Safari

Enabling third-party cookies on Safari involves navigating through the browser's settings to modify the default cookie preferences. By following the steps outlined below, users can adjust Safari's cookie settings to allow the use of third-party cookies, thereby unlocking enhanced cross-site functionality and personalized experiences.

Open Safari Preferences : Begin by launching the Safari browser on your Apple device and accessing the "Safari" menu located in the top-left corner of the screen. From the drop-down menu, select "Preferences" to open the Safari Preferences window.

Navigate to Privacy Settings : Within the Safari Preferences window, click on the "Privacy" tab, which houses various privacy and security settings related to browsing data and cookies.

Adjust Cookie Settings : Under the Privacy tab, locate the "Cookies and website data" section. By default, Safari blocks third-party cookies for privacy and security reasons. To enable third-party cookies, uncheck the box next to "Block all cookies." This action will allow both first-party and third-party cookies to be stored on your device.

Confirm the Changes : After unchecking the "Block all cookies" option, Safari will prompt you to confirm the changes to the cookie settings. Click "Allow" or "Allow from websites I visit" to finalize the modification. This step ensures that third-party cookies are permitted, while still maintaining control over which websites can store cookies on your device.

Restart Safari : To ensure that the changes take effect, it is advisable to restart the Safari browser. Close the browser window and relaunch Safari to initiate the updated cookie settings.

Verify Third-Party Cookie Usage : Once Safari has been restarted, visit websites or online platforms that rely on third-party cookies for various functionalities. By allowing these cookies, you should experience seamless cross-site interactions, personalized content, and enhanced e-commerce features that were previously impacted by the default blocking of third-party cookies.

By following these steps, users can effectively enable third-party cookies on Safari, thereby expanding the scope of cross-site functionalities and personalized experiences available while browsing the web. It is important to note that while enabling third-party cookies can enhance certain aspects of the browsing experience, users should remain mindful of privacy implications and exercise caution when interacting with third-party content across different websites.

In conclusion, the management of third-party cookies on Safari presents users with a delicate balance between privacy protection and the facilitation of seamless cross-site functionalities and personalized experiences. While Safari's default setting of blocking third-party cookies underscores its commitment to safeguarding user privacy, there are compelling reasons why users may opt to enable these cookies in specific contexts.

By understanding the role of third-party cookies in web browsing and the potential benefits of enabling them, users can make informed decisions tailored to their browsing requirements. The steps to enable third-party cookies on Safari, as outlined in this article, provide a clear pathway for users to adjust their cookie settings and unlock enhanced cross-site functionalities, personalized content, and uninterrupted e-commerce experiences.

It is crucial for users to approach the enabling of third-party cookies on Safari with a nuanced perspective, considering the trade-offs between functionality and privacy. While enabling these cookies can enhance certain aspects of the browsing experience, users should remain vigilant about the potential implications for their privacy and data security. Additionally, exercising caution when interacting with third-party content across different websites is essential to mitigate the risks associated with extensive cross-site tracking.

Ultimately, the decision to enable third-party cookies on Safari rests on individual preferences, browsing habits, and the specific requirements of websites and online services. By empowering users with the knowledge and tools to navigate Safari's cookie settings effectively, this article aims to foster a balanced approach to managing third-party cookies, where users can harness the benefits of enhanced functionalities while maintaining a vigilant stance on privacy protection.

As the digital landscape continues to evolve, the discourse surrounding third-party cookies and user privacy remains a dynamic and evolving domain. Safari's stance on third-party cookies reflects the broader industry-wide efforts to strike a harmonious balance between user privacy and the seamless delivery of online experiences. By staying informed and proactive in managing cookie settings, users can navigate the digital realm with confidence, leveraging the capabilities of Safari while upholding their privacy preferences.

In essence, the journey to enable third-party cookies on Safari is not merely a technical adjustment but a nuanced exploration of the intersection between privacy, functionality, and user empowerment. As users navigate this terrain, they are poised to shape their browsing experiences in alignment with their values and preferences, thereby contributing to a more informed and conscientious digital ecosystem.

How Do I Allow 3Rd Party Cookies On Safari

How To Enable Cookies In Safari On Mac

How To Block All Cookies In Safari

What Is Cross-Site Tracking In Safari

How To Block Cookies In Safari

How To Get Rid Of Ads On IPad Safari

How To Turn Off Cookies In Safari

Why Can’t I Open Instagram On Safari

12 Best Free AI Image Sharpeners in 2024 (Web/PC/Mobile)

Sanjuksha Nirgude Soaring High with Robotics

OpenStack Backup and Recovery Software

Apple Wallet Availability in the PocketGuard App: Sync your Apple Card, Apple Cash, and Savings from Apple Card Accounts

5 Ways to Improve IT Automation

What is Building Information Modelling?

How to Use Email Blasts Marketing To Take Control of Your Market

Privacy Overview
Strictly Necessary Cookies

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Award-winning news, views, and insight from the ESET security community

Third-party cookies: How they work and how to stop them from tracking you across the web

Cross-site tracking cookies have a bleak future but can still cause privacy woes to unwary users

15 Sep 2022 • , 13 min. read

Third-party cookies: How they work and how to stop them from tracking you across the web

For many years, privacy advocates have been sounding the alarm on the use of cookies to track, profile, and serve personalized ads to web users. The discussion has been especially acute over cookies used for cross-site tracking, in which a website leaks or offers visitor data to third-party services included in the site.

