NF Accessibility Scanner — All-in-One WCAG Audit
Pricing
$200.00 / 1,000 scan completeds
NF Accessibility Scanner — All-in-One WCAG Audit
All-in-one website accessibility scanner. Multi-engine WCAG 2.x testing in one run, no setup. JSON/SARIF report with WCAG criteria, severities, priority grades. Checks WCAG rules, render score, keyboard nav, alt text, labels, headings, captions, viewport zoom. Supports auth scanning, CI gates.
Pricing
$200.00 / 1,000 scan completeds
Rating
0.0
(0)
Developer
NativeFoundation, inc.
Maintained by CommunityActor stats
0
Bookmarked
1
Total users
1
Monthly active users
2 days ago
Last modified
Categories
Share
A comprehensive all-in-one website accessibility scanner on Apify. Run a multi-engine WCAG 2.x audit against any URL in a single run — fully self-contained, no API keys, no setup, no external service required.
🧠 Built by NativeFoundation — an expert AI consultant studio. Production-grade accessibility automation, designed and maintained by specialists.
Keywords: accessibility scanner, WCAG compliance testing, WCAG 2.1 audit, ADA compliance scan, a11y testing, automated accessibility testing, keyboard navigation testing, screen reader compatibility, CI/CD accessibility gating.
Trigger phrases — use this actor when you see
- "Check this page for WCAG compliance"
- "Run an accessibility audit on [URL]"
- "Is this site keyboard-navigable?"
- "ADA compliance check before launch"
- "Gate our CI/CD pipeline on accessibility regressions"
- "Does this page have proper alt text and labels?"
When to use it / when not to
✅ Use it when you want to:
- Run a single-URL WCAG / a11y audit and get one normalized JSON (or SARIF) report — no local tooling to install.
- Gate CI/CD on accessibility:
failOnGrade/failOnSeveritymake the run exit non-zero when a page crosses your threshold. - Give an agent or MCP tool a one-shot, structured accessibility check it can call and parse.
- Cover more ground in one pass than any single engine: DOM rules, a rendered-page score, keyboard-nav, and native HTML/media/viewport checks are merged into one report.
❌ Don't use it for:
- Full-site crawling. It scans the single URL you give it — it does not spider links, sitemaps, or paginate. Point it at each page (or drive it from your own crawler / a scheduled run per URL) if you need whole-site coverage.
- A substitute for a manual expert audit. Automated tooling catches a large, well-defined subset of WCAG failures, but many success criteria (meaningful alt text, logical reading order, cognitive load) still require human review. Treat a clean grade as a floor, not a certification.
What it does
All six engines run by default — deselect any you don't want in the engines input. Their results are merged into a single, normalized report.
| Engine | What it does | Typical findings |
|---|---|---|
| WCAG audit | Full axe-core ruleset — DOM-based WCAG 2.x violation detection | 5–30 findings |
| Render audit | Rendered-page accessibility score via Lighthouse's accessibility category — a different rule engine, catches some issues axe doesn't | 0–15 findings |
| Keyboard nav | Simulates Tab-key navigation: focus indicators, unreachable elements, focus traps | 0–5 findings |
| HTML structure | Alt text, form labels, heading hierarchy, document title, duplicate ids, unlabeled links/buttons | 0–10 findings |
| Media captions | Missing captions/transcripts on <video>/<audio>, missing titles on embedded video iframes | 0–5 findings |
| Viewport a11y | Viewport meta configuration that disables pinch-to-zoom | 0–1 findings |
Input
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
url | string | Yes | — | Target URL to scan |
engines | string[] | No | all six | Which engines to run — remove any you don't want |
requestHeaders | object | No | — | Extra HTTP headers (e.g. {"Authorization": "Bearer …"}) for authenticated scanning. Sent only to the target's origin, never to third-party hosts. Carried by wcag-audit, keyboard-nav, and the native engines — render-audit (Lighthouse) has no per-request origin scoping and remains unauthenticated |
cookies | string | No | — | A Cookie header value (e.g. session=…) for authenticated scanning |
outputFormat | string | No | "json" | json, sarif (also writes an OUTPUT.sarif SARIF 2.1.0 record for code scanning), or both |
failOnGrade | string | No | — | CI gate: exit non-zero if the grade is this letter or worse (B/C/D/F). Report is still written and charged |
failOnSeverity | string | No | — | CI gate: exit non-zero if any finding is at this severity or higher (minor/moderate/serious/critical) |
Scope: each run scans one URL (see When to use it / when not to above — it does not crawl), so the grade reflects the page actually reached. A full six-engine run typically takes 1–2 minutes.
