Apple’s annual Worldwide Developer Conference in late June this year included a couple of big announcements around Apple’s approach to privacy in their software. The new Privacy Report in Safari 14 (on all platforms) uses DuckDuckGo’s tracker radar list to detail which of the most prominent tracking-capable domains have been flagged by Intelligent Tracking Prevention (ITP) in the user’s browser. Apple also announced that the WKWebView class, which all iOS and iPadOS (the operating systems for iPhones and iPads, respectively) must use, will include WebKit’s ITP mechanisms on by default.
With Intelligent Tracking Prevention, the Safari browser is on a crusade against cross-site tracking. One of the most obvious and long-standing ways to battle cross-site tracking has been to block third-party cookies in the web browser, and this is exactly what Safari does by default. However, Google Tag Manager’s Preview mode relies on a third-party cookies, so that it can serve you the draft version of the container while serving the regular, live container to your site visitors.
Last updated 11 September 2020: Added important note about how the custom domain should be mapped with A/AAAA DNS records rather than a CNAME record. Ah, Safari’s Intelligent Tracking Prevention - the gift that keeps on giving. Having almost milked this cow for all it’s worth, I was sure there would be little need to revisit the topic. Maybe, I thought, it would be better to just sit back and watch the world burn.
Updated 1 October 2019 With ITP 2.3 it looks like Safari is reducing the usefulness of localStorage as well, so using that as an alternative fix to persistence issues should not be considered future-proof. this solution should not be considered future-proof. Updated 12 March 2019 with some minor clarifications.. On 21st February 2019, WebKit announced the release of the latest iteration of Safari’s Intelligent Tracking Prevention (ITP), known as ITP 2.
Updated 1 October 2019 With ITP 2.3 it looks like Safari is reducing the usefulness of localStorage as well, so this solution should not be considered future-proof. The only stable way to persist client-side data at the moment seems to be HTTP cookies. Updated 7 March 2019 - Added some extra caveats to this solution. Also, be sure to read my article on ITP 2.1, which has far more detail on what Intelligent Tracking Prevention is and how to work with it.