You’ve probably been handed the same task many front-end teams get sooner or later: “We need an accessibility audit.” The product is already live. The design system is only half standardized. Some components came from a library, some were copied from old projects, and some were written under deadline pressure by three different people with three different ideas of what “keyboard support” means.
That’s usually the moment accessibility gets treated like a cleanup project. Run a scanner, export a report, file a backlog, move on. In practice, that approach doesn’t stick. A useful accessibility audit does more than identify defects. It shows where your product architecture is helping, where it’s fighting you, and which fixes should move into your design system so the same issues don’t keep reappearing in every sprint.
The most effective teams don’t separate auditing from implementation. They use the audit to harden foundational components, tighten review workflows, and turn accessibility into part of normal delivery. That matters because the web still has a long way to go. In 2025, 94.8% of home pages had at least one detectable accessibility failure, and the average home page contained about 51 accessibility errors, according to the WebAIM Million findings summarized by Be Accessible.
Table of Contents
- Planning Your Audit Strategy and Scope
- The First Pass Using Automated Testing Tools
- A Practical Guide to Manual Testing
- Reporting Findings and Prioritizing Fixes
- From One-Time Audit to Continuous Accessibility
- Going Beyond the Checklist with User Testing
Planning Your Audit Strategy and Scope
Most audit projects go wrong in the first meeting. Someone says “audit the site,” but nobody defines whether that means the marketing pages, the authenticated app, the mobile web flow, the design system, or all of it. If you skip scope, the team either tests too little and misses real barriers, or tests too broadly and gets buried in findings no one can triage.
Start with the product surface that matters
A practical accessibility audit works better when you treat the product as a set of user flows, not a pile of URLs. Industry guidance recommends a mixed-method process: define scope and target WCAG level, test important pages and key flows with automated scanners first, then do manual checks across keyboards, screen readers, and multiple device and browser combinations, and finally document findings by severity and user impact, as outlined by Accessible.org’s audit guidance.
That means you should identify the paths where a user must succeed. Typically, that includes things like:
- Account access: Sign in, password reset, multi-step authentication, profile recovery.
- Revenue paths: Checkout, subscription upgrade, invoice payment, booking, appointment scheduling.
- High-friction forms: Registration, onboarding, support contact, application flows.
- Core navigation: Search, filtering, menus, tabs, modals, and any reusable pattern from the design system.
If your app runs on a component library, add the component inventory to the audit scope. Repeated failures often come from a handful of shared patterns.

Set rules before you start testing
Pick the conformance target early. Teams commonly align the audit to WCAG requirements that match their legal and organizational needs. More important than the label is consistency. If designers review against one standard, QA tests against another, and engineering remediates from screenshots without success criteria, the report turns into opinion instead of evidence.
A short planning brief helps. Keep it simple:
- What is in scope
- Which flows are critical
- Which WCAG level you’re evaluating against
- Which environments count as test targets
- Who owns remediation by component, page, and content type
Practical rule: If a flow is business-critical, it belongs in the first audit cycle even if the rest of the product waits.
Design systems matter here more than teams often realize. If your specs don’t define focus behavior, naming rules, states, and keyboard interaction, developers will improvise. A component spec system like DOM Studio component specs is useful because it gives teams a place to pin down those behaviors before they become audit defects.
The First Pass Using Automated Testing Tools
A useful audit starts with the checks that can run fast and run often. Automated testing gives teams an immediate read on obvious defects in markup, then frees manual reviewers to spend their time on interaction quality instead of hunting for missing labels one page at a time.

What automation is good at
Scanners are strongest at repeatable, programmatic checks. They catch missing alternative text, low-contrast text, empty buttons, empty links, missing form labels, and other defects that show up across templates. That matters because the common failures identified in the WebAIM Million data still appear on the large majority of sites, as summarized by Be Accessible’s review of those findings.
In practice, I separate automated tooling into two groups.
- Developer-facing browser tools: axe DevTools, Lighthouse, Accessibility Insights, and browser accessibility panes. These help during local development, component QA, and bug triage.