Proxy: the browser-based engines always route through Apify's Residential proxy — not configurable via input. Datacenter IPs get throttled or served a degraded page variant by many bot-defended sites (ecommerce, social), which skews the audit toward a page real users never see. If Residential access is unavailable on the account running this Actor, the scan falls back to a direct connection automatically and
report.proxy.noterecords why.html-structure,media-captions, andviewport-a11yalways connect directly regardless.
Output
A single unified, deduplicated report, written both to the default key-value store under the record OUTPUT and as one item in the default dataset. When outputFormat is sarif/both, a SARIF 2.1.0 rendering is also written to OUTPUT.sarif.
{"target": "https://example.com","engines": ["wcag-audit", "html-structure"],"status": { "wcag-audit": "completed", "html-structure": "completed" },"meta": {"reportVersion": "1.0.0","startedAt": "2026-07-02T13:38:49.128Z","finishedAt": "2026-07-02T13:39:41.902Z","durationMs": 52774,"enginesRequested": 2,"enginesCompleted": 2,"enginesErrored": 0,"enginesTimedOut": 0},"summary": {"totalFindings": 4,"score": 82,"grade": "B","duplicatesMerged": 1,"bySeverity": { "serious": 2, "moderate": 2 },"byPriority": { "p1": 2, "p2": 2 },"byEngine": { "wcag-audit": 3, "html-structure": 1 }},"findings": [{"id": "NF-A11Y-0001","engines": ["wcag-audit"],"severity": "serious","priority": "p1","title": "Images must have alternate text","description": "...","location": "img.hero","occurrences": 1,"wcagCriterion": "1.1.1","wcagLevel": "A","helpUrl": "https://dequeuniversity.com/rules/axe/4.10/image-alt"}],"engineOutput": {"wcag-audit": { "status": "completed" },"html-structure": { "status": "completed" }}}
Score & grade
summary.score is a single 0–100 headline number (higher = more accessible, matching the Lighthouse/axe convention), weighted by severity. It maps to a letter grade (A best → F worst): A ≥ 90, B ≥ 75, C ≥ 50, D ≥ 25, F < 25.
Deduplication
When more than one engine reports the same issue at the same location, the findings are merged into a single entry rather than duplicated — non-destructively, keeping every engine that reported it (engines), the highest severity, the most detailed description, and the number of raw matches (occurrences).
CI/CD gating
Set outputFormat: "sarif" (or "both") to emit a SARIF 2.1.0 record you can upload to GitHub code scanning or GitLab SAST. Set failOnGrade and/or failOnSeverity to make the run exit non-zero when the scan crosses your threshold.
Compared to alternatives
Most accessibility tools wrap one engine and run locally (a browser extension, a CLI you install, or a paid SaaS dashboard). This Actor's differentiator: it merges axe-core + a Lighthouse accessibility pass + a headless-Chromium keyboard-navigation walk + native HTML / media-caption / viewport checks into one hosted run, then emits a single de-branded, normalized report (plus SARIF 2.1.0) with CI gating (failOnGrade / failOnSeverity) — nothing to install, callable as an Apify Actor or MCP tool.
