| UI or UX | UI + UX - Persistent safety escape control for sensitive pages where being seen on the current content could put the user at risk | UI + UX - Security-risk warning and safe interruption before unsafe navigation, download, submission, preview, or sensitive action | UI + UX - Controlled reveal and re-hiding of masked sensitive values, secrets, tokens, credentials, identifiers, or private records | UI + UX - Expired authenticated-session state and safe return-to-task recovery | UI + UX - Durable privacy-control surface for account, product, device, app-access, activity, visibility, and sharing settings | UI + UX - Single previous-page return link for a transaction |
| UI guidance | Place a persistent, visibly distinct Exit this page control where it is reachable before and during sensitive content, and pair it with a secondary activation link for assistive technology users. | Render a security warning as a high-clarity interruption that names the detected risk, identifies the destination or object, explains the concrete threat, presents the safest action as the primary path, and separates any override behind deliberate risk detail. | Render sensitive-data reveal as a masked value with an explicit reveal action, visible hide action, clear field identity, safe default state, reveal duration or hold behavior, and status feedback that explains what is visible now. | Show session timeout after the authenticated session has ended, with private content hidden, a clear reason such as inactivity or policy expiry, the last safe activity reference, and a primary sign-in or reauthentication path. | Render privacy settings as a returnable control surface with current effective values, privacy categories, data types, app or service access, account/device/product scope, source of truth, managed or unavailable reasons, last updated status, and save or immediate-apply feedback. | Render one unobtrusive Back link near the top-left of a transaction page, before the main content, with a destination that returns to the previous service page. |
| UX guidance | Use the pattern when sensitive content could put someone at risk if another person sees the page, such as abuse support, stalking, harassment, sexual assault, child safety, whistleblowing, or plans to escape harm. | Use security warning when a product, browser, operating system, or service has evidence that proceeding could expose credentials, install harmful software, leak sensitive data, bypass trust, or weaken account protection. | Use sensitive-data reveal when users need to verify, compare, copy, rotate, recover, or transcribe a sensitive value that is normally masked or redacted. | Use session timeout when the session is no longer valid and the product must protect privacy while helping the user recover safely through sign-in, reauthentication, return-to-task restoration, or a saved-draft route. | Use privacy settings when users need to inspect and change ongoing privacy posture for saved activity, profile visibility, app access, device permissions, data sharing, ad personalization, location, connected apps, or product privacy dashboards. | Use Back links to help users safely move one step back in a multi-page transaction without relying on browser history or losing previously entered information. |
| Good UI | A support-service page keeps a red Exit this page button pinned near the top right, includes a hidden-but-focusable secondary link, and replaces the page with a neutral loading overlay as soon as it is activated. | A browser interstitial says Deceptive site ahead, shows the suspicious domain, explains that attackers may steal passwords, and makes Back to safety the primary action while placing Visit unsafe site behind Details. | An API key row shows sk_live_****9H2Q by default, requires Reauthenticate before Full reveal, logs the reveal event, and automatically hides after 30 seconds. | A benefits form replaces private answers with Session ended after inactivity, shows reference SES-2048, says the draft was saved at 10:42, and offers Sign in to continue plus Start again. | An account privacy dashboard groups Saved activity, Profile visibility, Ad personalization, Connected apps, Location history, Device permissions, and Data deletion, with current values, scope labels, last updated times, and unavailable reasons. | A question page shows a single 'Back' link above the H1, before the form, and the Continue button remains the only primary action after the fields. |
| Bad UI | A tiny Close link appears only in the footer and sends users back through sensitive previous pages. | A red page says Security issue with Continue as the only visible action. | A dashboard shows API keys in plain text by default and copies them to clipboard without warning or audit. | A modal says Timeout while the private page remains readable behind it. | A Privacy page links only to a legal policy and has no controls for activity history, public profile fields, personalization, app access, or data sharing. | A page shows Back, breadcrumbs, a previous button, and pagination controls at the same time. |
| Good UX | A user hears someone enter the room, presses the visible exit button, sees sensitive content covered instantly, and lands on a neutral search page while the service avoids sending analytics first. | A user clicks a payroll link that visually resembles the company domain, sees the suspicious-domain warning, returns to the trusted site, and reports the link to security. | A developer needs to rotate a webhook secret, reveals it after step-up verification, copies it with a visible clipboard warning, then sees it auto-hide with an audit ID. | A user returns from a break, sees that their session ended, signs in again, and lands back on the same saved claim step with private fields restored only after authentication. | A user pauses saved activity, clears search history for a date range, disables ad personalization, hides birthday visibility, revokes a connected app, and sees which values apply immediately versus after sync. | A user goes back from Review answers to Contact details and sees the email address and phone number they already entered. |
| Bad UX | A user believes the exit button cleared browser history because the service overpromised safety, then the visit is later discovered through history or device monitoring. | A user sees a vague warning, assumes it is routine maintenance, proceeds, and enters credentials into a phishing page. | A user opens billing details in a shared office and the full card number appears automatically with no warning. | A user comes back to a timed-out payment form, clicks Submit, and gets repeated server errors because expired controls stayed enabled. | A user turns off location sharing in account privacy settings, but the device-level location permission remains active and the page never explains the split. | Clicking Back returns to the browser's previous marketing page instead of the last service page. |
| Best fit | The user may be harmed if someone nearby sees them viewing or using the current sensitive service. | A threat signal indicates phishing, malware, deceptive site, unsafe download, invalid certificate, insecure connection, mixed-content submission, suspicious redirect, file preview risk, or account-security danger. | Users need to inspect, copy, verify, rotate, transcribe, or compare a sensitive value that should normally stay masked or redacted. | An authenticated session has expired or been terminated while the user was on a protected task. | Users need ongoing control over personal data collection, saved activity, visibility, app access, device permissions, connected services, data sharing, or personalization. | A multi-page transaction or form asks users one thing per page. |
| Avoid when | The page is ordinary low-risk content where a prominent emergency exit would create alarm or confusion. | The message is only a general severe consequence before a product action; use warning text. | The task is only entering a password into an authentication form; use password input. | The session is still active and users can act before expiry; use session timeout warning. | The task is a first-time opt-in to one optional purpose; use consent prompt. | The page is an informational content page with a stable hierarchy. |
| Required state | Persistent visible exit control on sensitive pages. | Safe path state with primary Back to safety, Cancel, Remove, Use trusted route, or Contact admin action. | Masked state with the field identity, safe suffix or count, and reveal eligibility. | Expired session state with private content hidden. | Privacy settings overview with categories and current effective values. | Default transaction page with one Back link before main content. |
| Accessibility burden | Give the control a clear accessible name such as Exit this page, not a vague icon-only label. | Use a heading and text that name the risk before the destination or details, so screen reader users hear the warning context first. | Use a labelled button or toggle whose accessible name includes the field, such as Show API key or Hide account number. | Move focus to the timeout heading when protected content is replaced, and use text that says the session ended rather than relying on a lock icon. | Use clear headings, labels, descriptions, and status text for each privacy category and control. | Keep the Back link in a predictable reading order before main content, so skip links can bypass repeated navigation. |
| Common misuse | Using an ordinary Back link or footer Close link as the safety exit. | Using vague warning copy that does not say phishing, malware, certificate, insecure connection, dangerous download, or suspicious redirect. | Showing sensitive values in plain text by default. | Leaving the private page readable behind a timeout modal. | Replacing privacy settings with a privacy policy link or legal notice. | Using Back as a breadcrumb or parent-category link. |