In response, some of the major web browser vendors stepped up their efforts in the past two years to offer improved or new options to block third-party cookies. In 2020, Apple updated Intelligent Tracking Prevention in Safari and, in 2021, Mozilla rolled out Total Cookie Protection in Firefox to clamp down on tracking via third-party cookies.

Google has gone as far as promising to disable third-party cookies in Chrome, but not until a privacy-preserving alternative – currently being explored under the Privacy Sandbox initiative – is developed for businesses in need of advertising and analytics services.

However, all of this effort put into blocking third-party cookies may be for naught if the user fails to audit the settings for their browser of choice. A freshly installed web browser may not be blocking third-party cookies by default. A notable exception is Firefox for desktop, which has Total Cookie Protection turned on by default as of June 2022.

In order to better understand the concerns around cookies, we will take a brief look at Hypertext Transfer Protocol (HTTP) header fields, and then deep dive into what cookies look like, how they are handled by web browsers, and some of the security and privacy implications of their use.

Why do websites use cookies anyway?

Websites use HTTP to serve up web pages requested by visitors. Using this protocol, a client – for example, a web browser like Google Chrome – sends an HTTP request to a server and the server returns an HTTP response. Note that in this article we use “HTTP” to mean HTTP or HTTPS.

HTTP is a stateless protocol, meaning a server can process the request without depending on other requests. However, by using cookies, servers can maintain state – they can identify multiple requests as coming from the same source across page reloads, navigations, browser restarts, and even third-party sites. This was the rationale behind the introduction of cookies.

What are HTTP header fields?

Without getting too bogged down in the details of HTTP, what is most relevant to understand here is that an HTTP request contains header fields that modify or convey information about the request. Let’s consider the following client request:

Figure 1. An HTTP request

This request has two header fields: User-Agent and Host.

The User-Agent header field indicates that the client making the request is Chrome version 103 running on a 64-bit Windows 10 machine. Note that the User-Agent can be spoofed. The Host header field indicates the domain, and optionally the connection port, that the request is made to, and is required in all HTTP v1.1 requests; in this case the domain is example.com.

The example.com server might send a response to the above request that looks like this:

Figure 2. An HTTP response

An HTTP response also contains header fields that modify the response and this particular response even contains message content. Again, the main idea here is that HTTP requests and responses use header fields that affect their processing via the information they deliver, which may include cookies.

What are cookies?

A cookie is a piece of data delivered by a server to a client typically via the Set-Cookie header field in the form of a name=value pair. Let’s redo the HTTP response above, but this time the server will attempt to set a cookie.

Figure 3. A server can use the Set-Cookie header field to send cookies to clients

In this example cookie, SessionID is the cookie name and 31d4d96e407aad42 is the cookie value.

Where are cookies stored?

When a Google Chrome browser running on Windows receives an HTTP response with cookies, it saves the cookies on disk in an SQLite version 3 database called Cookies:

Figure 4. Path to the Chrome Cookies database

This database contains a table called cookies where the cookie value is encrypted and stored in a column called encrypted_value , along with associated metadata, as can be seen from the other columns in the table:

Figure 5. The columns of the cookies table in the Chrome Cookies database

A partial row from the cookies table might look like this:

Figure 6. A partial row in the cookies table of the Chrome Cookies database

Tools that attempt to access the Cookies database and decrypt cookie values can be detected by ESET products’ Real-time file system protection . For example, this Python script available in GitHub is detected as Python/PSW.Stealer.AD :

Figure 7. ESET products’ Real-time file system protection detects Python/PSW.Stealer.AD attempting to decrypt cookie values

However, the Chrome browser allows you to view the decrypted cookie value in Chrome DevTools :

Figure 8. The Cookies pane in Chrome DevTools

Even though it is possible to view the decrypted cookie value in Chrome DevTools, the value will likely make little sense because it may either be a unique, random value (for example, a session identifier) or contain data that has been further encrypted and signed by the issuing server, and often encoded in some “text-safe” way such as base64.

Whatever the data stored in the cookie, the length of the name=value cookie pair cannot exceed four kilobytes. This is probably where the popular description of cookies storing “small” bits or pieces of data originates.

Returning cookies to the server

Once a cookie is set, future client requests to the server that set the cookie may include the cookie in a Cookie header field. Let’s redo the HTTP request above, but this time include the previously set cookie:

Figure 9. A client uses the Cookie header field to return a cookie

One of the critical points impacting privacy and security on the web is the client’s decision logic about whether to include cookies in an HTTP request to the originating server. This largely boils down to whether the request is being initiated in a first-party context on the site that set the cookie or in a third-party context on a different site that includes resources from the site that set the cookie.

Next, let’s take a look at how cookie security and privacy features affect the client’s decision to return cookies.

Cookie security

Let’s say I log into my account on a website. I expect the server to remember that I am logged in. So the server sends a cookie after I authenticate. As long as the client returns that cookie to the server in subsequent requests, the server knows I am logged in and there is no need to reauthenticate with every request.

Now, imagine that an attacker somehow steals that cookie, perhaps via malware delivered by email. Possessing that stolen cookie is nearly as good as having my authentication credentials because the server associates the use of that cookie with my authenticated self.

To mitigate the dangers from such cookie theft, the server can implement a few measures.

First, this particular cookie can be set to expire after a short period of inactivity. After its expiry, a stolen cookie becomes useless to a thief because the account is effectively logged out.

