NF Accessibility Scanner — All-in-One WCAG Audit avatar

NF Accessibility Scanner — All-in-One WCAG Audit

Pricing

$200.00 / 1,000 scan completeds

Go to Apify Store
NF Accessibility Scanner — All-in-One WCAG Audit

NF Accessibility Scanner — All-in-One WCAG Audit

All-in-one website accessibility scanner. Multi-engine WCAG 2.x testing in one run, no setup. JSON/SARIF report with WCAG criteria, severities, priority grades. Checks WCAG rules, render score, keyboard nav, alt text, labels, headings, captions, viewport zoom. Supports auth scanning, CI gates.

Pricing

$200.00 / 1,000 scan completeds

Rating

0.0

(0)

Developer

NativeFoundation, inc.

NativeFoundation, inc.

Maintained by Community

Actor stats

0

Bookmarked

1

Total users

1

Monthly active users

2 days ago

Last modified

Categories

Share

A comprehensive all-in-one website accessibility scanner on Apify. Run a multi-engine WCAG 2.x audit against any URL in a single run — fully self-contained, no API keys, no setup, no external service required.

🧠 Built by NativeFoundation — an expert AI consultant studio. Production-grade accessibility automation, designed and maintained by specialists.

Keywords: accessibility scanner, WCAG compliance testing, WCAG 2.1 audit, ADA compliance scan, a11y testing, automated accessibility testing, keyboard navigation testing, screen reader compatibility, CI/CD accessibility gating.

Trigger phrases — use this actor when you see

  • "Check this page for WCAG compliance"
  • "Run an accessibility audit on [URL]"
  • "Is this site keyboard-navigable?"
  • "ADA compliance check before launch"
  • "Gate our CI/CD pipeline on accessibility regressions"
  • "Does this page have proper alt text and labels?"

When to use it / when not to

✅ Use it when you want to:

  • Run a single-URL WCAG / a11y audit and get one normalized JSON (or SARIF) report — no local tooling to install.
  • Gate CI/CD on accessibility: failOnGrade / failOnSeverity make the run exit non-zero when a page crosses your threshold.
  • Give an agent or MCP tool a one-shot, structured accessibility check it can call and parse.
  • Cover more ground in one pass than any single engine: DOM rules, a rendered-page score, keyboard-nav, and native HTML/media/viewport checks are merged into one report.

❌ Don't use it for:

  • Full-site crawling. It scans the single URL you give it — it does not spider links, sitemaps, or paginate. Point it at each page (or drive it from your own crawler / a scheduled run per URL) if you need whole-site coverage.
  • A substitute for a manual expert audit. Automated tooling catches a large, well-defined subset of WCAG failures, but many success criteria (meaningful alt text, logical reading order, cognitive load) still require human review. Treat a clean grade as a floor, not a certification.

What it does

All six engines run by default — deselect any you don't want in the engines input. Their results are merged into a single, normalized report.

EngineWhat it doesTypical findings
WCAG auditFull axe-core ruleset — DOM-based WCAG 2.x violation detection5–30 findings
Render auditRendered-page accessibility score via Lighthouse's accessibility category — a different rule engine, catches some issues axe doesn't0–15 findings
Keyboard navSimulates Tab-key navigation: focus indicators, unreachable elements, focus traps0–5 findings
HTML structureAlt text, form labels, heading hierarchy, document title, duplicate ids, unlabeled links/buttons0–10 findings
Media captionsMissing captions/transcripts on <video>/<audio>, missing titles on embedded video iframes0–5 findings
Viewport a11yViewport meta configuration that disables pinch-to-zoom0–1 findings