- Pipeline and monitoring tools: checks that run in CI, on pull requests, or against preview deployments. These help teams catch regressions before release.
The bigger win is pattern detection. If the same warning appears across ten screens, the fix usually belongs in a shared component, token, or template. That is where design systems pay off. A bad button API or field wrapper can produce hundreds of findings. A good one prevents them from being authored in the first place.
This is especially clear with headless components. A dialog might pass a basic scan because it has a label, but if the primitive does not handle focus correctly, every product team that uses it will recreate the same failure. Starting from an accessible headless dialog component pattern reduces that risk and makes automated checks more meaningful, because teams are testing real regressions instead of known flaws in the foundation.
A few signals in automated reports deserve immediate attention:
- Missing labels and names: Inputs, icon-only buttons, toggles, dismiss controls
- Contrast failures: Disabled states, secondary text, chips, badges, outlines
- ARIA misuse: Roles or attributes added after the fact to patch weak semantics
- Structural gaps: Heading hierarchy problems, missing landmarks, repeated empty interactive elements
What automated tools cannot tell you
Automation can confirm that an element has an accessible name. It cannot judge whether the name is clear in context. It can detect that a dialog is present. It cannot tell you whether focus moves into it correctly, stays contained, returns to the trigger on close, or becomes confusing when layered with another overlay.
That limitation matters in modern product stacks. Teams using component libraries, CMS-driven layouts, and headless UI often assume a passing scan means the building blocks are safe. It does not. Automated tools inspect output. They do not verify whether a task is understandable, keyboard flow is sane, or screen reader announcements match the user’s mental model.
I have seen teams chase cleaner reports by adding ARIA everywhere, hiding extra text, and patching one instance at a time. The report improves. The product gets harder to maintain. Good audits avoid that trap by treating scanner output as engineering input, not a pass or fail grade.
A strong handoff from automation to manual review looks like this:
| Tool output | What to do next |
|---|---|
| Repeated missing labels | Trace the issue to the shared input or field wrapper |
| Contrast failure on many screens | Check token definitions, not just one page |
| Empty button warnings | Review icon button API and naming conventions |
| Landmark or heading issues | Inspect layout templates and CMS rendering rules |
Later in the review, it helps to watch someone walk through a scan-and-fix cycle in context:
A Practical Guide to Manual Testing
Manual testing is where you find the problems that frustrate people instead of just failing rules. It’s slower than automation, but it reveals whether the interface functions when someone relies on keyboard navigation, screen reader output, zoom, and predictable focus behavior.
Run a keyboard-only pass first
Start by putting the mouse away. Use Tab, Shift+Tab, Enter, Space, and arrow keys. That one habit surfaces a surprising number of failures quickly.
You’re checking whether a person can discover and operate everything interactive without guessing. A technically strong audit needs to verify details automated tools often miss, including logical focus order, absence of keyboard traps, correct accessible names, proper label-to-field association, and visible text at 400% zoom, as described in Vispero’s accessibility audit guidance.

Run the pass with a short checklist:
- Follow focus visibly: Every interactive control should show where focus is. If focus disappears, users lose orientation immediately.
- Check order: Focus should move in a sequence that matches the visual and semantic structure.
- Try composite widgets: Menus, listboxes, tabs, comboboxes, dialogs, and drawers fail often because they require more than plain tabbing.
- Exit everything you enter: If a user opens a modal or menu, they need a reliable way to close it and continue.
Headless components can either save you or hurt you. If your team has built custom overlays and menus from scratch, test them aggressively. If you’re using a primitive that already defines focus containment and keyboard handling, such as DOM Studio’s dialog component, you still need to verify implementation, but you’re starting from a much safer place.
Use a screen reader to check names and feedback
You don’t need to be a full-time screen reader user to do useful audit work. You do need to listen carefully. Use NVDA, JAWS, or VoiceOver and go through key tasks.
Listen for these problems:
-
Controls with the wrong name
The button might say “Save” visually but announce as “button” or “unlabeled.” Icon buttons are frequent offenders. -
Fields that aren’t associated with labels
Placeholder text isn’t a reliable substitute. The announced name needs to come from a proper label or equivalent programmatic association. -
Dynamic updates that are silent
Error messages, validation feedback, loading states, and async results need to be communicated. -
Navigation that sounds different from what appears on screen
If the spoken output and visual structure don’t line up, users lose confidence fast.