Second, the server can require any critical actions, such as resetting the account password or, say, transferring more than a nominal amount in a banking application, to be confirmed with the current password or some other mechanism like a verification code. A cookie thief should not be able to reset my password or empty my bank account by having the cookie alone.

Finally, the server can set this cookie with as many attributes for more stringent security as appropriate for the cookie’s purpose. This means using the following attributes:

Secure , which instructs clients to not include the cookie in unencrypted HTTP requests [this is a mitigation against adversary-in-the-middle (AitM) attacks ];
HttpOnly , which instructs clients to prevent non-HTTP APIs like JavaScript from accessing the cookie [this is a mitigation against cross-site scripting (XSS) attacks ];
SameSite=Strict , which instructs clients to include the cookie only in requests to domains that match the current site displayed in the browser’s address bar [this is a mitigation against cross-site request forgery (CSRF) attacks ]; and
Path=/ , which instructs clients to include the cookie in requests to any path of the domain. In combination with the next point in this list, the cookie can be considered as “locked” to the domain;
but not Domain in order to prevent the cookie from being included in requests to subdomains of the host that set the cookie. For example, a cookie set by com should not be sent to accounts.google.com.

Attempting to set such a fortified cookie would look like this:

Set-Cookie: SessionID=31d4d96e407aad42; Secure; HttpOnly; SameSite=Strict; Path=/

Here, the attributes that follow the first name=value pair are also part of the cookie.

Taking further measures to protect a site against AitM, XSS, and CSRF attacks also contributes to the security of cookies and the services they help provide.

Of course, cookies have more uses than handling logged-in users. They can also be used to keep items in a shopping cart, remember user preferences, and track user behavior.

First-party cookies vs. third-party cookies

Tracking via cookies can happen in both first-party and third-party contexts. Nowadays, tracking via first-party cookies is par for the course, if disclosed as required by privacy laws, and little can be done against it except perhaps the potentially website-breaking option of blocking all cookies or limiting it by browsing in private or incognito mode so that you appear as a new visitor each time you visit the site after opening a new window or tab and starting a new browser session.

But what exactly is a first-party cookie? Let’s use Google as an example. If you open https://google.com in your web browser, then all the cookies set by the google.com server and included in your client (browser) requests to google.com are considered first-party cookies. An easy way to check this is to look for cookies with a domain attribute value of google.com as these are a match for the domain displayed in the browser’s address bar.

Chrome DevTools has a Filters toolbar to expedite finding requests by their domain property and a Cookies tab to view the cookies sent with each request:

Figure 10. First-party cookies returned to google.com

And what is a third-party cookie? If you visit a non-Google site like welivesecurity.com that triggers requests to google.com – perhaps the web page has an embedded YouTube video that loads a script hosted on google.com – the cookies included in these requests are considered third-party. Again, an easy way to check this is to look for cookies with a domain attribute value of google.com, as these are not a match for the domain displayed in the browser’s address bar:

Figure 11. Third-party cookies returned to google.com

Notice how few cookies are returned to google.com when visiting this WeLiveSecurity article compared to the horde of cookies that are returned when directly on google.com. This is due to the cookie’s SameSite attribute. In a third-party context, only cookies that are set with both the SameSite=None and Secure attributes may be returned.

This is why companies in the business of analytics, advertising, and personalization are strongly interested in SameSite=None; Secure cookies. Google’s NID cookie , for example, is a super tracker that helps:

remember preferences, such as preferred language, the number of results to show on a search results page, and whether Google’s SafeSearch filter is turned on
collect analytics on Google Search
show targeted Google ads in Google services to users that are not signed in
enable personalized autocomplete as users type search terms in Google Search

The NID cookie could last indefinitely – a scary proposition – unless you manually delete it , as it is reset to expire six months after your last use of a Google service, for example, each time you log in or out of your account.

Login fingerprinting

To get a stronger idea of the tracking capability of third-party cookies, consider visiting a site that uses a piece of HTML and JavaScript code (hat tip to Robin Linus ) to make a specially crafted request to the Google login service after the page has loaded.

Clicking on the Run button below will result in one of two actions. If third-party cookies are enabled in this browser session, the code will display the Google favicon below the Run button and open an alert dialog that says, “You are logged into Google in this browser”. But if third-party cookies are blocked in this browser, the code will not display the favicon below the Run button and will open an alert dialog that says “I don't know if you are logged into Google”. You can test both actions by refreshing this page between runs.

Google uses a cookie called __Host-3PLSID that can be included in requests from a third-party context. If you are logged in, this cookie will be included in the request, making the request successful and thereby leaking your login status to the third-party site.

The same issue applies to PayPal, although multiple runs may lead to PayPal requiring a CAPTCHA to be solved that then prevents login fingerprinting:

Nearly all the cookies that paypal.com sets are eligible to be returned in a third-party context. PayPal seems to use at least two cookies called id_token and HaC80bwXscjqZ7KM6VOxULOB534 to identify logged-in users.

Blocking third-party cookies

Login fingerprinting will not work on all sites because it exploits a weakness (although not every service provider seems to be concerned about this) in how the server has implemented its login mechanism and its handling of redirects. To prevent tracking you across websites and possible leaks of your login status, make sure to turn on any settings your browser has for blocking third-party cookies.

The following list describes where to find the third-party cookie settings in a smattering of the most popular web browsers.

As we said at the outset, Firefox for desktop has had Total Cookie Protection turned on by default since June 2022. Aside from the blogpost we just linked to, this support article provides more in-depth technical discussion of this feature, including how to troubleshoot sites that might not work properly with the feature enabled. More adventurous users might wish to fine-tune the default settings, found here:

Figure 14. Adjusting Firefox settings for better tracking protection

The Chrome browser provides the settings for cookies under “Privacy and security”:

Figure 15. The "Block third-party cookies" setting in Chrome

Once you have checked the “Block third-party cookies” option, all third-party cookies are blocked – they will not be returned to the server, nor can they be set on the client:

Figure 16. Chrome blocks third-party cookies

For the Microsoft Edge browser, follow the numbers in the image below to block third-party cookies:

Figure 17. The "Block third-party cookies" setting in Edge

In the settings for Safari on iOS, turn on “Prevent Cross-Site Tracking”:

Safari on iOS

Figure 18. The "Prevent Cross-Site Tracking" setting in Safari on iOS

Third-party browsers on iOS

iPhones have an “Allow Cross-Website Tracking” setting that is available for each third-party browser via the Settings app. Thus, in addition to checking the third-party cookie settings offered by each browser app, make sure this setting is not selected:

Figure 19. The "Allow Cross-Website Tracking" setting in Chrome on iOS

Conclusion: Predicting the death of third-party tracking cookies

The noose around third-party cookies for tracking is tightening from at least three points. First, from users who are turning on cookie-blocking technology on their devices and apps. Second, from web browser vendors who are strengthening their default browser settings to limit tracking. Third, from web developers who are using alternative storage mechanisms to handle cross-site resources.

With these growing efforts to undercut online tracking, cross-site tracking cookies sit on a precarious footing for their long-term survival, and we can predict their demise in a not too distant future.

Further reading: An introduction to private browsing 3 ways to browse the web anonymously Virtual private networks: 5 common questions about VPNs answered

Let us keep you up to date

The murky world of password leaks – and how to check if you’ve been hit

How to share sensitive files securely online

Watching out for the fakes: How to spot online disinformation

Apple blocks third-party cookies in Safari

Starting today, with the release of Safari 13.1 and through updates to the Intelligent Tracking Prevention (ITP) privacy feature, Apple now blocks all third-party cookies in Safari by default.

The company's move means that online advertisers and analytics firms cannot use browser cookie files anymore to track users as they visit different sites across the internet.

But Apple says the move isn't actually a big deal, since they were already blocking most third-party cookies used for tracking anyway.

"It might seem like a bigger change than it is," said John Wilander, an Apple software engineer. "But we've added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari."

Second browser to block third-party cookies for all users

Apple's Safari has now become the second browser -- after the Tor Browser -- to block all third-party cookies by default for all its users.

However, while Apple was quicker to block third-party cookies in Safari, Google is actually the one who pushed browser makers towards making this move in the first place, in a May 2019 blog post .

At the time, Google announced plans to block third-party cookies by default in Chrome and in the Chromium open-source project, on which multiple other browsers are built.

Google released Chrome v80 at the start of February with support for third-party cookie blocking (under the name of SameSite cookies ), but the feature won't fully roll out to all Chrome's users until 2022 .

Microsoft's Edge, which runs a version of Google's Chromium open-source browser has also begun gradually blocking third-party cookies as well, but the feature is not enabled by default for all its users either.

Apple's decision today doesn't mean that Safari now blocks all user tracking, but only tracking methods that rely on planting a cookie file in Safari and (re-)checking that cookie time and time again to identify the user as he moves from site to site.

Other user tracking solutions, such as user/browser fingerprinting, will most likely continue to work.

A small step forward for web privacy

Nonetheless, this is a major step in the right direction. With Google, Safari, Microsoft, and all the other Chromium-based browsers on board, now, the vast majority of current web browsers block third-party cookies or are on their way towards full blocks.

"This update takes several important steps to fight cross-site tracking and make it more safe to browse the web," Wilander explained in a Twitter thread today .

"First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.

"Second, full third-party cookie blocking removes statefulness in cookie blocking.

"Third, full third-party cookie blocking fully disables login fingerprinting, a problem on the web described already 12 years ago. Without protection, trackers can figure out which websites you're logged in to and use it as a fingerprint," Wilander added.

"Fourth, full third-party cookie blocking solves cross-site request forgeries. This is one of the web's original security vulnerabilities and discussed in communities like OWASP for well over a decade. Those vulnerabilities are now gone in Safari."

More on the move and what it means to developers and website owners is available in the WebKit team's blog post .

All the Chromium-based browsers

The best mobile vpns: expert tested, the best secure browsers for privacy: expert tested, the best vpns for iphone: expert tested.

Manage cookies and website data

Websites often store cookies and other data on your Mac. This data may include information that you have provided, such as your name, email address, and preferences. This data helps websites identify you when you return so the site can provide services for you and show information that might be of interest to you.

By default, Safari accepts cookies and website data only from websites you visit. This helps prevent certain advertisers from storing data on your Mac. You can change options in Safari preferences so that Safari always accepts or always blocks cookies and other website data.

Open Safari for me

Important: Changing your cookie preferences or removing cookies and website data in Safari may change or remove them in other apps, including Dashboard.

Choose Safari > Preferences, click Privacy, then do any of the following:

Change which cookies and website data are accepted: Select a “Cookies and website data” option:

Always block: Safari doesn’t let any websites, third parties, or advertisers store cookies and other data on your Mac. This may prevent some websites from working properly.