Input

FieldTypeRequiredDefaultDescription
urlstringYesTarget URL to scan
enginesstring[]Noall sixWhich engines to run — remove any you don't want
requestHeadersobjectNoExtra HTTP headers (e.g. {"Authorization": "Bearer …"}) for authenticated scanning. Sent only to the target's origin, never to third-party hosts. Carried by wcag-audit, keyboard-nav, and the native engines — render-audit (Lighthouse) has no per-request origin scoping and remains unauthenticated
cookiesstringNoA Cookie header value (e.g. session=…) for authenticated scanning
outputFormatstringNo"json"json, sarif (also writes an OUTPUT.sarif SARIF 2.1.0 record for code scanning), or both
failOnGradestringNoCI gate: exit non-zero if the grade is this letter or worse (B/C/D/F). Report is still written and charged
failOnSeveritystringNoCI gate: exit non-zero if any finding is at this severity or higher (minor/moderate/serious/critical)

Scope: each run scans one URL (see When to use it / when not to above — it does not crawl), so the grade reflects the page actually reached. A full six-engine run typically takes 1–2 minutes.

Proxy: the browser-based engines always route through Apify's Residential proxy — not configurable via input. Datacenter IPs get throttled or served a degraded page variant by many bot-defended sites (ecommerce, social), which skews the audit toward a page real users never see. If Residential access is unavailable on the account running this Actor, the scan falls back to a direct connection automatically and report.proxy.note records why. html-structure, media-captions, and viewport-a11y always connect directly regardless.

Output

A single unified, deduplicated report, written both to the default key-value store under the record OUTPUT and as one item in the default dataset. When outputFormat is sarif/both, a SARIF 2.1.0 rendering is also written to OUTPUT.sarif.

{
"target": "https://example.com",
"engines": ["wcag-audit", "html-structure"],
"status": { "wcag-audit": "completed", "html-structure": "completed" },
"meta": {
"reportVersion": "1.0.0",
"startedAt": "2026-07-02T13:38:49.128Z",
"finishedAt": "2026-07-02T13:39:41.902Z",
"durationMs": 52774,
"enginesRequested": 2,
"enginesCompleted": 2,
"enginesErrored": 0,
"enginesTimedOut": 0
},
"summary": {
"totalFindings": 4,
"score": 82,
"grade": "B",
"duplicatesMerged": 1,
"bySeverity": { "serious": 2, "moderate": 2 },
"byPriority": { "p1": 2, "p2": 2 },
"byEngine": { "wcag-audit": 3, "html-structure": 1 }
},
"findings": [
{
"id": "NF-A11Y-0001",
"engines": ["wcag-audit"],
"severity": "serious",
"priority": "p1",
"title": "Images must have alternate text",
"description": "...",
"location": "img.hero",
"occurrences": 1,
"wcagCriterion": "1.1.1",
"wcagLevel": "A",
"helpUrl": "https://dequeuniversity.com/rules/axe/4.10/image-alt"
}
],
"engineOutput": {
"wcag-audit": { "status": "completed" },
"html-structure": { "status": "completed" }
}
}

Score & grade

summary.score is a single 0–100 headline number (higher = more accessible, matching the Lighthouse/axe convention), weighted by severity. It maps to a letter grade (A best → F worst): A ≥ 90, B ≥ 75, C ≥ 50, D ≥ 25, F < 25.

Deduplication

When more than one engine reports the same issue at the same location, the findings are merged into a single entry rather than duplicated — non-destructively, keeping every engine that reported it (engines), the highest severity, the most detailed description, and the number of raw matches (occurrences).

CI/CD gating

Set outputFormat: "sarif" (or "both") to emit a SARIF 2.1.0 record you can upload to GitHub code scanning or GitLab SAST. Set failOnGrade and/or failOnSeverity to make the run exit non-zero when the scan crosses your threshold.

Compared to alternatives

Most accessibility tools wrap one engine and run locally (a browser extension, a CLI you install, or a paid SaaS dashboard). This Actor's differentiator: it merges axe-core + a Lighthouse accessibility pass + a headless-Chromium keyboard-navigation walk + native HTML / media-caption / viewport checks into one hosted run, then emits a single de-branded, normalized report (plus SARIF 2.1.0) with CI gating (failOnGrade / failOnSeverity) — nothing to install, callable as an Apify Actor or MCP tool.

