Finding reference

Consent prompt appeared to require interaction

Retained consent-surface evidence showed a consent prompt, overlay, or interaction state that appeared to block ordinary page access or require interaction before the scan could continue within the observed public-page scope. Review the evidence context, methodology, common causes, and reviewer questions for this CertScore finding.

Selected finding

Consent prompt appeared to require interaction

MediumGood evidenceDirect observationConsentSeen on ~3% of scanned top sites

Benchmark frequency is directional market context only. It is not a compliance benchmark, legal conclusion, or severity score. Rare findings may be top-ranked only when retained evidence is strong; common findings may remain medium when evidence is automated or context-dependent. Rarity is not severity, and prevalence is not compliance risk.

Observed

Why this matters

When a consent prompt blocks ordinary browsing or requires interaction before users can access content, reviewers may need to confirm whether the interface provides a genuine, accessible, and context-appropriate choice. For product and privacy teams, this signal can help identify CMP, overlay, scroll-lock, modal, or template behavior that may need consent UI review.

Detection methodology

CertScore retains representative evidence for consent prompts, overlays, modal behavior, scroll blocking, visible controls, dismiss paths, and page-interaction state where available. The finding is surfaced when retained evidence indicates that the consent interface appeared to prevent ordinary page access, block scrolling or navigation, obscure primary content, or require interaction before the scan could proceed in the observed public-page scope. CertScore treats required-interaction signals as review signals. The scanner does not determine whether consent was freely given, and does not determine legal status, deception, unfairness, consent validity, or compliance status. Reviewers should consider whether non-essential content was blocked, whether a reject or continue-without-accepting path exists, whether blocking is necessary for the service, whether accessibility is affected, and whether the retained evidence reflects the relevant region, viewport, browser state, and CMP configuration.

Confidence semantics: Good when retained consent-surface evidence includes the observed overlay or prompt, blocking or interruption signal, visible controls, page context, and scan coverage; stronger when retained evidence also includes scroll-lock, content-obscuring, dismiss-path, keyboard-access, or repeated viewport and region context. Manual review is still needed for necessity, equivalent choices, accessibility, legal interpretation, and remediation quality.

Top-finding calibrationWhat must be retained to surface, top-rank, demote, or suppress this finding.

Minimum to surface

Consent UI artifact plus blocking or interruption signal.

High confidence requires

Scroll/content/focus blocking plus visible controls and unrelated interruptions excluded.

Top ranking requires

Full blocking with no equivalent non-accept path.

Demote or suppress when

Generic modal.
Paywall.
Bot challenge.
Age gate.
Login wall.

These rules describe ranking calibration for already-projected findings. They do not create findings from raw signals.

Example evidence

Forced interaction example

artifact=consent_ui_002
role=finding_supporting_artifact
url=https://example.com/
component=consent_overlay
observed_state=modal_overlay_visible
ordinary_page_access=blocked_in_observed_scope
scroll_state=blocked_or_obscured [manual_review_recommended]
visible_controls=Accept all, Manage choices
dismiss_or_continue_without_choice_observed=false
review_caveat=manual review should confirm whether blocking is consent-related, region-specific, necessary, accessible, and whether an equivalent non-accept path exists

Review context

possible_source=cmp_overlay_template
states_to_review=initial_load, scroll, keyboard_focus, settings_layer, close_or_continue_path
interruptions_to_exclude=bot_challenge, paywall, age_gate, login_wall, newsletter_modal
manual_review_needed=true

What should not count by itself

banner_present=true [insufficient_without_blocking_context]
modal_detected=true [audit_only_until_consent_related]
scroll_locked=true [audit_only_without_consent_surface_link]
interaction_required_claim [requires_manual_choice_context_review]