Allow from current website only: Safari accepts cookies and website data only from the website you’re currently visiting. Websites often have embedded content from other sources. Safari does not allow these third parties to store or access cookies or other data.

Allow from websites I visit: Safari accepts cookies and website data only from websites you visit. Safari uses your existing cookies to determine whether you have visited a website before. Selecting this option helps prevent websites that have embedded content in other websites you browse from storing cookies and data on your Mac.

Always allow: Safari lets all websites, third parties, and advertisers store cookies and other data on your Mac.

Remove stored cookies and data: Click Remove All Website Data, or click Details, select one or more websites, then click Remove.

Removing the data may reduce tracking, but may also log you out of websites or change website behavior.

See which websites store cookies or data: Click Details.

Ask websites not to track you: Some websites keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. You can have Safari ask sites and their third party content providers (including advertisers) not to track you.

With this option turned on, each time Safari fetches content from a website, Safari adds a request not to track you, but it’s up to the website to honor this request.

Photo by pine watt on Unsplash

Third-Party Cookie Restrictions for Iframes in Safari

What do you need to know before, introduction, storage access apis, we are hiring.

What is an iframe ?

What are cookies?

What is a third-party cookie?

Have you ever wondered why some websites ask for storage permissions or why some features don't work in certain browsers? Let's dive into the intricacies of third-party cookie restrictions in Safari and how we tackled them!

Safari , Apple's flagship browser, has always been a pioneer in the quest for user privacy and security . In recent years, it has made significant strides in protecting its users from the prying eyes of online trackers by restricting third-party cookies .

In the following discussion, we will delve into a specific challenge encountered within this privacy-focused paradigm. This blog aims to unravel the complexities of seeking storage permission in Safari, particularly when our content is loaded within an iframe and relies on third-party cookies.

The predicament arose as we endeavored to integrate our React-based web app into an iframe hosted on a different domain. This intersection of domains posed a unique challenge, prompting us to explore innovative solutions to seamlessly navigate the intricacies of Safari's third-party cookie restrictions.

Our application uses cookies for authentication. In one of the use cases, it was being rendered inside an iframe. The parent HTML document that was rendering the iframe was being hosted on an entirely different domain.

In other browsers, our application within the iframe was able to access the cookies but not in Safari. Safari uses Intelligent Tracking Prevention(ITP ) to control the access of third-party cookies.

ITP aims to prevent third-party cookies, making them inaccessible in iframes unless certain conditions are met. These conditions can be found in the Webkit's official announcement .

"Third-party cookie access can only be granted through the Storage Access API."

Let's look at parts of this API that concern our problem:

document.hasStorageAccess API Doc

This API is used to check cookie storage access. This will return false for third-party cookies in the case of the Safari browser.

document.requestStorageAccess API Doc

This API is used to ask for third-party storage(cookie) access explicitly from the user.

Both of the above APIs are available in Safari as well as in other browsers .

Webkit's official documentation explains the steps to use these APIs & the rest of the user flow(which is the basis for the following solution). We recommend giving it a read before moving ahead with this post.

The solution described below is not the only one but will help you in designing solutions for your use cases. You can also design a solution as per your needs by following the guide mentioned here .

We are using react so the above-mentioned solution is written in the concepts of react.

We have created separate utility functions in the helper file.

The above code is to make the browser API abstract from the actual implementation. These functions are what we are going to call.

Then after, we created a new file named useStoragePermissions.tsx and added the below-mentioned code.

Using the above hook we have exposed below three states:

needPermission : This will be true when the browser is Safari and it has support for hasStorageAccess and requestStroageAccess

Hint: Use this boolean while consuming this hook to decide when to call askForPermission and haveCheckedPermission .

askForPermission : This is the function that the consumer could call to request the user to give storage access permission

haveCheckedPermission : This is a boolean which will be true after calling askForPermission in the case of needPermission is true initially.

To consume the above hook, we have followed the below-mentioned steps:

We have mounted and created a hook in #2 at the initialization part of the app. Use the needPermission state from it and proceed ahead as normal when needPermission is false .

We created some other routes user-access-flow that show a button with some text like Set Cookie . And onClick of it, we set the cookie.

This is where we are actually calling authentication-related APIs and then the server is setting up cookies.

Once this cookie is set, close this tab using window.close()

Now when, needPermission is true

We show the user some text like, " Click here and click on the Set-Cookie button on the newly opened tab " and on click of it, redirect the user to the route created in above step 2.

Now, when a user comes back from that route, call askForPermission on click of some button. Which should ask the user to give storage permission.

Once the user clicks on Allow the button, your website is authorized to store and access third-party cookies and now you can continue with business logic.

We have also kept this thing in mind that this consent will be revoked if the user cleans up the browser history and does not visit that domain for 7 days. These constraints are already mentioned here

If you have faced such issues while developing or browsing such issues, please share those in the comments. We will be more than happy to read and comment more on those.

If solving challenging problems at scale in a fully remote team interests you, head to our careers page and apply for the position of your liking!

📢 Newsroom Update

The iPhone 16 and iPhone 16 Pro lineups, Apple Watch Series 10, the new black titanium Apple Watch Ultra 2, AirPods 4, and new colors for AirPods Max are now available! Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple ID , you can provide valuable feedback to other community members by upvoting helpful replies and User Tips .

