Every time I set up Safari, whether it’s on a new Mac or after a clean install, I immediately adjust these six essential security settings. They’re simple tweaks that dramatically improve your privacy and safety while browsing, without affecting usability.
Prevent Cross-Site Tracking
It’s not just you: everyone has ads following them around the internet that are often suspiciously relevant. This is because digital advertising companies use a technology called cross-site tracking to keep tabs on your browsing activity. Although this has the supposed benefit of making the ads you see more personalized, it’s way more invasive than most people realize. Companies can use this technology to build detailed profiles of your browsing habits, essentially creating a digital fingerprint of your online persona.
While some argue that tracking improves your browsing experience through personalized content, I’ve found the privacy trade-off isn’t worth it. Open Safari’s settings (or preferences on older versions), either by clicking Safari > Settings in the menu bar or with the Command-Comma keyboard shortcut, and click “Privacy.” Then, look for the “Prevent Cross-site Tracking” checkbox, and enable it. This creates a virtual wall between different websites, making it significantly harder for advertisers to build that comprehensive profile of your online activity.
Warn When Visiting Risky Websites
The internet can be a dangerous place, which is why I always enable both of Safari’s warning systems. The first alerts you about fraudulent websites, like fake banking sites and sketchy download pages that try to steal your information. The second warning catches sites with invalid security certificates, which could indicate someone trying to intercept your data.
These features have saved my family members more than once, especially when clicking through email links or searching for software. To enable them, head to Safari’s settings as explained above, and click “Security.” You’re looking for two crucial options: warnings for fraudulent websites and insecure websites. Enable both. Yes, you might occasionally hit a false positive, but I’d rather have an extra warning than walk into a cyber trap.
Use Advanced Tracking and Fingerprinting Protection
Browser fingerprinting is like a digital version of those old-school detective techniques—websites collect seemingly innocent details about your browser setup to create a unique identifier. It’s surprisingly effective, even with regular tracking blocked. The good news? Safari has some clever tricks to combat this.
First, open the Safari settings window. You may be able to get to the advanced settings menu by simply clicking “Advanced,” but if you don’t see that option, you can enable it by clicking “Privacy,” then “Advanced Settings.” Once you’re there, enable the “Use advanced tracking and fingerprinting protection” setting. You can also choose whether the setting applies to all your browsing activity, or just Private Browsing sessions. Personally, I’ve experienced no issues when leaving it on for all of my browsing.
Require Touch ID to View Locked Tabs
Private browsing is great until someone borrows your computer while you’re still logged into your banking site. That’s why I love Safari’s Touch ID integration—it adds an extra security layer to your private browsing tabs.
In “Privacy” within Safari’s settings, look for the Touch ID requirement option for private browsing tabs. Once enabled, you’ll need to authenticate with Touch ID or your password to view these tabs after returning to your Mac. It’s a small change that can save you from awkward situations, whether your private tabs contain banking information or other types of sensitive sessions.
Disable Location Services
Location services are convenient, but they’re also a privacy liability. I’ve seen too many websites request location access without any real need for it. One approach is to simply keep it off by default and enable it only for services that genuinely need it, like maps or weather apps. Open System Settings from the Apple menu, head to Privacy & Security, and find Location Services. Scroll until you see Safari in the app list.
Alternatively, you can enable Safari’s location access while restricting each page you visit by adjusting Websites settings in Safari. You can set it to “Deny” for maximum privacy, but I prefer “Ask” for flexibility. This way, when your favorite weather site needs to show local conditions, you can grant temporary access without leaving a permanent location tracking permission enabled.
iCloud Private Relay vs. VPN
If you’re an iCloud+ subscriber, Private Relay is included with your subscription—but you may be wondering what “Private Relay” is exactly, or maybe how it compares to a traditional VPN. While both tools help hide your IP address and encrypt your traffic, they function in fundamentally different ways that may result in you preferring one over the other.
When you visit a website with Private Relay enabled, your traffic first goes through an Apple-operated relay that knows your IP address but can’t see which sites you’re visiting. Your data then bounces to a second relay, run by a different company, which can see your destination but has no idea who you are. This two-step process means that no single entity—not even Apple—should be able to link your identity and browsing habits together.
Traditional VPNs, on the other hand, are like a private tunnel. Your traffic goes through a server operated by your VPN provider, and from there to your destination. While reputable VPN services promise not to log your activity, you’re still putting a lot of trust in one company. The trade-off is that VPNs offer more flexibility: you can often choose settings like your server location, and protect your traffic from all the apps on all your devices.
Private Relay has some considerations as well. It only works in Safari and won’t let you choose a specific country for your IP address—it just ensures you’re connecting from somewhere in your general region. For streaming fans, this means Private Relay won’t help you access international Netflix libraries or other geo-restricted content.
To enable Private Relay, open System Settings, click your Apple ID, select iCloud, and find the Private Relay option. I typically use it for everyday browsing since I love the split-relay approach for basic privacy. Also, Private Relay’s performance impact is usually minimal since it uses Apple’s content delivery network. Traditional VPNs can sometimes slow down your connection more significantly, especially if you’re connecting to distant servers. But I switch to my VPN when I need to appear in a specific country, access region-locked content, or protect non-Safari apps.
It’s like having both a bulletproof vest and a full suit of armor—Private Relay provides excellent everyday protection, while a VPN offers more comprehensive coverage for specific needs.
These six settings form the foundation of a secure browsing experience in Safari. While they might occasionally need an extra click here or there—like allowing location access for a map or temporarily disabling Private Relay for a stubborn website—the privacy benefits far outweigh these minor inconveniences. Make it a habit to check these settings after major Safari updates, as preferences can sometimes reset during the update process. Remember, in today’s digital world, a little paranoia about privacy goes a long way toward keeping you safe and secure when online.
