Automated WCAG accessibility scanning for every website.
A11yRisk crawls your website and tests every page against the WCAG (Web Content Accessibility Guidelines) standard you choose. After a scan completes, you receive a prioritised list of violations — each tagged with the exact WCAG criterion, the severity, the affected HTML element, and a link to remediation guidance. You can download the results as a PDF (for audit reporting and client documentation) or as JSON (for developer tooling and further analysis).
Who it is for:
| Role | Primary use |
|---|---|
| Web developer / engineer | Find and fix violations before a deployment. Download JSON output to analyse violations in developer tooling. |
| Digital agency | Audit client sites. Deliver PDF accessibility audit reports. Manage multiple workspaces under one account. |
| Compliance officer / project manager | Track accessibility test findings over time. Share automated scan reports with project stakeholders. |
| Accessibility specialist | Run a fast automated baseline audit before or alongside manual testing. |
What it checks:
A11yRisk uses axe-core — the industry-standard open-source accessibility testing engine — with full-page browser rendering. Every scan exercises JavaScript, CSS, and dynamic content, not just the static HTML source.
New accounts receive one free credit. A credit covers one page. To activate it:
Note: If your workspace has already activated the free credit, the activation banner will not appear. Check your credit balance in the top-right corner of the Billing page.
Select New Scan from the sidebar or the New Scan button on the Dashboard.
Enter the full URL of the page you want to start from, including the scheme:
https://example.com
The crawler follows internal links from this starting page outward, up to the page limit you set. It does not follow external links or links to subdomains not included in the starting URL.
The Page limit field caps how many pages the crawler will visit. One credit is used per page scanned.
| Page limit | Credits used (maximum) |
|---|---|
| 1 | 1 |
| 10 | up to 10 |
| 20 (default) | up to 20 |
| 500 (maximum) | up to 500 |
The actual number of credits deducted equals the number of pages successfully scanned — if the site has fewer pages than the limit, only the actual page count is charged. Your current credit balance and the maximum pages that can be reserved for the scan are shown below the form before you submit.
Choose the conformance level to test against. The default is WCAG 2.1 Level AA, the level referenced by EU EAA and US Section 508 regulations.
| Standard | Level | Use case |
|---|---|---|
| WCAG 2.1 | A | Minimum — basic accessibility requirements |
| WCAG 2.1 | AA | Referenced by EU EAA and US Section 508 — recommended |
| WCAG 2.1 | AAA | Enhanced — government / healthcare |
| WCAG 2.2 | A | Minimum — basic accessibility requirements |
| WCAG 2.2 | AA | Current W3C standard |
| WCAG 2.2 | AAA | Strictest |
WCAG 2.1 AA is the most widely enforced standard. Select WCAG 2.2 AA if you want to test against the latest W3C specification, which adds several new success criteria to 2.1 AA.
Click Create Scan. You will be redirected to the scan detail page, where progress updates automatically — you do not need to stay on the page while the scan runs.
Every scan passes through the following stages in order:
| Status | What is happening |
|---|---|
| Queued | The scan is waiting for an available worker. |
| Crawling | The crawler is following links from your starting URL and building a list of pages to test. |
| Scanning | Each page is being loaded in a real browser and tested with axe-core. |
| Aggregating | Results from all pages are being combined and deduplicated. |
| Generating report | The PDF report is being rendered and uploaded. |
| Done | The scan is complete. Results and downloads are available. |
| Failed | The scan could not complete. See Frequently asked questions below. |
| Canceled | You or another workspace admin canceled the scan before it finished. |
While scans are running, the sidebar shows a banner with the count of active scans. Clicking the banner takes you to the Scans list.
While a scan is in any non-terminal status (Queued, Crawling, Scanning, Aggregating, or Generating report), a Cancel scan button is available on the scan detail page and on the Scans list. Credits for pages already scanned at the time of cancellation are consumed; pages not yet scanned are not charged.