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Safari still blocking third party cookies even cookie blocking and cross site checking is OFF

I am using Safari Version 13.0.4 (15608.4.9.1.3) on mac OS Catalina 10.15.2

In my Learning Management System CANVAS, Kaltura video, Piazza are embedded. And I got this message:

"It seems your browser is blocking 3rd party session cookies which are required for the Kaltura application. To resolve this issue, please update your settings to allow 3rd party cookies."

I already toggled Block all cookies and Prevent Cross-site tracking on and off. Clear history and cookies. Still doesn't work.

Posted on Jan 19, 2020 7:58 AM

How to Enable 3rd Party Cookies on iPhone iOS for Low Latency Live Streaming

When it comes to live streaming from your iPhone or other Apple device, low latency channels won’t work in Safari unless third-party cookies are enabled. In order to set yourself up for success from the start, you must enable cookies on your Apple device. In this article, we will show you how to enable cookies on:

Mac OS Sierra
Mac OS High Sierra
iPhone iOS 14
iPhone iOS 13

For more information on setting up low latency streaming, please read our dedicated guide .

Table of Contents

How to Enable Cookie on Mac OS Sierra

STEP 1: Open Safari

STEP 3: Click “Privacy”

STEP 4: Change which cookies and website data are accepted by selecting the “Cookies and Website Data” option

STEP 5: Choose between these three options:

Allow from the current website only : Safari accepts cookies and website data only from the website you’re currently visiting. Websites often have embedded content from other sources. Safari does not allow these third parties to store or access cookies or other data.
Allow from websites I visit : Safari accepts cookies and website data only from websites you visit. Safari uses your existing cookies to determine whether you have visited a website before. Selecting this option helps prevent websites that have embedded content on other websites you browse from storing cookies and data on your Mac.
Always allow : Safari lets all websites, third parties, and advertisers store cookies and other data on your Mac.

How to Enable Cookies in Safari in macOS High Sierra

STEP 1: Open Safari from your Dock or Applications folder

STEP 2: Click “Safari” in the Menu bar.

STEP 3: Click “Preferences”

STEP 4: Click “Security”

STEP 5: Click “Privacy”

STEP 6: Uncheck the “Block all cookies” box

How to Enable Cookies in Safari for iOS 13 and 14

STEP 1: From your home screen, go to “Settings”

STEP 2: Scroll down and select “Safari”:

Dacast 3rd Party Cookies on iPhone iOS 13 - Safari Settings

STEP 3: Make sure “Block All Cookies” and “Prevent Cross-Site Tracking” are turned off:

Dacast 3rd Party Cookies on iPhone iOS 13 - cookie Settings

Mobile Streaming with Dacast

While we’re on the topic of iPhones and other mobile devices, we’d like to point out that Dacast fully supports mobile streaming in the sense that you can stream from a mobile device and that our video player is compatible with mobile streaming. In fact, with the help of our mobile SDKs , you can build a live streaming app of your own. Using mobile streaming to make your broadcasts more accessible for viewers will help you reach a wider audience.

If you have any questions about iOS streaming settings or need help with this Dacast feature, feel free to contact us directly. Not yet a Dacast user, and interested in trying Dacast risk-free for 14 days? Sign up today to get started.

get started for free

Additional Resources:

Mobile Live Streaming: How Do I Stream Using NanoStream?
Best Live Video Streaming Apps for Mobile
Live Streaming Apps for iPhone with RTMP iOS Ingest
Introduction to Live Streaming with Dacast: A Walkthrough
Web Browser Compatibility with Dacast’s Live Streaming Platform

Jose is a part of the Dacast Customer Onboarding team and started working with the company in 2016. He has vast experience in customer service/engagement and live streaming support.

Safari User Guide

Change your home page
Import bookmarks, history and passwords
Make Safari your default web browser
Go to websites
Find what you’re looking for
Bookmark web pages that you want to revisit
See your favourite websites
Use tabs for web pages
Pin frequently visited websites
Play web videos
Mute audio in tabs
Pay with Apple Pay
Autofill credit card info
Autofill contact info
Keep a Reading List
Hide ads when reading articles
Translate a web page
Download items from the web
Share or post web pages
Add passes to Wallet
Save part or all of a web page
Print or create a PDF of a web page
Customise a start page
Customise the Safari window
Customise settings per website
Zoom in on web pages
Get extensions
Manage cookies and website data
Block pop-ups
Clear your browsing history
Browse privately
Autofill username and password info
Prevent cross-site tracking
View a Privacy Report
Change Safari preferences
Keyboard and other shortcuts
Troubleshooting

Manage cookies and website data in Safari on Mac

You can change options in Safari preferences so that Safari always accepts or always blocks cookies and website data .

Open Safari for me

Prevent trackers from using cookies and website data to track you: Select “Prevent cross-site tracking”.

Cookies and website data are deleted unless you visit and interact with the trackers’ websites.

Always block cookies: Select “Block all cookies”.

Websites, third parties and advertisers can’t store cookies and other data on your Mac. This may prevent some websites from working properly.

Always allow cookies: Deselect “Block all cookies”.

Websites, third parties and advertisers can store cookies and other data on your Mac.

Remove stored cookies and data: Click Manage Website Data, select one or more websites, then click Remove or Remove All.

Removing the data may reduce tracking, but may also log you out of websites or change website behaviour.

See which websites store cookies or data: Click Manage Website Data.