A screen reader pass doesn’t need to cover every page to be useful. It needs to cover the places where users make decisions, enter data, and recover from errors.
Test zoom reflow and form behavior
A lot of production interfaces look acceptable at standard viewport settings and then fall apart under zoom. Text overlaps. Sticky headers obscure content. Horizontal scrolling appears in places where users need to read linearly. Error messages sit far away from the field they belong to.
Form testing deserves extra attention because teams often fix individual fields but miss the full submission flow. Check the entire cycle:
- Before submit: Are labels present, hints associated, required fields understandable?
- On error: Does the user get feedback they can perceive and act on?
- On correction: Does focus move sensibly? Do errors clear when resolved?
- On success: Is completion confirmed in a way assistive tech can detect?
Common failure points aren’t always dramatic. Often they’re small interruptions that pile up. A date picker that traps focus. A toast that announces too late. A field group with visible labels but no programmatic grouping. Those are the issues that make a product feel fragile.
Reporting Findings and Prioritizing Fixes
A report that merely lists violations usually dies in a spreadsheet. Engineering can’t estimate it well, product can’t rank it well, and leadership sees a wall of compliance language with no connection to user outcomes.
Write for action not for archive
Documentation matters because accessibility audits are part of legal and operational risk management, not just code quality. Level Access notes that audits are used to evaluate conformance with WCAG and legal requirements such as the ADA and Sections 504 and 508, and one summary reports 5,114 ADA lawsuits filed in the US in 2025 alone, which is why clear documentation, severity ranking, and remediation planning are central to due diligence, as described in Level Access’s overview of accessibility audits.
That doesn’t mean the report should sound like it was written for lawyers. It should sound like something a product team can use next sprint.
A useful finding needs seven things:
- A stable issue ID
- A plain-language description
- Exact location
- Applicable WCAG criterion
- Severity
- User impact
- Suggested fix
If a finding doesn’t explain who gets blocked and where, teams will treat it as cosmetic.
Use a report structure engineering can work from
This template is enough for most audit backlogs:
| Issue ID | Issue Description | Location (URL/Component) | WCAG Guideline | Severity (Critical/High/Medium) | User Impact | Suggested Fix |
|---|---|---|---|---|---|---|
| A11Y-001 | Modal opens without moving focus into dialog | Checkout modal / Dialog component | Relevant WCAG criterion | Critical | Keyboard and screen reader users can’t reliably interact with the modal | Move focus to first meaningful control and return focus on close |
| A11Y-002 | Icon-only close button has no accessible name | Global dialog header | Relevant WCAG criterion | High | Screen reader users can’t identify the purpose of the control | Add an accessible name that matches visible purpose |
| A11Y-003 | Error text isn’t associated with field | Registration form / Email input | Relevant WCAG criterion | High | Users may not know which field failed validation | Programmatically associate error text with the input |
| A11Y-004 | Focus indicator is hard to see on secondary buttons | Button component | Relevant WCAG criterion | Medium | Keyboard users can lose track of location | Adjust token and component styles for visible focus |
Severity should reflect task interruption, not how annoying the bug feels to the reviewer. If the issue blocks payment, sign-in, or submission, it belongs near the top. If the issue repeats across a shared component, raise it because one fix can remove many defects at once.
I’ve found that reports move faster when every issue includes one sentence written for product managers: “This blocks task completion,” “This causes recovery failure,” or “This creates extra navigation burden.” That framing helps accessibility compete properly against other work, because it stops sounding abstract.
From One-Time Audit to Continuous Accessibility
The strongest outcome of an accessibility audit isn’t a cleaner report. It’s a better delivery system. If the same types of failures keep coming back, the issue usually isn’t awareness. It’s architecture, review discipline, or both.

Push fixes down into the system
When a team audits page by page, it often fixes symptoms. When it audits by component and flow, it can remove root causes. That’s where design systems earn their keep.