When a scan reaches Done status, the violations table appears on the scan detail page.
| Column | Description |
|---|---|
| Page URL | The specific page on which the violation was found. |
| WCAG Criteria | The WCAG success criterion that is violated (e.g., 1.4.3 Contrast). Clicking the criterion opens the W3C documentation. |
| Impact | Severity of the violation — see impact levels below. |
| Source | The detection method — see sources below. |
| Description | A plain-English explanation of the violation, linked to axe-core's remediation guidance. |
| Element | The HTML snippet of the affected element on the page. |
Impact is assigned by axe-core based on how severely the violation affects users with disabilities.
| Impact | Meaning |
|---|---|
| Critical | Completely prevents access for affected users. Fix immediately. |
| Serious | Causes significant difficulty. High priority for remediation. Fix before launch. |
| Moderate | Causes difficulty for some users. Fix in next iteration. |
| Minor | Minor inconvenience. Address as time allows. |
Critical and Serious violations represent the highest accessibility barriers and should be resolved as a priority. Moderate violations should be addressed; Minor violations are typically noted but not blocking.
| Source | Meaning |
|---|---|
| Axe | Detected by the axe-core rule engine during page rendering. |
| Custom | Detected by an A11yRisk custom rule (e.g., PDF link detection, lang attribute checks). |
| State | Detected by simulating interactive states such as focus, hover, or keyboard navigation. |
Each violation carries one or more conformance tags indicating which WCAG version and level the rule belongs to. These tags appear in the JSON export and in detailed violation data.
| Tag | Version | Level |
|---|---|---|
wcag2a | WCAG 2.x (any) | A |
wcag2aa | WCAG 2.x (any) | AA |
wcag2aaa | WCAG 2.x (any) | AAA |
wcag21aa | WCAG 2.1 specifically | AA |
wcag22a | WCAG 2.2 specifically | A |
wcag22aa | WCAG 2.2 specifically | AA |
wcag22aaa | WCAG 2.2 specifically | AAA |
Tags without a minor version (e.g. wcag2aa) apply to all WCAG 2.x versions. Tags with a minor version (e.g. wcag22aa) are specific to that release. A violation may carry both — for example, wcag2aa and wcag21aa on the same rule indicates it is required by WCAG 2.x AA and was formalised in the 2.1 revision.
Use the filter controls above the table to narrow results:
1.4.3 or contrast) to filter by WCAG tag.If the table shows "No violations found", the scanned pages passed all tested rules at the selected WCAG level. This is a strong result, but note that automated testing cannot cover all WCAG success criteria — manual testing and user testing with assistive technologies are still recommended for a thorough accessibility review.
Once a scan is complete, two download buttons appear on the scan detail page.
Download PDF generates a formatted accessibility audit report suitable for:
The PDF includes the scan metadata (URL, date, WCAG standard, page count), a summary of violations by impact level, and the full violation list with descriptions and HTML elements.
Download JSON provides the raw violation data in a machine-readable format suitable for:
The JSON structure follows axe-core's output schema, extended with A11yRisk metadata (page URL, scan ID, WCAG standard, timestamps).
Download link validity: Download links are generated fresh each time you click the button and are valid for 1 hour. The report files themselves are retained for 30 days after the scan completes — after that they are permanently deleted. If a link has expired but the report is still within the 30-day window, click the button again to get a fresh link.
One credit is consumed for each page successfully scanned. When you submit a scan, credits equal to the page limit are reserved from your balance immediately. At scan completion, any credits reserved for pages not actually scanned are automatically refunded — the net charge always equals the number of pages successfully processed. If a scan is canceled mid-way, only pages already scanned are charged. Credits never expire. A pack you purchase today is available indefinitely.
| Pack | Credits | Best for |
|---|---|---|
| Starter | 5 | Testing a small site or running an initial audit |
| Team | 20 | Regular scanning of a medium site or a handful of client sites |
| Agency | 60 | Ongoing scanning across multiple client sites or large deployments |
To purchase a pack, go to Billing in the sidebar. Only workspace Admins can purchase credits. If you are a Member, the Billing page will show your current balance and prompt you to contact your workspace admin.