Note: Changing your cookie preferences or removing cookies and website data in Safari may change or remove them in other apps.

IMAGES

How to Enable Third-Party Cookies in Safari Mac [2024]
How to allow 3rd party cookies in safari in iPhone and ipad, iPhone x
Safari Jungle thème decorated sugar cookies Safari Party, Safari Theme
Enable Third-party Cookies on Safari [Mac
How to Allow 3rd Party Cookies on Mac [Safari, Firefox & Chrome
How to Allow Third-Party Cookies on Safari (Mac, iPhone and iPad

VIDEO

3rd Row Space Review
How to Prepare For The Sunset of 3rd Party Cookies
C is for Cookie
Das Ende der 3rd Party COOKIES
Jak nebýt závislý na 3rd party cookies!
How to Manage Cookies in Safari

COMMENTS

Enable cookies in Safari on Mac
Go to the Safari app on your Mac. Choose Safari > Settings, then click Advanced. Deselect "Block all cookies.". Websites, third parties, and advertisers can store cookies and other data on your Mac. Select "Block all cookies" to disable cookies. This may prevent some websites from working properly. . Support.
How to Allow 3rd Party Cookies on Mac [Safari, Firefox & Chrome]
Allow Third-Party Cookies on Safari. Here are the steps to allow 3rd-party cookies on Safari. iOS (iPad and iPhone) settings are the same because they share the same operating system. Allow 3rd-party Cookies on Mac. Step1. Launch the Safari browser by clicking its icon (it looks like a blue compass). Step 2. Click "Safari > Preferences."
Apple updates Safari's anti-tracking tech with full third-party cookie
Apple has an update out for Safari's Intelligent Tracking Prevention tool set that makes its web browser even more secure. Now, Safari blocks all third-party cookies by default, with no ...
Saying goodbye to third-party cookies in 2024
Saying goodbye to third-party cookies in 2024. Chris Mills December 7, 2023 8 minute read. The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024 — starting with 1% of users from Q1 2024 to facilitate testing and ramping up from there.
How to Enable Cookies in Safari: On a Mac, iPhone, or iPad
Enabling Cookies on a Mac. Download Article. 1. Open Safari and click the Safari menu. While Safari is open, you'll see the "Safari" menu at the top of your Mac's screen. [1] 2. Click Preferences…. This option is near the top of the menu.
Manage cookies and website data in Safari on Mac
Always allow cookies: Deselect "Block all cookies.". Websites, third parties, and advertisers can store cookies and other data on your Mac. Remove stored cookies and data: Click Manage Website Data, select one or more websites, then click Remove or Remove All. Removing the data may reduce tracking, but may also log you out of websites or ...
How to allow 3rd party cookies on safari?
Safari Default. Blocking 3rd Party Cookies. Allowing 3rd Party Cookies. Action: Block: Deny: Allow: Effect: User data is not stored on websites: User data is stored on websites, except for 3rd parties
Prevent cross-site tracking in Safari on Mac
Unless you visit and interact with the third-party content provider as a first-party website, their cookies and website data are deleted. Social media sites often put Share, Like or Comment buttons on other websites. These buttons can be used to track your web browsing — even if you don't use them. Safari blocks that tracking.
Safari Now Blocks All Third-Party Cookies
By Matthew Humphries. March 25, 2020. There's increasing calls for privacy online, and Apple has reacted by making Safari the first mainstream browser to block all third-party cookies by default ...
How To Allow Third-Party Cookies on Mac for Safari, Chrome and Firefox
In just a few simple clicks, Safari can accept all third-party cookies. How to Allow Third-Party Cookies with Google Chrome. Of course, Safari isn't for everybody, so let's take a look at how ...
Apple updates Safari on iOS and Mac to block third-party cookies
Apple's giving Safari on iOS and MacOS an update to help. Announced Tuesday by Apple WebKit engineer John Wilander in a blog post on the WebKit site, the move fully blocks third-party cookies ...
WebKit Features in Safari 18.0
Then in 2021, we removed support for AppCache from Safari 15.0, with a few exceptions for third-party users of WKWebView. Now we are removing those exceptions. This change to WebKit will only affect the rare web content loaded in older third-party apps that have JavaScript code which relies on the existence of AppCache related interfaces. SVG
How to Enable Third-Party Cookies on Safari
By default, Safari blocks third-party cookies for privacy and security reasons. To enable third-party cookies, uncheck the box next to "Block all cookies." This action will allow both first-party and third-party cookies to be stored on your device. Confirm the Changes: After unchecking the "Block all cookies" option, Safari will prompt you to ...
Third-party cookies: How to stop them from tracking you across the web
In 2020, Apple updated Intelligent Tracking Prevention in Safari and, in 2021, Mozilla rolled out Total Cookie Protection in Firefox to clamp down on tracking via third-party cookies.
Apple blocks third-party cookies in Safari
Starting today, with the release of Safari 13.1 and through updates to the Intelligent Tracking Prevention (ITP) privacy feature, Apple now blocks all third-party cookies in Safari by default.
Manage cookies and website data using Safari
Safari uses your existing cookies to determine whether you have visited a website before. Selecting this option helps prevent websites that have embedded content in other websites you browse from storing cookies and data on your Mac. Always allow: Safari lets all websites, third parties, and advertisers store cookies and other data on your Mac.
Understanding First-Party and Third-Party Cookies, and Their
As a result, browsers like Safari and Firefox have taken steps to block third-party cookies by default. Created by domains other than the current website Third-party cookies are generated by external domains, such as advertisers or analytics services, rather than the site being visited.
Safari is blocking 3rd party session cook…
Safari is blocking 3rd party session cookies - iPad Air M1 with iPadOS 18. Hello, Since I updated to the new iPadOS18, it again block my learning platform in Moodle Kaltura with 3rd party session cookies. I use this to view video from Kaltura sources and Moodle, which I believe it's so far really safe contents. ...
Third-Party Cookie Restrictions for Iframes in Safari
This will return false for third-party cookies in the case of the Safari browser. document.requestStorageAccess API Doc. This API is used to ask for third-party storage (cookie) access explicitly from the user. Both of the above APIs are available in Safari as well as in other browsers. Webkit's official documentation explains the steps to use ...
Is there any workaround to set third party cookie in Iframe for safari
Safari never accepts third-party cookies. Safari wasn't a huge problem for industry before iPad appeared and gained huge popularity. Studies shows that iPad users tend to shop online even more than usual PC guys. Trick 1.0 (not working anymore) In fact Safari sometimes doesn't reject third-party cookies. It happens than user did some action ...
Safari still blocking third party cookies…
"It seems your browser is blocking 3rd party session cookies which are required for the Kaltura application. To resolve this issue, please update your settings to allow 3rd party cookies." I already toggled Block all cookies and Prevent Cross-site tracking on and off. Clear history and cookies. Still doesn't work.
Enable cookies in Safari on Mac
Go to the Safari app on your Mac. Choose Safari > Settings, then click Advanced. Deselect "Block all cookies". Websites, third parties and advertisers can store cookies and other data on your Mac. Select "Block all cookies" to disable cookies. This may prevent some websites from working properly. . Support.
Enable 3rd Party Cookies on iPhone iOS Safari
Always allow: Safari lets all websites, third parties, and advertisers store cookies and other data on your Mac. How to Enable Cookies in Safari in macOS High Sierra. STEP 1: Open Safari from your Dock or Applications folder. STEP 2: Click "Safari" in the Menu bar.
Safari 3rd party cookie iframe trick no longer working?
4. Chrome 19+ with the (thankfully) non-default "Block third-party cookies and site data" option checked is /even harsher/ than Safari's default "Block cookies from third parties and advertisers" setting. In chrome, even if you visit the 3rd party domain and have cookies set, they will not be transmitted to the iframe.
Manage cookies and website data in Safari on Mac
Always block cookies: Select "Block all cookies". Websites, third parties and advertisers can't store cookies and other data on your Mac. This may prevent some websites from working properly. Always allow cookies: Deselect "Block all cookies". Websites, third parties and advertisers can store cookies and other data on your Mac.