If your button component allows icon-only usage without a required accessible name, every product team can create the same bug. If your combobox primitive doesn’t define keyboard behavior clearly, every implementation becomes a custom interpretation. The audit should identify those system-level gaps and move the fix into the shared layer.
That changes the economics of accessibility work:
- Fix once in primitives: Buttons, dialogs, menus, tabs, fields, toasts, drawers.
- Update usage guidance: Examples, prop docs, naming rules, focus expectations.
- Add review heuristics: Pull request checks for state naming, semantic HTML, keyboard support.
- Retest critical flows: Not every screen. The flows affected by the updated shared patterns.
This is the practical advantage of headless components. When interaction logic, roles, and focus behavior are baked into a primitive, the audit surface gets smaller. Teams spend less time rediscovering basic failures and more time checking real product complexity. One option in that category is DOM Studio, which provides headless web component primitives with built-in accessibility behavior and a Vue layer for app integration.
Use automation as a regression gate
Continuous accessibility doesn’t require a huge governance program. It requires a few checks that happen every time code changes.
A workable setup usually includes:
-
Local checks during development
Developers run browser tooling before opening a pull request. -
Automated checks in preview or CI
Regressions get flagged while the branch is still small. -
Manual QA on changed flows
Especially where overlays, forms, and async behavior are involved. -
Scheduled component re-audits
Not because the first audit failed, but because products evolve.
The easiest accessibility bug to fix is the one you catch before it reaches a shared component release.
Teams that mature here stop treating accessibility as a specialist event. It becomes another quality gate, like visual QA, unit tests, or performance budgets. The audit still matters, but it starts acting more like a calibration point than a rescue operation.
Going Beyond the Checklist with User Testing
A WCAG-aligned audit can tell you whether the product meets technical expectations. It can’t fully tell you whether the product is straightforward, confidence-building, and efficient for people who use assistive technology every day.
Compliance and usability are different jobs
That distinction matters. Guidance from disability advocates argues that expert audits should be complemented by testing with disabled stakeholders because this surfaces issues that automated checks and standards-based reviews miss, especially around usability friction rather than technical pass-fail errors. In short, an audit measures compliance, while user testing measures whether a real person can complete a real task, as explained by Design With Disabled People Now.
At this stage, many teams hesitate. They’ve already done scans, manual checks, and remediation. They assume user testing is optional polish. It isn’t. It answers a different question.
A flow can pass technical review and still feel difficult in practice. Common examples include:
- Verbose navigation: The screen reader output is technically correct but too repetitive to move through efficiently.
- Overloaded forms: Labels and errors are present, but the structure creates too much cognitive load.
- Complex state changes: Filters, inline updates, and transient notifications are understandable in code and confusing in use.
- Interaction timing: Controls respond in ways that are legal but unpredictable.
How to involve disabled users without wasting their time
Don’t run disability simulations and call that research. If you want lived-experience insight, work with actual disabled participants and treat that work with the same rigor you’d apply to any paid usability study.
A practical setup looks like this:
- Recruit for the tasks you need to test: Match participants to the relevant assistive technology and usage patterns.
- Pay people for their time: This is research work, not volunteer feedback.
- Provide accessible logistics: Clear instructions, accessible meeting materials, enough time, and simple tooling.
- Separate expert audit findings from participant findings: One evaluates standards. The other reveals friction, trust, and workarounds.
- Use realistic scenarios: Signing in, finding information, changing settings, paying, booking, uploading, reviewing.
The findings usually sound different from audit findings. Instead of “missing accessible name,” you hear “I wasn’t sure if this opened a menu or submitted the form.” That kind of feedback is what helps teams move from accessible enough to practical usability.
For collaboration on those rounds, a review workflow like screen annotation review in DOM Studio can help teams capture specific UI friction without turning every observation into a vague ticket.
A strong accessibility practice starts with a serious audit, but it lasts because teams fix the system behind the screens. If you’re building with reusable primitives, shared specs, and review workflows that make interaction details visible early, DOM Studio is one option to evaluate for that foundation.
