What are web tracking protections?

Help articles explaining trackers, cookies, and how Iskra differs from ad-heavy sites.

Third-party trackers on sources?

External publisher sites may track you; Iskra explains layers of protection in the browser.

Source link behavior?

Opening a citation leaves Iskra; destination site policies apply.

Iskra web tracking protections

Iskra does not build an ad profile from your searches. When you leave Iskra Search and use our apps to browse other sites, we aim to protect your privacy as much as possible. Browser tracking protection must keep evolving as trackers adapt, so we layer multiple defenses. Many browsers ship some defaults (cookies, fingerprinting), but we also ship protections that often are not on by default elsewhere: third-party tracker loading limits, Global Privacy Control, link tracking parameter stripping, CNAME cloaking handling, AMP handling, and more.

For example, default protections often focus on cookies and fingerprinting after a tracker loads—yet the load request can still expose IP and other identifiers. Our third-party tracker loading protection stops many tracking requests from loading at all, which materially reduces profiling.

This page explains how each protection works, how it is supported by platform, and how layers overlap. No one can remove all hidden tracking online, but we aim to block most third-party tracking while preserving sign-in, purchases, and page rendering.

Third-party tracker loading protection

The URL in the address bar is only part of the story: pages load many other URLs in the background, often from third parties—analytics, ads, widgets.

Some embeds are functional; some are for tracking. We maintain a tracker list and block listed third-party scripts from loading where safe. Unlike cookie-only mitigations, this reduces data exposed in the load request itself.

Sites sometimes break without a script; surrogates and limited exceptions address that. We target tracking requests, not every third party; infrastructure domains are classified separately. Behavior may differ after a click on an Iskra private search ad.

Platform	Support
iPhone & iPad app	Listed third-party scripts blocked from loading.
Android app	Listed third-party scripts blocked from loading.
Mac app	Listed third-party scripts blocked from loading.
Windows app	Listed third-party scripts blocked from loading.

Third-party cookie protection

Third-party cookies make it easy to recognize you across sites via shared ad or analytics domains.

We combine load blocking with blocking third-party cookies from listed tracker domains, with narrow exceptions for sign-in and essential flows.

Platform	Support
iPhone & iPad app	Listed scripts cannot create/read third-party cookies; WebKit cookie protections also apply.
Android app	Listed scripts cannot create/read third-party cookies; WebView blocks third-party cookies except during some SSO flows required by the platform.
Mac app	Same as iPhone & iPad.
Windows app	Third-party cookies from listed domains blocked; listed scripts cannot set/read third-party cookies.

First-party cookie protection

First-party cookies are scoped to the site, but embedded trackers can still exfiltrate identifiers.

We block most embedded tracking requests before they touch first-party cookies, including many CNAME-disguised requests. If a tracker still loads, shorter expiries may apply (e.g. 24h / 7d) unless sign-in breaks. Behavior may change after a private search ad click.

Platform	Support
iPhone & iPad app	Subset of CNAME list; WebKit enforces 24h/7d policies.
Android app	CNAME + list; 7-day for others; 24h for list scripts on roadmap.
Mac app	Same as iOS.
Windows app	CNAME + list; 24h/7d roadmap as on desktop.

CNAME cloaking protection

Trackers may hide behind a first-party-looking subdomain while being served by a third party.

We treat CNAME-listed hosts as third parties and apply the same protections.

Platform	Support
iPhone & iPad app	Subset today; broader coverage planned.
Android app	Full list.
Mac app	Subset today; broader coverage planned.
Windows app	Full list.

Fingerprinting protection

Trackers combine browser and device signals to fingerprint without cookies.

We block known fingerprinting scripts and restrict sensitive APIs, with narrow exceptions for sign-in. Implementations are open for review.

Platform	Support
iPhone & iPad app	Listed fingerprint scripts blocked; listed APIs mitigated.
Android app	Listed fingerprint scripts blocked; listed APIs mitigated; Android iframe injection may be limited by WebView.
Mac app	Listed fingerprint scripts blocked; listed APIs mitigated.
Windows app	Listed fingerprint scripts blocked; listed APIs mitigated.

Smarter encryption (HTTPS upgrading)

HTTP is visible on the network; HTTPS encrypts the connection.

We maintain a list of sites that support HTTPS and upgrade http navigations to https—including clicks from social apps and messengers, not only typed URLs.

Platform	Support
iPhone & iPad app	Large subset (~90% of typical search clicks); subresource upgrades limited by the platform.
Android app	Same as iOS.
Mac app	Same as iOS.
Windows app	Large subset (~90%) like mobile.

Link tracking protection

URLs often carry tracking parameters that stitch visits together.

We strip known tracking parameters with exceptions for auth and essential flows.

Platform	Support
iPhone & iPad app	First navigation only; redirect chains partially unsupported.
Android app	Full list stripping.
Mac app	Same as iOS.
Windows app	Roadmap for parity.

Referrer tracking protection

Referer metadata can help security but also tracking.

We trim cross-site referrers to the hostname without path or query when it does not break sign-in. Iskra search terms are not placed in referrer headers for outbound transitions from search.

Platform	Support
iPhone & iPad app	WebKit third-party referrer downgrades.
Android app	WebView limitations.
Mac app	Same as iPhone & iPad.
Windows app	Trimmed to hostname for cross-origin requests.

Embedded social media protection

Embeds often pull in tracking code linking your visit to social profiles.

By default we block listed embed types (including Facebook categories). You can unblock a specific embed. More networks, including video embeds, are planned.

Platform	Support
iPhone & iPad app	Roadmap.
Android app	Roadmap.
Mac app	Listed embeds blocked.
Windows app	Roadmap.

Google-specific web tracking protections

Google-specific mechanisms (AMP, Topics, Protected Audience, sign-in prompts) extend tracking beyond classic cookies. Below is how Iskra addresses them.

Google AMP protection

AMP can route pages through Google infrastructure with extra tracking surface.

We prefer publisher canonical URLs; otherwise we may use an isolated background load to extract the publisher URL.

Platform	Support
iPhone & iPad app	AMP links replaced with publisher URLs where detected.
Android app	AMP links replaced with publisher URLs where detected.
Mac app	AMP links replaced with publisher URLs where detected.
Windows app	Roadmap.

Google Topics protection

Topics infers interests from Chrome browsing history for ad targeting.

Iskra apps do not use the Topics API; it is a Chrome-specific mechanism. WebKit and WebView typically do not expose it, or it is disabled in the product.

Platform	Support
iPhone & iPad app	Not applicable (Chrome-specific API).
Android app	Not applicable in WebView / disabled in the product.
Mac app	Same as iPhone & iPad.
Windows app	Disabled where supported on Chromium-based embedded engines.

Google Protected Audience API protection

Protected Audience (formerly FLEDGE) runs on-device ad auctions using browsing signals.

Iskra apps do not use this Chrome API or it is disabled; WebKit does not need a separate mitigation.

Platform	Support
iPhone & iPad app	Not applicable (Chrome-specific API).
Android app	Not applicable in WebView / disabled in the product.
Mac app	Same as iPhone & iPad.
Windows app	Disabled where supported on Chromium-based embedded engines.

Google sign-in pop-up protection

Aggressive Google account prompts can expand data collection.

We hide those pop-ups on non-Google sites where safe; standard site login remains.

Platform	Support
iPhone & iPad app	Pop-ups hidden where detected.
Android app	Pop-ups hidden where detected.
Mac app	Pop-ups hidden where detected.
Windows app	Pop-ups hidden where detected.

Preserving site functionality

Privacy should not break the web. We use the techniques below alongside blocking.

Surrogates

When a site depends on a blocked tracker script API, a local stub can satisfy the page without remote tracking calls.

Platform	Support
iPhone & iPad app	Surrogates for listed breakage cases; ordering may block before surrogate in some cases.
Android app	Surrogates for listed breakage cases.
Mac app	Same as iPhone & iPad.
Windows app	Surrogates for listed breakage cases.

Remotely configured exceptions

If a site breaks, you can report it and temporarily relax protections per site. We ship remote configuration lists updated without reinstalling.

Platform	Support
All platforms	Feedback channels and remote exception lists per platform.

Infrastructure domains

CDNs and tag managers are not always trackers. We evaluate individual resources: a library host may be allowed while a fingerprinting library URL is blocked.

Platform	Support
All platforms	Infrastructure classification feeds shared tracker lists.

Private search ads

If Iskra Search shows ads, we aim not to build long-lived click profiles inside the product. Partners may use limited signals for effectiveness; overlapping browser protections still apply after you land on an advertiser site. You can disable ads in search settings when available.

The industry is moving toward private attribution (Safari PCM, Firefox IPA, etc.); we support that direction.

Platform	Support
All platforms	Aligned with Iskra search policy and protection lists.

Everyday privacy controls

The Fire Button

Local cookies, cache, history, and permissions accumulate. One control clears selected data. You can keep trusted sites “fireproofed.”

On Windows, WebView2 may delay clearing some fragments; closing the app finishes cleanup.

Platform	Support
iPhone & iPad app	Full wipe; optional wipe on restart.
Android app	Same as iPhone & iPad.
Mac app	Per-tab/window clearing; restart wipe on roadmap.
Windows app	More clearing options on roadmap.

Cookie pop-up protection

Consent banners often nudge to “accept all.” We auto-select stricter choices or hide the banner when that is safer. Open filter lists plus our rules.

Platform	Support
iPhone & iPad app	Auto-handling on supported sites.
Android app	Same; Android iframe limits some sites.
Mac app	Same.
Windows app	Same.

Global Privacy Control (GPC)

GPC signals opt-out of sale/sharing where the law recognizes it. Learn more on the Global Privacy Control site.

Platform	Support
iPhone & iPad app	JavaScript; header only for known GPC sites due to back-navigation limits.
Android app	Same as iPhone & iPad.
Mac app	Same as iPhone & iPad.
Windows app	Header + JavaScript.

How to get Iskra web tracking protections

Install the Iskra app for Windows, Mac, iPhone, iPad, or Android from official Iskra download pages.
Questions or feedback: use the contact or support options published on the Iskra website.

FAQ

What are web tracking protections?: Help articles explaining trackers, cookies, and how Iskra differs from ad-heavy sites.
Third-party trackers on sources?: External publisher sites may track you; Iskra explains layers of protection in the browser.
Source link behavior?: Opening a citation leaves Iskra; destination site policies apply.