Safari with Prevent Cross-Site Tracking enabled bypasses NEDNSProxyProvider

Hi, I’ve encountered an issue with Safari’s behavior when Prevent Cross-Site Tracking is enabled in iOS, related to DNS filtering via an implemented NEDNSProxyProvider. Here’s a step-by-step breakdown:

  1. In Safari, when attempting to query a blocked domain (according to the filtering policy of the NEDNSProxyProvider), the page is blocked as expected.
  2. Closing Safari without closing the tab with the blocked domain.
  3. Reopening Safari – Expected result: The page remains blocked; Actual result: The page loads and bypasses the NEDNSProxyProvider (no logs are received for this flow).
  4. Tapping the refresh button causes the page to be blocked, as the DNS Proxy Provider intercepts the new request.

Note: This issue is only reproducible in general tabs in Safari. In private tabs, a fresh DNS query is generated each time, and the blocking behavior works as expected. I also tested Google Chrome, where the domain is blocked consistently.

I attempted to filter this issue via Content Filter, but the only connection received by NEFilterDataProvider is for com.apple.Safari.SearchHelper with ssl.gstatic.com.

Could you advise on how to handle this behaviour? Would be grateful to hear any ideas

Please use Feedback Assistant to post a bug report about this, then include the "FBnnnnnnnn" ID here.

Safari with Prevent Cross-Site Tracking enabled bypasses NEDNSProxyProvider
 
 
Q