| Tool | Engine coverage | Runs as | Multi-engine merge | SARIF output | CI gate built in |
|---|---|---|---|---|---|
| This Actor | axe-core + Lighthouse a11y + keyboard-nav + native HTML/media/viewport | Hosted Apify Actor / MCP tool — no install | ✅ one normalized report | ✅ 2.1.0 | ✅ failOnGrade / failOnSeverity |
| axe DevTools (Deque) | axe-core | Browser extension / paid SaaS | ✗ axe only | ✗ | ✗ (manual/in-app) |
| Deque axe-core CLI | axe-core | Local CLI you install | ✗ axe only | ✗ | Via exit code, self-scripted |
| WAVE (WebAIM) | WAVE engine | Browser extension / web UI / paid API | ✗ WAVE only | ✗ | ✗ |
| Pa11y / pa11y-ci | axe-core or HTML_CodeSniffer (pick one) | Local CLI/Node you install | ✗ one runner per pass | ✗ | ✅ threshold, self-hosted |
| Lighthouse CI | Lighthouse accessibility category | Local CLI / your CI runner | ✗ Lighthouse only | ✗ | ✅ assertions, self-hosted |
| Siteimprove | Proprietary crawler-based suite | Paid enterprise SaaS | n/a (single vendor suite) | ✗ | Dashboard/policy, not a per-run exit code |
Notes: the comparison reflects each tool's core, out-of-the-box behavior. Several competitors are excellent at what they do — Siteimprove adds whole-site crawling and governance this Actor deliberately doesn't (it scans a single URL); Lighthouse CI and pa11y-ci gate CI well but each on a single engine you host yourself. This Actor's niche is a zero-install, multi-engine, agent-callable single-URL audit with a normalized report and SARIF/CI gating in one run.
FAQ
Why use this instead of just running axe-core myself? axe-core alone catches a good DOM-rule subset, but misses issues a different engine catches — keyboard-nav focus traps, Lighthouse's render-based accessibility score, missing captions, zoom-disabling viewports. This Actor merges six engines into one normalized report so you get that coverage without wiring up and maintaining six separate tools yourself.
Why not just use a browser extension like WAVE or axe DevTools? Those are manual, one-page-at-a-time, human-in-the-loop tools. This Actor is built to be called programmatically — from a CI pipeline, a script, or an AI agent/MCP tool — and returns structured JSON (or SARIF) instead of a UI overlay you have to read yourself.
Can this replace a manual accessibility audit? No, and it doesn't claim to. Automated tooling reliably catches a large, well-defined subset of WCAG failures (missing alt text, label associations, focus traps, contrast, etc.), but things like meaningful alt-text quality, logical reading order, and cognitive load still need human review. Treat a clean grade as a floor, not a certification.
Why run this in CI instead of just checking manually before each release?
failOnGrade / failOnSeverity let you fail a build automatically the moment a regression crosses your threshold, catching accessibility regressions the same way a test suite catches functional ones — before they ship, not after a manual pass someone forgot to run.
Is this useful for AI agents, not just CI pipelines? Yes — it's designed to be one-shot and agent-callable: give it a URL, get back a single structured report an agent or MCP tool can parse directly, no scraping a UI or interpreting a DOM overlay.
Which WCAG version and level does this test — 2.0, 2.1, 2.2, A/AA/AAA?
The wcag-audit engine runs axe-core's full ruleset, which covers WCAG 2.0, 2.1, and 2.2 success criteria at levels A and AA (axe-core doesn't test AAA, since most AAA criteria require subjective, human judgment rather than automated rules). render-audit (Lighthouse) and the native engines add checks that overlap several of the same criteria from a different angle, rather than adding AAA coverage.
Licenses & attribution
This Actor packages third-party open-source accessibility tooling (axe-core, Lighthouse, Puppeteer, chrome-launcher). Full license texts and source references are included in the ../NOTICE file distributed with the image. All components are redistributed in accordance with their respective licenses (MPL-2.0, Apache-2.0). html-structure, media-captions, and viewport-a11y are native engines written in-house with no bundled third-party scanner.