ToolEngine coverageRuns asMulti-engine mergeSARIF outputCI gate built in
This Actoraxe-core + Lighthouse a11y + keyboard-nav + native HTML/media/viewportHosted Apify Actor / MCP tool — no install✅ one normalized report✅ 2.1.0failOnGrade / failOnSeverity
axe DevTools (Deque)axe-coreBrowser extension / paid SaaS✗ axe only✗ (manual/in-app)
Deque axe-core CLIaxe-coreLocal CLI you install✗ axe onlyVia exit code, self-scripted
WAVE (WebAIM)WAVE engineBrowser extension / web UI / paid API✗ WAVE only
Pa11y / pa11y-ciaxe-core or HTML_CodeSniffer (pick one)Local CLI/Node you install✗ one runner per pass✅ threshold, self-hosted
Lighthouse CILighthouse accessibility categoryLocal CLI / your CI runner✗ Lighthouse only✅ assertions, self-hosted
SiteimproveProprietary crawler-based suitePaid enterprise SaaSn/a (single vendor suite)Dashboard/policy, not a per-run exit code

Notes: the comparison reflects each tool's core, out-of-the-box behavior. Several competitors are excellent at what they do — Siteimprove adds whole-site crawling and governance this Actor deliberately doesn't (it scans a single URL); Lighthouse CI and pa11y-ci gate CI well but each on a single engine you host yourself. This Actor's niche is a zero-install, multi-engine, agent-callable single-URL audit with a normalized report and SARIF/CI gating in one run.

FAQ

Why use this instead of just running axe-core myself? axe-core alone catches a good DOM-rule subset, but misses issues a different engine catches — keyboard-nav focus traps, Lighthouse's render-based accessibility score, missing captions, zoom-disabling viewports. This Actor merges six engines into one normalized report so you get that coverage without wiring up and maintaining six separate tools yourself.

Why not just use a browser extension like WAVE or axe DevTools? Those are manual, one-page-at-a-time, human-in-the-loop tools. This Actor is built to be called programmatically — from a CI pipeline, a script, or an AI agent/MCP tool — and returns structured JSON (or SARIF) instead of a UI overlay you have to read yourself.

Can this replace a manual accessibility audit? No, and it doesn't claim to. Automated tooling reliably catches a large, well-defined subset of WCAG failures (missing alt text, label associations, focus traps, contrast, etc.), but things like meaningful alt-text quality, logical reading order, and cognitive load still need human review. Treat a clean grade as a floor, not a certification.

Why run this in CI instead of just checking manually before each release? failOnGrade / failOnSeverity let you fail a build automatically the moment a regression crosses your threshold, catching accessibility regressions the same way a test suite catches functional ones — before they ship, not after a manual pass someone forgot to run.

Is this useful for AI agents, not just CI pipelines? Yes — it's designed to be one-shot and agent-callable: give it a URL, get back a single structured report an agent or MCP tool can parse directly, no scraping a UI or interpreting a DOM overlay.

Which WCAG version and level does this test — 2.0, 2.1, 2.2, A/AA/AAA? The wcag-audit engine runs axe-core's full ruleset, which covers WCAG 2.0, 2.1, and 2.2 success criteria at levels A and AA (axe-core doesn't test AAA, since most AAA criteria require subjective, human judgment rather than automated rules). render-audit (Lighthouse) and the native engines add checks that overlap several of the same criteria from a different angle, rather than adding AAA coverage.


Licenses & attribution

This Actor packages third-party open-source accessibility tooling (axe-core, Lighthouse, Puppeteer, chrome-launcher). Full license texts and source references are included in the ../NOTICE file distributed with the image. All components are redistributed in accordance with their respective licenses (MPL-2.0, Apache-2.0). html-structure, media-captions, and viewport-a11y are native engines written in-house with no bundled third-party scanner.