An accessibility audit checks a website against the Web Content Accessibility Guidelines (WCAG). Done well, it produces two things: a prioritized list of issues to fix, and dated evidence that you are actively conforming. Here is the 7-step workflow we use.
Automated scanning catches about 30-40%
Automated tools (axe-core, Lighthouse, AccessProof) reliably catch issues like color contrast, missing alt text, unlabeled form fields, and ARIA misuse. They cannot judge whether alt text is meaningful, whether focus order makes sense, or whether an error message is understandable. A real audit combines automation with manual testing.
The 7 steps
1. Define scope and standard
Pick the pages that represent your templates (home, a content page, a form, a listing, checkout or login). Set your target: WCAG 2.2 Level AA is the practical standard for ADA and the EAA.
2. Run an automated scan
Scan each template with a WCAG scanner. Export the findings as your baseline and group them by severity — critical and serious first.
3. Test with the keyboard only
Put the mouse aside. Tab through every page. Can you reach and operate every control? Is the focus indicator always visible? Can you escape every menu and modal? Keyboard traps are critical failures automation often misses.
4. Test with a screen reader
Use NVDA (Windows) or VoiceOver (Mac). Listen to the page title, headings, link text, and form labels. Anything that reads as "link" or "button" with no name is a failure.
5. Check contrast and zoom
Verify text contrast (4.5:1 for normal text, 3:1 for large) with a contrast checker. Zoom the browser to 200% and 400% — content must reflow without horizontal scrolling or clipping.
6. Audit forms and error states
Submit forms with empty and invalid data. Are errors announced and tied to the right field? Are required fields and formats communicated in text, not color alone?
7. Document and schedule
Record every finding with its WCAG criterion, the page, and the fix. Then schedule the scan to repeat — the dated record of continuous remediation is what matters legally.
Common mistakes
- Running one tool and calling it an audit (you miss the majority of issues).
- Auditing only the marketing pages, never the logged-in app where users spend time.
- Fixing once and never re-scanning — conformance drifts with every deploy.
- Trusting an overlay widget to "fix" issues. Courts increasingly reject them.
How AccessProof helps
AccessProof automates steps 2, 5, and 6 with the axe-core 4.9.1 engine, prompts you for the manual checks in steps 3-4, and archives each scan as a timestamped PDF — so step 7 happens by default. Schedule weekly or per-deploy scans and your audit trail builds itself.
Originally published on access-proof.com.
Top comments (0)