Safari 14 Detects and Limits CNAME Cloaking Cookies

Safari app icon

An update to the Intelligent Tracking Prevention (ITP) used in Safari 14 will cap the expiration of CNAME cloaking cookies to seven days. This works on iOS 14 and iPadOS 14, but on the Mac it’s limited to macOS Big Sur.

Safari 14 and CNAME Cloaking

CNAME cloaking is a method that uses DNS to disguise a third-party tracker as a first-party tracker. It’s a way to circumvent technologies like Intelligent Tracking Prevention, but not anymore in Safari 14.

According to NextDNS, there are currently six major tracking companies that make use of CNAME cloaking:

  1. Eulerian
  2. AT Internet
  3. Keyade
  4. Adobe Marketing Cloud
  5. Criteo
  6. Commanders Act

Websites that use it are also mentioned, like ArsTechnica, Fox News, Walmart, BBC, WebMD, and so on. Now, Intelligent Tracking Prevention can detect third-party CNAME cloaking requests and cap the cookie expiration in the HTTP response to seven days, the same length of time it imposed on certain other resources like script-write able storage.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!