Automated accessibility scans are software-driven checks that evaluate web pages against Web Content Accessibility Guidelines (WCAG) success criteria. They work by analyzing HTML, CSS, and ARIA attributes to flag issues that can be detected programmatically. Scans are fast, repeatable, and useful for catching a specific category of accessibility issues, but they only identify approximately 25% of all WCAG conformance issues on a given page.
The other 75% requires human evaluation.
| Key Point | What It Means |
|---|---|
| Detection Rate | Scans identify approximately 25% of WCAG conformance issues |
| How They Work | Software loads a page and evaluates the code structure against WCAG success criteria |
| Speed | Hundreds or thousands of pages can be scanned in minutes |
| Best Use | Continuous monitoring, catching regressions, and surface-level issue detection before a (manual) audit |
| Limitation | Cannot assess user experience, context, or the 75% of issues requiring human judgment |
How Automated Accessibility Scans Work
A scan loads a web page and inspects the underlying code. The scan engine reads the Document Object Model (DOM), evaluates HTML elements and their attributes, checks ARIA roles and properties, and compares what it reads against a set of predefined rules mapped to WCAG success criteria.
For example, a scan can detect whether an image has an alt attribute. It can flag a form input that lacks a programmatically associated label. It can identify a heading that skips from H2 to H4.
What a scan cannot do is determine whether that alt attribute actually describes the image accurately, whether the label makes sense in context, or whether a user relying on a screen reader would understand the page structure. These assessments require a human evaluator.
What Automated Scans Detect
Scans are effective at identifying issues that follow predictable, code-level patterns. These include missing form labels, empty links, missing alt attributes, incorrect ARIA attribute usage, duplicate IDs, and language declaration issues.
These are real issues worth catching. They affect how assistive technologies interpret and present content. Catching them early and consistently through scheduled scans prevents them from accumulating across a site.
What Automated Scans Miss
Seventy-five percent of WCAG conformance issues fall outside what code inspection alone can determine. A scan has no way to evaluate whether content is logically ordered, whether a custom widget is operable by keyboard in a meaningful way, or whether an error message provides enough information for a user to correct their input.
A scan also cannot evaluate media content. Captions on video, audio descriptions, and the accuracy of transcripts all require human review. The same applies to reading order, focus management in single-page applications, and whether interactive elements behave as expected with assistive technologies like NVDA, JAWS, or VoiceOver.
Types of Scan Tools
Scan tools fall into several categories, each suited to different workflows and organizational needs.
Browser-based scanners run inside a web browser and evaluate the page currently loaded. They are useful for quick checks during development and for scanning authenticated pages that sit behind a login.
API-based scanners accept a URL or batch of URLs and return results programmatically. These integrate with development pipelines and content management systems.
Command-line scanners run from a terminal and are often used in continuous integration and deployment (CI/CD) workflows. Developers can configure them to flag issues before code is merged.
Open source scanners provide their rule sets and source code publicly. Organizations with development teams often incorporate these into custom workflows.
Each category has trade-offs in scope, speed, integration options, and reporting depth.
Scans Are Not Audits
A scan and an audit are fundamentally different activities. A scan is an automated check. An audit is a thorough evaluation conducted by a human accessibility professional who uses screen readers, keyboard navigation, visual inspection, and code review to evaluate a page against the full scope of WCAG.
Calling a scan an audit overstates what the scan delivers. Organizations that rely on scan results alone as evidence of conformance are accounting for roughly one quarter of the standard.
Where Scans Fit in a Conformance Strategy
Scans provide the most value when used as one layer within a broader conformance program. They serve as an early warning system, catching regressions and obvious issues between (manual) audits.
A common approach uses scans on a recurring schedule, sometimes called monitoring, with periodic (manual) audits providing the depth that scans cannot. The scan catches what code analysis can catch. The audit covers everything else.
Scan results also help organizations prioritize. When a scan identifies a pattern of issues across hundreds of pages, that data points toward systemic problems worth addressing before investing in a full audit.
Authenticated Page Scans
Many web applications require login credentials to access core functionality. Standard scans that crawl from a public URL cannot reach these pages.
Authenticated scanning typically uses a browser extension running within an active session. This approach lets the scan evaluate the same pages and states that real users encounter after logging in. For SaaS products and web applications with user dashboards, authenticated scanning is necessary to get a complete picture of scan-detectable issues.
Reading Scan Results
Scan reports typically list each issue by type, the specific WCAG success criterion it relates to, and the location in the code where the issue was identified. Many reports also assign severity levels based on how much the issue affects users of assistive technologies.
Some organizations use prioritization models that combine user impact scoring with risk factor scoring. A high-impact issue affecting a core workflow, such as a checkout process or account registration form, would rank above a low-impact issue on an archived blog post.
Understanding what a scan report contains, and what it does not contain, is the first step toward using scan data effectively. The report covers 25% of the picture. The remaining 75% requires a different kind of evaluation entirely.