Back in the prehistoric times of July 2023, Apple announced an update to Link Tracking Protection. The official statement went something like this: in Messages, Mail, and Safari’s Private Mode, tracking parameters in URLs would be stripped out. Naturally, marketers and analysts read this as “Apple is coming for our UTMs!” and immediately started hyperventilating.
If you’re a CMO, marketer, or analyst, you probably had the correct reaction: panic… then wait and see.
Fast forward to July 2024, and we finally got some clarity with Private Browsing 2.0. According to WebKit’s official documentation:
As its name suggests, the campaign above represents a parameter that’s only used for campaign attribution, as opposed to click or user-level tracking. Safari allows such parameters to pass through.
Translation: Click IDs are getting the axe, but campaign parameters (like UTMs) are safe. To prove this, I even ran an experiment, opening decorated URLs in different browsers.
The TL;DR Version:
- Tracking parameters are only removed in Private Browsing mode (unless a user manually cranks up the privacy settings).
- Safari strips known click IDs (gclid, dclid, fbclid, twclkd, msclkid, mc_eid, igshid), but UTMs stay put.
- This is happening in Safari, Brave (with variations), and Firefox.
But Wait — There’s a Plot Twist
Even though Safari isn’t messing with your UTMs, some browser extensions will. Ever heard of Tracking Token Stripper? Yeah, that one. If your attribution looks weird, it might not be the browser itself, but some sort of add-ons.
If you work with GA4 to BigQuery exports, be sure to check out my SQL cheat sheet.
