Intelligent Tracking Prevention 2.3
By limiting the ability to use any script-writeable storage for cross-site tracking purposes, ITP 2.3 makes sure that third-party scripts cannot leverage the storage powers they have gained over all these websites.
[…]
Our research has found that trackers, instead of decorating the link of the destination page, decorate their own referrer URL and read the tracking ID through
document.referreron the destination page.ITP 2.3 counteracts this by downgrading
document.referrerto the referrer’s eTLD+1 if the referrer has link decoration and the user was navigated from a classified domain. Say the user is navigated from social.example to website.example and the referrer ishttps://sub.social.example/some/path/?clickID=0123456789. When social.example’s script on website.example readsdocument.referrerto retrieve and store the click ID, ITP will make sure onlyhttps://social.exampleis returned.[…]
Safari on macOS Catalina now has ITP Debug Mode.
[…]
Our blog post on ITP 2.1 provided guidance on how to protect cookies. We specifically encourage the use of Secure and HttpOnly cookies.
Previously:
