How to Enable Cross-Site Tracking in Safari | Toggle the Privacy Lock

Enabling cross-site tracking in Safari requires turning off the built-in “Prevent Cross-Site Tracking” feature—a global setting that cannot be adjusted for specific websites.

That bank’s bill-pay portal, the travel site that keeps bouncing you to the login page, or a dashboard that refuses to load—these are the moments when Safari’s strong privacy lock gets in the way. Enabling cross-site tracking in Safari isn’t about finding an “allow” button. It’s about turning off a single system-level toggle that applies to every site you visit.

What “Enable Cross-Site Tracking” Actually Means

Safari prevents third-party cookies and site data from following you across the web by default. The feature responsible is called Prevent Cross-Site Tracking, introduced in 2020 with Safari 14. Apple is upfront: when it’s on, websites that rely on embedded content from other domains—payment widgets, social logins, ad pixels—can break.

“Enabling cross-site tracking” is effectively disabling that protection. It’s a binary choice. There is no per-site whitelist. You either allow all cross-site tracking or block it all. Knowing this upfront saves hours of digging through website settings panels that don’t exist.

How to Enable Cross-Site Tracking on macOS (Safari 14+)

The steps depend on whether you run macOS 13 (Ventura) and later, or an earlier version. The current naming on Sonoma and Sequoia is Settings. Here is the sequence for modern versions:

  1. Open the Safari app.
  2. From the top menu bar, select Safari > Settings (if you are on macOS 12 or earlier, the menu item is Preferences).
  3. Click the Privacy tab in the settings window.
  4. Find the checkbox labeled Prevent cross-site tracking.
  5. Uncheck the box to disable the feature. This is what allows cross-site tracking to occur.
  6. Close the settings window. The change takes effect immediately.

If you need to revert, simply check the box again. The official documentation for this procedure is maintained by Apple and covers edge cases like what happens with iCloud Private Relay and local network access. Apple’s guide to preventing cross-site tracking confirms the global nature of the setting.

How to Enable Cross-Site Tracking on iPhone and iPad (iOS 14+)

The mobile path is similar but lives in the system Settings app rather than inside Safari itself. This is a common point of confusion for users accustomed to desktop browsers.

  1. Open the Settings app on your iPhone or iPad.
  2. Scroll down and tap Safari.
  3. Scroll to the Privacy & Security section.
  4. Locate the toggle for Prevent Cross-Site Tracking.
  5. Tap the toggle to turn it OFF (the switch will turn gray).
  6. If you still experience issues, check the Block All Cookies toggle directly below it. This setting blocks all cookies, including first-party ones, which is stricter than the cross-site tracking rule and will break most logins. Turn it off as well if you need full functionality.

Can You Enable Cross-Site Tracking for One Site Only?

No. This is the most persistent myth about Safari privacy settings. The toggle is global. You cannot allow tracking for your bank’s website while blocking it for ad networks. Apple has not built a per-site exception list into this feature. If you need tracking on one site, you must disable the protection for all sites.

Some power users attempt to work around this by using a different browser (Chrome or Firefox) for the specific site and keeping Safari locked down. That is the only reliable method if you need strict separation.

Device and OS Compatibility Reference

The setting is widely available, but the menu label and location changed with major OS releases. This table covers the combinations you are most likely to encounter.

Device Minimum OS Version Safari Version Settings Path
Mac macOS 14 (Sonoma) / 15 (Sequoia) Safari 17 / 18 Safari > Settings > Privacy
Mac macOS 13 (Ventura) Safari 16 Safari > Settings > Privacy
Mac macOS 11 (Big Sur) / 12 (Monterey) Safari 14 / 15 Safari > Preferences > Privacy
iPhone iOS 17 / 18 System Safari Settings > Safari > Privacy & Security
iPhone iOS 14 / 15 / 16 System Safari Settings > Safari > Privacy & Security
iPad iPadOS 17 / 18 System Safari Settings > Safari > Privacy & Security
iPad iPadOS 14 / 15 / 16 System Safari Settings > Safari > Privacy & Security

Common Pitfalls That Break Cross-Site Tracking

Three mistakes cause almost all the “it still doesn’t work” support threads on Apple Discussions and Reddit.

  • Looking for an “Allow” button. Users expect a popup similar to location permissions. Safari does not offer one. You must uncheck the prevention feature manually.
  • Forgetting “Block All Cookies.” Disabling “Prevent Cross-Site Tracking” is insufficient if the stricter “Block All Cookies” toggle is still on. This setting lives in the same Privacy & Security menu on iOS and in the Advanced tab on macOS. Make sure both are off.
  • Leaving it off permanently. The biggest privacy risk is forgetting to re-enable the protection. Users disable it for a legitimate site, complete their task, and never toggle it back on, leaving the browser vulnerable to third-party tracking across the web permanently.

The Safest Ritual for Handling Cross-Site Tracking

Treat enabling cross-site tracking as a temporary override, not a permanent change. This approach keeps your default browsing private and limits exposure to the few minutes it takes to complete a specific task.

  1. Disable “Prevent Cross-Site Tracking” in Safari’s privacy settings before you visit the site that requires tracking.
  2. Complete your transaction, login, or dashboard access. Verify the site loads and works as expected.
  3. Re-enable “Prevent Cross-Site Tracking” immediately afterward by checking the same box or toggling the same switch back to ON.

If you find yourself doing this frequently for the same site, consider using a dedicated secondary browser like Chrome or Firefox just for that site. It lets you keep Safari locked down full-time without the manual ritual.

References & Sources

Please use a real email you check. If it's fake or mistyped, your message won't reach us and we can't reply — wrong addresses are rejected automatically.