Website Scanner
Scan up to 10 URLs per run with a chosen WCAG version and rule pack.
Website Scanner
The Website Scanner runs axe-core against each URL in a headless Chromium browser and produces a unified report for all URLs in the scan.
When to use it
- Target pages are reachable on a direct URL (public or single-sign-on that carries auth via cookies).
- You want per-URL and roll-up severity counts in one report.
- You need formal WCAG conformance output (the Website Scanner drives the conformance matrix).
For pages behind a login form, use Authenticated Scanning. For bugs that appear only after a user action, use Workflow Analyzer.
Create a scan
- Sidebar → Website Scanner → New Scan.
- Enter a scan name (auto-suggested from the first URL's domain; edit any time).
- Add URLs:
- Type a URL and press Enter or click Add page.
https://is auto-prepended if you don't type a protocol.- Up to 10 URLs per scan.
- Duplicates are rejected.
- (Optional) Click the ⚙ gear to open Scan Settings and adjust WCAG version, rule toggles, or authentication.
- Click Create Scan.
Screenshot (TODO): New Scan form with URL list and settings gear
Scan Settings — Accessibility tab
WCAG version
Pick from the full matrix of WCAG 2.0 / 2.1 / 2.2 at Levels A, AA, or AAA. The default is WCAG 2.1 AA — the most common compliance target.
| Version | Value in API | Common target for |
|---|---|---|
| WCAG 2.2 AAA | wcag22aaa | Government / high-bar accessibility programs |
| WCAG 2.2 AA | wcag22aa | Modern corporate standard |
| WCAG 2.2 A | wcag22a | Baseline on 2.2 |
| WCAG 2.1 AA | wcag21aa | Recommended default |
| WCAG 2.1 A | wcag21a | Minimum 2.1 conformance |
| WCAG 2.0 AA / A | wcag2aa / wcag2a | Legacy compliance programs |
Rule toggles
| Toggle | Default | Effect |
|---|---|---|
| Advanced rules | On | Enable extra axe-core rules that are off by default. Recommended to leave on. |
| Best practices | Off | Include rules that improve UX but aren't WCAG violations (e.g., heading-order, landmark-unique). |
| Needs review | On | Include "incomplete" results that need manual verification. Turn off for a pure pass/fail list. |
See Rule categories for what's included in each.
Scan Settings — Authentication tab
If your pages need credentials to load, flip to the Authentication tab and pick one of Cookies, Login Form, or HTTP Headers. Full configuration: Authenticated Scanning.
What gets captured per URL
For every URL in the scan, the engine records:
- Accessibility score (0–100)
- Violations (failures), passes, and incomplete counts
- Issues by severity (critical / serious / moderate / minor)
- Page screenshot for element highlighting
- HTML snapshot — used to render the element inspection panel
Aggregated across all URLs in the scan you also get:
- WCAG conformance matrix (pass / fail / incomplete per criterion)
- Affected-pages table
- Affected-components table (DOM selectors with issue counts)
- Overall score
FAQ
Why can I only add 10 URLs? To keep a single scan run bounded. For larger sites, split into multiple scans or use a URL list via API.
Does the scanner follow links? No. Every URL you want scanned must be in the list.
Do credentials get stored? Login credentials and cookies are encrypted at rest. See Authenticated scanning for details on handling.