In This Article

Related Articles

Allow 3rd-party Cookies on Mac

Allow 3rd-Party Cookies on iPhone or iPad

Allow Third-Party Cookies on Chrome

Don’t Miss…

Apple updates Safari’s anti-tracking tech with full third-party cookie blocking

Share this story

Don’t ever hand your phone to the cops

More from Policy

The EU’s tough new moderation rules are about to cover a lot more of the internet

Apple unbanned Epic so it can make an iOS games store in the EU

New bill would let defendants inspect algorithms used against them in court

Kids Online Safety Act gains enough supporters to pass the Senate

Saying goodbye to third-party cookies in 2024

The problem with cookies

How browsers have responded to this

Google's long(er) game

How this affects web developers

Previous Post Baseline's evolution on MDN

How to Enable Cookies on an iPhone, iPad, or Mac Browser

Enabling Cookies on a Mac

Enabling Cookies in Safari on Mac or iPhone

Community Q&A

You Might Also Like

About This Article

Is this article up to date?

Featured Articles

Trending Articles

Watch Articles

How to allow 3rd party cookies on safari?

Save money with car insurance and credit card tips!

Leave a Comment Cancel Reply

How To Allow Third-Party Cookies on Mac for Safari, Chrome and Firefox

How to Allow Third-Party Cookies with Safari

How to Allow Third-Party Cookies with Google Chrome

How to Allow Third-Party Cookies with Mozilla Firefox

What About Other Browsers?

Leave a Reply Cancel reply

WIN an iPhone 16 Pro!

Apple updates Safari on iOS and Mac to block third-party cookies

Computing Guides

WebKit Features in Safari 18.0

New in Safari 18

Distraction Control

iPhone Mirroring and remote inspection

Opening links

Extension support

View Transitions

Style Queries

currentcolor and system color keywords in Relative Color Syntax

Translucent accent colors

Animating display

Backdrop Filter

Content visibility

Spatial photos and panoramas

Shaping interaction regions on visionOS

Video on visionOS

Writing Suggestions

Date and time inputs

Accessibility

Authentication

Web Animations

Web Assembly

Web Extensions

How To Enable Third-Party Cookies On Safari

Introduction

Understanding Third-Party Cookies

Why Enable Third-Party Cookies on Safari

Seamless Cross-Site Functionality

Enhanced Personalization

Uninterrupted E-Commerce Functionality

Access to Certain Services and Platforms

Steps to Enable Third-Party Cookies on Safari

Leave a Reply Cancel reply

Related Post

How Do I Allow 3Rd Party Cookies On Safari

How To Enable Cookies In Safari On Mac

How To Block All Cookies In Safari

What Is Cross-Site Tracking In Safari