How do I allow pop ups on my Mac without lowering security

Mac
1

Some important sites I use for work keep getting blocked by the pop up settings on my Mac, even when I try different browsers. I don’t want to turn off all protection, but I do need certain pop ups to work for banking and work portals. Can someone explain, step by step, how to safely allow pop ups on a Mac for specific sites and which settings I should check in Safari and Chrome

2

I ran into the same thing with banking and work portals. The trick is to allow pop ups per site, not system wide.

Here is what you do for each browser on your Mac.

Safari

  1. Open Safari.
  2. Go to the site that needs pop ups, like your bank.
  3. In the top menu, click Safari > Settings.
  4. Go to the Websites tab.
  5. On the left, click Pop-up Windows.
  6. You will see the site under “Currently Open Websites”.
  7. Set it to “Allow” for that site only.
  8. At the bottom, set “When visiting other websites” to “Block and Notify”. That keeps global protection on.

Chrome

  1. Open Chrome and go to the problem site.
  2. Click the lock icon in the address bar.
  3. Click Site settings.
  4. Find “Pop-ups and redirects”.
  5. Change it to “Allow” for that site.
  6. Keep the global setting at “Blocked” under chrome://settings/content/popups.

Firefox

  1. Open Firefox, go to the site.
  2. When a pop up is blocked, Firefox shows a small icon in the address bar.
  3. Click it, then choose “Allow pop-ups for this site”.
    Or do it manually:
  4. Go to Settings > Privacy & Security.
  5. In the “Permissions” section, Pop-ups and redirects, click Exceptions.
  6. Add the trusted site URL, click Allow.

Extra safety tips

  • Only allow pop ups for sites you trust, like your bank or work apps.
  • Type the URL yourself instead of clicking links in emails.
  • If a site needs pop ups for login, but you do not fully trust it, use a dedicated browser profile only for that site.
  • Keep your browsers and macOS updated, that closes known exploits.

If pop ups are still blocked in all browsers, check if you installed any ad blocker or security extension. Those often block pop ups too. For testing, disable the extension for that specific domain instead of turning it off globally.

3

If the site-level settings @kakeru posted still aren’t doing it, there are a few extra gotchas on macOS that can quietly kill popups even when the browser says “Allowed.”

  1. Check system-wide content filters

    • Go to System Settings > Network > VPN or “Content Filter” (sometimes under Profiles or in the main Network list).
    • Corporate VPNs, Zscaler, Cisco, or school filters can block popup windows or “new window” JavaScript outright.
    • Temporarily disconnect the VPN and test the site. If it suddenly works, you’ll need IT to whitelist the banking/work domains rather than loosening your Mac settings.

  2. Look for Profiles / Device Management

    • System Settings > Privacy & Security > Profiles (or “Profiles” in the sidebar).
    • Managed Macs (work laptops, MDM) can enforce popup blocking via config profiles that override your browser prefs.
    • If you see a profile from your employer/school, you probably cannot fully control popup behavior and have to ask them to allow those specific URLs.

  3. Third-party security / “web protection” tools

    • Check for apps like Little Snitch, AdGuard, 1Blocker, antivirus “web shield,” or “safe browsing” modules.
    • A lot of them don’t call it “popup blocking” but they block new windows from scripts or strip redirect parameters.
    • Instead of disabling the app, add the banking / work domains to its allowlist. That keeps the rest of the web locked down.

  4. Make sure it’s actually a popup problem
    Some banking sites open new tabs/windows by triggering downloads or SSO redirects. If:

    • A file is involved (PDF, CSV, statements) and nothing shows up:
      • Check the browser’s download settings and any “Always open in…” options.
    • Nothing happens and no popup icon appears:
      • Open developer tools (in Safari: Develop menu; Chrome/Firefox: right-click > Inspect) and watch for console errors or blocked redirects. Sometimes tracking blockers kill the redirect chain, not a popup setting.

  5. Use a “trusted sites only” browser strategy
    Personally, I don’t fully agree with @kakeru about always just toggling a bunch of per-site allows in your main browser. That can get messy over time.
    A tighter approach:

    • Use one browser (say Safari) for general browsing with strict popup/ad/privacy blocking.
    • Use another (Chrome or Firefox) only for banking and work:
      • Allow popups globally in that second browser but
      • Install minimal or no extensions
      • Sign in only to your work/bank accounts there.
        That way you’re not constantly fiddling with exceptions in your main browser, but you’re also not opening the floodgates system wide.

  6. Try a private window or fresh profile

    • Extensions sometimes don’t load in private mode (depending on settings).
    • If the popup works there, you’ve basically confirmed it’s an extension issue.
    • In Chrome/Firefox, create a new profile with no extensions, test just your bank/work sites, then lock down settings only as needed.

  7. Sanity check the URL pattern
    Some sites use a different domain for the popup, like:

    • main site: mybank.com
    • popup: secure.mybank.com or auth.thirdparty.com
      If you only allowed mybank.com, your browser or blocker might still kill the popup domain. Add the exact popup domain to the allowlist in your blocker or exceptions list.

Short version: keep global blocking on, but (1) make sure IT / VPN / profiles aren’t overriding you, (2) allow the specific popup domains in any security tool you use, and (3) consider using a separate “clean” browser just for those trusted sites so you don’t have to weaken settings everywhere else.