Disable Safari Preload Top Hit

May 19 2021 by Jeff Johnson

By default, "Preload Top Hit in the background" is enabled in the Search tab of the Preferences window in Safari for Mac. Do yourself a favor and disable it, because the downsides outweigh the small upside.

Safari Search Preferences, Preload Top Hit in the background

Apple's Safari User Guide gives a brief description of the preference: "Start to load a webpage as soon as it’s determined to be a top search hit based on your bookmarks and browsing history." The upside is that if the Top Hit in the Safari address bar is indeed the page you want to load, then the page loads faster.

One of the downsides is that if the Top Hit in the Safari address bar is not the page you want to load, the page is loaded anyway, and your privacy can be undermined. Let's look at how this works in practice.

I start with a "clean slate". Below is the Privacy pane of Safari Preferences, showing that only Twitter has cookies and site data saved on my Mac.

Safari Privacy Preferences, empty

Now I open a new Safari window and start typing in the address bar. If I type the letter "g" then google.com is immediately the Top Hit! But suppose my "g" had nothing to do with Google. So I'm not going to load the Top Hit, I'll just press escape and close the window without ever visiting Google.

Safari address bar, google.com

I go back to the Privacy Preferences, and I see…what?!? Even though I didn't visit google.com, the site was able to save cookies and local storage on my Mac. Just because I entered one character in the address bar that happened to match.

Safari Privacy Preferences, google.com

Did you know this was happening? When "Preload Top Hit in the background" is enabled, Safari invisibly loads web pages and allows them save site data on your Mac, without your knowledge or permission, when you enter text in the Safari address field. And by default! On a "factory fresh" install of macOS. I personally consider this to be a bug, not a feature.

What else loads in the background? Not only the web site — the Top Hit — but also any Safari extensions that would normally load in the page. For example, my own extension StopTheMadness loads in every page. Let me explain how this is a problem with "Preload Top Hit in the background" enabled.

StopTheMadness has a feature that lets you define Web URL Rules to open specified URLs in another app, such as Google Chrome. Originally this feature worked only on links clicked in a web page in a Safari window, but at the request of many customers I enhanced the feature in the recent update, version 22. Now when Safari loads any web site, StopTheMadness will check whether it matches one of your Web URL Rules; if a rule applies, then StopTheMadness will automatically stop the page from loading and instead open it in the other specified app. Thus, your Web URL Rules will apply for example to links you click in Mail app that open in Safari.

To my horror, I learned yesterday that this happens with preloaded top hits too. I've always had "Preload Top Hit in the background" disabled for privacy, so the report came from a customer. When the customer typed some text into the Safari address bar with a Top Hit that matched one of the customer's Web URL Rules, then boom, the URL automatically opened in the external app specified in the rule. Ugh! What a nightmare. All the customer did was type into the address bar.

The other catch is that preloading the top hit is actually disabled when the Safari Web Inspector is open, even when "Preload Top Hit in the background" is enabled in Safari Preferences. Thus, it's almost impossible for a Safari extension developer to debug this problem or work around it.

These are the problems I know about. There may be other problems or unexpected behaviors, because hardly anyone except Apple's own Safari engineers were aware that these pages are preloaded invisibly. But now I've made you aware of it. My impression is that web browser developers decided years ago to optimize for raw speed over everything, with insufficient consideration of the possible downsides, and now we're all haunted by their past choices.

To reiterate, please disable "Preload Top Hit in the background" in Safari Preferences. Do it for yourself. Do it for me. Do it for science. Or do it for the Gipper?

Jeff Johnson (My apps, PayPal.Me)