Privacy & permissions
How to Read Safari's Privacy Report on Mac
Safari's Privacy Report shows which trackers it blocked across the web. Here's how to find it, what the numbers mean, and what to do with the info.
Safari has a built-in privacy report that almost nobody opens. It’s tucked away under the Safari menu, and when you do open it, the numbers can be startling — hundreds of trackers blocked across dozens of websites in a single week. Here’s how to find the report, what the numbers actually mean, and what to do with the information.
How to open the Privacy Report
Two paths:
-
From any open tab: click the shield icon to the left of the address bar. A small panel pops up showing trackers blocked on that specific page, with a “Privacy Report” link at the bottom.
-
From the menu bar: Safari → Privacy Report. This opens the full week-long view across all sites.
If you don’t see the shield icon next to the address bar, that means Intelligent Tracking Prevention (ITP) hasn’t blocked anything on the current page — either because the page has no trackers Safari knows about, or because you’re looking at a page Safari treats specially (system pages, some Apple-operated services).
What the report shows
The Privacy Report has two main views:
Trackers — a list of tracking domains Safari has blocked, sorted by how many sites they tried to track you on. The biggest names you’ll see are usually:
- doubleclick.net (Google’s ad system)
- google-analytics.com (Google Analytics)
- facebook.com / fbcdn.net (Meta’s pixels)
- googletagmanager.com (Google’s tag delivery)
- amazon-adsystem.com (Amazon’s ad system)
Websites — the sites you visited, sorted by how many trackers they tried to load. This is the more interesting view, because it tells you which sites are most aggressively tracking you.
Both views show data for the past 30 days by default. Older data isn’t retained; the report rotates as new browsing happens.
What “blocked” actually means
When Safari says it blocked a tracker, what specifically happened:
- The tracker’s third-party cookies were deleted or never set
- Cross-site request to the tracker had its cookies stripped
- The tracker was prevented from running fingerprinting scripts that Safari recognizes
- IP address may have been masked through Private Relay if enabled
Safari uses Intelligent Tracking Prevention (ITP), which is a heuristic system. It identifies trackers by behavior patterns — domains that get loaded across many sites in third-party contexts get classified as trackers and have their access constrained.
ITP doesn’t block trackers from loading visually; it just prevents them from accumulating cross-site identity. So you won’t see broken layouts. The trackers’ content (often invisible pixels) loads, but Safari keeps it from learning who you are across sites.
What the numbers don’t tell you
The Privacy Report has limits worth knowing:
-
It only counts trackers Safari recognizes. New trackers, fingerprinting techniques, or first-party tracking from a site itself are invisible to ITP and won’t show up.
-
It doesn’t differentiate “tried but blocked” from “would have tracked you.” A blocked tracker on a site you visited once is treated the same as one on a site you visit daily.
-
It doesn’t cover other browsers. If you also use Chrome or Firefox, those have their own tracking patterns that Safari’s report can’t see.
-
It doesn’t cover apps. Apps with their own analytics SDKs (Google Analytics for Firebase, Meta SDK, etc.) operate outside Safari and are addressed by App Tracking Transparency, not the Privacy Report.
So the Privacy Report is a useful illustration of what Safari is doing, not a complete picture of all tracking on your Mac.
Per-site privacy controls
In the per-site view of the Privacy Report (the one you open from the shield icon while on a page), you can see exactly what was blocked on that page. The breakdown often surprises:
- A news site might load 30+ trackers
- A blog site running a basic analytics setup might load 3
- An e-commerce site might load 50+
Some sites are visibly worse than others. If you find a site you visit often is in the top tier of tracker counts, you have options:
- Open in Private Browsing window (cookies cleared at session end)
- Use a content-blocker extension (1Blocker, AdGuard, etc.)
- Switch to a more aggressively privacy-focused browser for that site
- Decide not to visit it
Most users won’t change their browsing habits based on tracker counts, but knowing the data exists changes how you think about which sites to give your attention.
How to make Safari more aggressive
Safari’s defaults are already strong. To go a bit further:
- Settings → Privacy — confirm “Prevent cross-site tracking” is on (it is by default)
- Settings → Privacy — turn on “Block all cookies” (this breaks some sites; trade-off worth knowing)
- Settings → Search — turn off “Include search engine suggestions” (sends every keystroke in the search bar to your search engine)
- Use Private Browsing for sensitive things; cookies and tracking state are dropped when you close the window
For the determinedly privacy-conscious, consider:
- Adding a content blocker (1Blocker, AdGuard for Safari, Wipr)
- Using Safari’s “Hide IP address from trackers” option (under Settings → Privacy)
- Combining with iCloud Private Relay if you have iCloud+
What about fingerprinting?
Browser fingerprinting is the technique of identifying a user by the unique combination of attributes their browser exposes — fonts installed, screen size, timezone, plugins, GPU model, OS version, and more. ITP can’t fully prevent fingerprinting because the underlying signals are needed for legitimate browser features.
Safari does try. It:
- Reports a generic OS to scripts (it says “Mac” but obscures the exact version)
- Limits the fonts queryable to a standard set
- Constrains the WebGL information available
- Blocks scripts known to be fingerprinting tools
This makes Safari a worse target for fingerprinting than Chrome, but no browser is fully immune. Tor Browser is the standard for fingerprinting-resistant browsing if that’s your specific concern.
Per-website settings
In Safari, you can override defaults per-website:
- Go to the site
- Safari menu → Settings for This Website…
- A dropdown appears with site-specific overrides
Useful options:
- “Disable content blockers” if a content blocker is breaking the site
- “Allow all cross-site tracking” if you genuinely want a site to function fully and don’t care about tracking
- Specific cookie preferences
These are per-domain, persistent until you change them.
What about the App Privacy Report?
Apple’s App Privacy Report is a separate iOS feature that doesn’t have a direct equivalent on Mac. It shows what data each app on your iPhone has accessed. On Mac, the closest analogues are the per-permission audits in System Settings and the network-level visibility you get through tools like Little Snitch, Lulu, or Apple’s own networking tools.
Safari’s Privacy Report covers web tracking. App-level tracking is App Tracking Transparency. Network-level visibility needs separate tools.
Audit checklist
The Privacy Report doesn’t really need an audit — it’s an output of Safari’s automatic tracking prevention. But you can periodically:
- Open Safari → Privacy Report
- Skim the top tracker domains and the top sites
- Note any sites you visit often that have very high tracker counts
- Decide if you want to use a content blocker for those sites
- Confirm “Prevent cross-site tracking” is on under Settings → Privacy
Safari’s Privacy Report is one of those features that’s most useful as a teaching tool. The numbers make abstract “you’re being tracked” claims concrete. After a week or two of normal browsing, the report tells you which trackers are most active on the sites you visit, and what Safari has done about them. You don’t need to act on the data — Safari is acting for you. But knowing it exists changes how you think about the open tabs in front of you.