Guidance Needed: Safari ITP's Link Tracking Protection Impacts Legitimate App Functionality

Area: WebKit (Safari)

Description:

I am reporting an issue where our application's core functionality is being broken by Safari's Intelligent Tracking Prevention (ITP).

ITP's "Link Tracking Protection" feature automatically strips specific query parameters from URLs. We understand this is an intentional privacy feature. However, our application requires these query parameters to carry essential, non-tracking data, such as authentication tokens or specific app-state information to function correctly.

When a user navigates to our site, Safari strips these parameters, this means our client-side application never receives the necessary data, which breaks core features and leads to a failed user experience. This is a significant issue for our application as it prevents users from accessing their content.

We are seeking guidance on how to resolve this.

Questions for Apple:

1. Is there a recommended way to identify and flag essential, non-tracking query parameters so that Safari's ITP does not strip them? Our parameters are critical for app functionality, not for third-party tracking.
2. What is the recommended best practice for building web applications that rely on URL parameters while adhering to ITP's privacy-first model? We want to ensure our application is compatible with modern browser privacy features without compromising functionality.
3. Could you provide a detailed explanation of what criteria ITP uses to decide which parameters to strip? Understanding the underlying logic would help us restructure our URLs to avoid this issue.

Device Information:

• Operating System: iOS and macOS
• Safari Version: Latest stable versions on both platforms
• Device Models: All relevant models and device types