7.2.8 Ensure Show Full Website Address in Safari Is Enabled

Information

Attackers use websites with malicious or unwanted content to exploit the user or the computer. Part of the attack chain is to lure someone to load their content rather than the desired content. In order to reduce the risk in interacting with unwanted content the full website address should always be displayed in Safari.

Rationale:

Full visibility into what site is being visited is important for privacy and security.

Impact:

Many URLs are very long and complicated, particularly for internal content management systems. Some complete URLS in the Smart Search Field may be difficult to parse.

Solution

Graphical Method:
Perform the following steps to set Safari to show full website addresses:

Open Safari

Select Safari from the menu bar

Select Preferences

Select Security

Set Show full website address to enabled

Terminal Method:
Run the following command to enable showing full website addresses in Safari:

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField -bool true

example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField -bool true

Note: To run the Terminal commands, Terminal must be granted Full Disk Access in the Security & Privacy pane in System Preferences.
Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.Safari

The key to include is ShowFullURLInSmartSearchField

The key must be set to: <true/>

Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

See Also

https://workbench.cisecurity.org/files/4176

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-18, CSCv7|7.1

Plugin: Unix

Control ID: 22227c7c3dd99a177616875a57fec5621c60323fde1853caae3c1475ba65fd4d