When a user disables "Prevent cross-site tracking", hasStorageAccess API still returns TRUE and the access to third-party storage is always blocked. Steps to reproduce: 1. Testing with Safari 13.0.4 on Mac OS 10.14; 2. Login to google.com and create a new Google Doc at https://docs.google.com/document/create, which will be redirected to a /edit page; 3. Create an HTML page doc.html to embed the new Google Doc: <!DOCTYPE html> <meta charset="UTF-8"> <html> <body> <iframe src="<Google Doc /edit url>" width=800px height=600px></iframe> </body> </html> 4. Serve the HTML page locally at localhost:8000; 5. Make sure "Prevent cross-site tracking" is enabled in Safari privacy settings; 6. Load http://localhost:8000/doc.html. This should load a "Google Docs needs access" page that allows user to grant 3p cookie access for Google Docs. The Google Doc can be loaded if user agrees to grant access. 7. So far, everything is expected; 8. Disable/Uncheck "Prevent cross-site tracking" in Safari privacy settings; 9. Reload http://localhost:8000/doc.html. This results in an error page. Basically, hasStorageAccess returned TRUE and Google Docs tried to reload itself and it failed due to the lack of credentials. 10. We also noticed that requestStorageAccess always gets rejected when "Prevent cross-site tracking" is disabled. It seems that when "Prevent cross-site tracking" is disabled, user will never be able to allow 3p cookies. I am not sure if this is intended behavior. If it is, it probably should be documented and hasStorageAccess should return FALSE instead. Additionally, this behavior is probably introduced in 13.0.4 and I think that previous Safari 13 versions worked properly either when "Prevent cross-site tracking" is on or off.