Actual Released Version Removes Link Tracking Protection (134226694) — Safari Will Not Automatically Strip gclid or fbclid
At this year’s WWDC in July, Apple announced that Safari would introduce a new privacy feature called Advanced Tracking and Fingerprinting Protection (ATFP). This suite of mechanisms includes several major privacy enhancements and was expected to have a significant impact on the advertising and analytics industries.
ATFP was initially rolled out in the Safari Technology Preview. Based on historical patterns, Technology Preview features usually appear in the stable release after about three months, so many anticipated its arrival in the October stable version.
What is ATFP?
Advanced Tracking and Fingerprinting Protection (ATFP) is Safari’s comprehensive framework designed to strengthen user privacy. It includes multiple mechanisms to limit tracking via URLs and device fingerprinting.
What Does ATFP Include?
Two privacy-related features were highlighted:
- Added support for filtering tracking paramaters in links in regular browsing mode. (134226694)
- Added support for preventing fingerprinting for known tracking scripts. (134227067)
Official release notes: https://developer.apple.com/documentation/safari-release-notes/safari-26-release-notes
The corresponding is:
- Link Tracking Protection (LTP) — 134226694:LTP automatically removes advertising tracking parameters such as gclid, fbclid, msclkid, etc. In iOS 17, this feature was enabled only in Private Browsing,read more: A Complete Explanation of Apple’s Link Tracking Protection (LTP). According to early information, Safari 26 was expected to enable it by default in normal browsing mode, preventing unintended leakage of tracking identifiers.
- Advanced Fingerprinting Protection — 134227067: Safari now standardizes device information to reduce the uniqueness of browser fingerprinting (generating a unique user identity based on device configurations such as screen resolution, fonts, and GPU), making browser-based fingerprinting more difficult.
Impact on Advertising, Marketing, Analytics, and Programmatic Ecosystems
- URL parameters (gclid / fbclid / msclkid / click-ID) might be stripped, leading toinaccurate ad click attribution,incomplete data for third-party analytics tools
- Advanced fingerprinting protection makes user identification harder,affects cross-site tracking, retargeting, frequency capping, and ID mapping
How to Respond (Example: GA4)
Using GA4 as an example, the way to address link tracking protection is to rename the existing ID, such as gclid, to haranid. Safari will then delete gclid, and your landing page will be
https://yourwesite.com/?haranid=CjwKCAjwtfvEBhAmEiwA-DsKjn4iVaWK4
In the basic GA4 configuration, change haranid to gclid, overwriting page_location. The data sent to GA4 will be the gclid.
GA4 is not useful for advanced fingerprinting and should be ignored.
Current Status
The actual released version of Safari has removed Link Tracking Protection (134226694).
Safari 26 does not automatically remove gclid or fbclid.
This means the previously expected automatic stripping of advertising tracking parameters will not occur in the final stable release.
Referral: