Full Answer

Safari's restrictions come from Intelligent Tracking Prevention (ITP), which treats cross-site trackers as guilty by default. The Pixel's facebook.com domain is classified as a known tracker, so its third-party cookies never get written, and Meta can't recognise a visitor across sites. The Pixel falls back to a first-party _fbp cookie set on your own domain, but ITP caps that cookie's lifespan: seven days for script-set cookies, and 24 hours once Safari detects link decoration like fbclid in the landing URL.

The practical damage is attribution decay, not a blank screen. Short purchase journeys that finish inside the cookie window still report; longer ones silently vanish. That skews your Pixel toward making fast-converting audiences look stronger than they are. Apple widened the net in Safari 26, where Advanced Fingerprinting Protection and link-tracking parameter stripping became the default for every user, not just Private Browsing windows. The outcome is a structural undercount that grows with each Safari and iOS release.

The durable fix is to stop depending on the browser to carry identity. Server-side capture records the event on your own infrastructure the moment it happens, then forwards it to Meta's Conversions API using hashed email or phone for matching, with no cookie required. That's why Meta now treats CAPI as the primary signal and the Pixel as a redundancy layer rather than the other way round.