Your credit balance is shown:
Clicking Buy credits on a pack card opens a Stripe-hosted checkout page. After completing payment, you are redirected back to the Billing page. Credits are added to your balance automatically within a few seconds. If your balance does not update immediately, the page will poll for the update — wait up to 20 seconds before refreshing.
New accounts can activate one free credit by adding a payment method on the Billing page. The card is not charged. See Your first scan — free for step-by-step instructions.
| Role | Permissions |
|---|---|
| Admin | Run scans, view results, manage team members, purchase credits, change settings. |
| Member | Run scans, view results. Cannot purchase credits or manage team membership. |
Every workspace must have at least one Admin. The account that creates the workspace is assigned Admin role automatically.
Only Admins can invite new members.
The invited user receives an email with a link to create or sign in to their A11yRisk account. Once they accept, they appear in the team members list.
Removed members lose access to the workspace immediately. Their past scans remain in the workspace history.
Credits belong to the workspace, not to individual users. All team members share the same credit balance. Any member who runs a scan consumes credits from the shared balance. Only Admins can purchase credits to replenish it.
The workspace name appears in the sidebar and in any PDF reports generated by the workspace. To update it:
If your workspace is using a default system-generated name, a banner will remind you to update it.
A11yRisk is available in English, German, French, Dutch, and Polish. To change the interface language:
The interface updates immediately. Language preference is stored per-user, not per-workspace — each team member can set their own language independently.
How long does a scan take?
Scan time depends on the number of pages and the complexity of each page. A 1-page scan typically completes in under a minute. A 20-page scan typically takes 3–8 minutes. A 500-page scan may take 30–60 minutes. The scan detail page updates in real time — you do not need to keep the tab open.
Can I scan a staging or localhost URL?
Yes, if the URL is publicly reachable from the internet. Private network addresses (localhost, 10.x.x.x, 192.168.x.x, 172.16–31.x.x) are blocked for security reasons.
Can I scan a URL that requires a login?
Not in the current version. The scanner uses an unauthenticated browser session. If your pages require authentication, consider scanning a staging environment with public access, or contact support to discuss authenticated scanning options.
The scan shows 0 violations. Is that correct?
It may be. However, automated testing cannot cover every WCAG success criterion. Criteria involving subjective judgement (e.g., 1.4.5 Images of Text, 2.4.6 Headings and Labels, 3.3.2 Labels or Instructions) require human review. A zero-violation automated result is a strong signal but not a complete accessibility guarantee. Pair automated scans with manual testing and testing with screen readers for a comprehensive audit.
A violation says the element is "#document". What does that mean?
Some axe-core rules test the page document as a whole rather than a specific element — for example, checking that the <html> element has a lang attribute. The #document element reference indicates the violation applies to the page level.
Can I re-scan the same URL?
Yes. Each scan is independent and consumes credits according to the pages it covers. Re-scanning is recommended after deploying fixes to verify remediation.
What is the difference between WCAG 2.1 AA and WCAG 2.2 AA?
WCAG 2.2 introduces new success criteria not present in 2.1. The additions relevant to AA conformance include:
EU EAA and US Section 508 currently reference WCAG 2.1 AA. WCAG 2.2 AA is the current W3C recommendation and is expected to be referenced by future regulations.
My scan failed. What should I do?
A scan can fail if the starting URL is unreachable, returns an error status, or the crawler encounters a persistent network issue. Check that:
If the issue persists, contact support with the scan ID from the scan detail page URL.
Who can see my scan results?
Scan results are visible to all members of your workspace. They are not visible to other workspaces or to A11yRisk staff without your explicit permission. For full details, see the Privacy Policy.