View redacted sample JSON

Redacted sample JSON

{
  "findingId": "forced_consent_interaction",
  "label": "Consent prompt appeared to require interaction",
  "category": "Consent",
  "criticality": "medium",
  "evidenceConfidence": "good",
  "directVsInferred": "direct_observation",
  "evidence": {
    "summary": "Retained consent-surface evidence showed a consent prompt, overlay, or interaction state that appeared to block ordinary page access or require interaction before the scan could continue within the observed public-page scope.",
    "examples": [
      {
        "title": "Forced interaction example",
        "lines": [
          "artifact=consent_ui_002",
          "role=finding_supporting_artifact",
          "url=https://example.com/",
          "component=consent_overlay",
          "observed_state=modal_overlay_visible",
          "ordinary_page_access=blocked_in_observed_scope",
          "scroll_state=blocked_or_obscured [manual_review_recommended]",
          "visible_controls=Accept all, Manage choices",
          "dismiss_or_continue_without_choice_observed=false",
          "review_caveat=manual review should confirm whether blocking is consent-related, region-specific, necessary, accessible, and whether an equivalent non-accept path exists"
        ]
      },
      {
        "title": "Review context",
        "lines": [
          "possible_source=cmp_overlay_template",
          "states_to_review=initial_load, scroll, keyboard_focus, settings_layer, close_or_continue_path",
          "interruptions_to_exclude=bot_challenge, paywall, age_gate, login_wall, newsletter_modal",
          "manual_review_needed=true"
        ]
      },
      {
        "title": "What should not count by itself",
        "lines": [
          "banner_present=true [insufficient_without_blocking_context]",
          "modal_detected=true [audit_only_until_consent_related]",
          "scroll_locked=true [audit_only_without_consent_surface_link]",
          "interaction_required_claim [requires_manual_choice_context_review]"
        ]
      }
    ]
  }
}

Regulatory review context

Consent UX: required-interaction or cookie-wall review signal

Retained consent-surface evidence showed overlay, blocking, or required-interaction signals that appeared to block ordinary page access or require interaction before continuing. These signals may be relevant to consent, cookie/tracker, transparency, accessibility, and choice-architecture review depending on jurisdiction, service necessity, CMP configuration, available choice paths, and manual review.

GDPR freely given consent reviewePrivacy cookie consent reviewAccessibility overlay/modal reviewEU GDPR/ePrivacy consent UI reviewUK PECR / ICO cookie-choice reviewU.S. privacy choice-architecture / dark-pattern review context

View applicability notes

Legal and regulatory frameworks

GDPR freely given consent reviewRetained consent-surface evidence suggests consent may be requested for tracking or personal-data processing before ordinary access or browsing continues.
ePrivacy cookie consent reviewThe prompt may govern non-essential cookies or similar technologies.
Accessibility overlay/modal reviewRetained consent-surface evidence suggests an overlay or modal may affect content access, focus, keyboard operation, or screen-reader flow.

Jurisdictional contexts

EU GDPR/ePrivacy consent UI reviewEU/EEA users and cookie or tracking consent UI may be in scope.
UK PECR / ICO cookie-choice reviewUK users and non-essential cookie choices may be in scope.
U.S. privacy choice-architecture / dark-pattern review contextRetained UI evidence suggests privacy choices, opt-outs, consent, or targeted advertising controls may be affected.

This finding does not determine legal status, consent validity, deception, unfairness, or dark-pattern status. Review the retained consent-surface evidence, blocking behavior, available controls, service context, region targeting, CMP configuration, accessibility, and applicable exemptions.

Evidence standard

Strong

Retained consent-surface evidence includes page URL, visible prompt or overlay, and a blocking or interruption signal such as content obscured, scroll locked, navigation interrupted, or interaction required before ordinary page access.
Retained evidence identifies available controls, such as accept, reject, settings, close, or continue-without-accepting, where observed.
Evidence includes scan-state context showing the prompt affected the public page before an ordinary browsing path continued.
Coverage context indicates the blocking state was not caused by unrelated bot protection, paywall, age gate, login wall, or unrelated modal.
Repeated observations across pages, viewports, or regions may strengthen confidence when retained.

Good

Retained evidence shows a consent overlay or modal that appears to block ordinary browsing, but exact scroll-lock, content-obscuring, or dismiss-path detail may require manual review.
The retained example is enough for a reviewer to inspect the observed prompt and evaluate whether a non-consent path was available.
The evidence is likely a forced-interaction review signal, but necessity, legal context, accessibility, and regional configuration require manual review.

Audit-only

Banner or overlay present, but retained evidence does not show whether ordinary page access was blocked.
Static UI text suggests consent is required, but no retained page-interaction or overlay artifact shows blocking behavior.
A modal was observed, but it may be a paywall, age gate, login wall, bot challenge, newsletter prompt, or unrelated interruption.

Insufficient

Consent banner presence alone.
User interaction required for unrelated reasons such as bot protection, login, paywall, age gate, or app install prompt.
Artifact-free assertion that content was blocked.
Policy text, CMP name, or visual impression without retained consent-surface evidence.
Claims about legal status, compliance status, deception, unfairness, dark-pattern status, or consent validity based only on automated UI evidence.

Evidence levels explain how CertScore treats retained consent-surface artifacts. They are not legal conclusions.

Common causes

CMP overlay template blocks page content until a choice is made.
Scroll locking or modal behavior persists without a clear dismiss or reject path.
Consent UI is bundled with unrelated newsletter, app-install, age-gate, or login prompts.
Region, language, or A/B test configuration changes whether browsing is blocked.
Accessibility or keyboard focus behavior was not tested for the consent modal.

Limitations and cautions

This finding is an automated consent UI review signal, not a legal conclusion, certification, compliance determination, dark-pattern determination, or determination of consent validity.
Automated UI checks can identify prompts, overlays, and blocking or interruption signals, but they may miss or misclassify paywalls, bot challenges, age gates, login walls, app prompts, newsletter modals, regional variants, returning-user states, A/B tests, and post-login flows.
Automated evidence may not fully determine whether a user had a genuine choice or whether blocking was necessary for the requested service.
Manual review is needed to confirm consent context, necessity, accessibility, legal interpretation, user impact, and remediation quality.
CertScore retains representative evidence for review and may not list every variant across regions, viewports, languages, or CMP states.
Findings should be evaluated with implementation context and applicable privacy, consent, accessibility, and consumer-protection requirements before operational or legal reliance.
Automated findings may contain errors and should be reviewed with the retained evidence.
Not detected means not observed in the scan scope; it is not proof of absence.
Findings are runtime evidence and public-surface observations for review, not legal conclusions.

Reference notes

CertScore uses findings, evidence, signals, and observations consistently: signals are raw runtime or page-surface events, evidence is retained support, observations are interpreted evidence context, and findings are promoted review items.
Findings are runtime evidence and public-surface observations for review. Observed signals may surface possible concerns, but review is recommended before operational or legal reliance.
Finding reference content is reviewed periodically and updated when material guidance changes. CertScore monitors guidance families such as EDPB consent and ePrivacy materials, ICO cookie guidance, CNIL tracker recommendations, FTC privacy and dark-pattern materials, and relevant accessibility guidance where applicable.
EDPB consent guidance is relevant to consent quality and affirmative indication where consent is relied upon.
EU ePrivacy cookie/tracker principles are relevant to storing information or gaining access to information on user terminal equipment.
ICO cookie and similar technologies guidance is relevant to active consent, clear explanation, and essential-cookie exceptions.
CNIL cookie/tracker and analytics guidance is relevant to tracker consent and limited analytics exemptions.
FTC dark-pattern and commercial-surveillance materials may be relevant to hidden tracking or unclear user-choice review, but this finding does not determine deception, unfairness, or legal status.
Prevalence labels use the Tranco top 1-2500 calibration set, an approximately 2,505-scan directional calibration set.

Consent prompt appeared to require interaction