ADA Title II Deadline Extended: What It Does Not Excuse
DOJ delayed the Title II web deadline to 2027/2028, four days before it landed. But for 15+-employee HHS recipients, Section 504 already bit first anyway.
Stop guessing whether your website is accessible. A11yFlow scans any page for WCAG 2.2 violations and tells you exactly what's broken, why it matters, and how to fix it — all through a clean REST API that fits into the workflow you already have.
No credit card required. 25 free scans every month to try it out.
$ # 1. Create an API key
$ curl -X POST https://api.a11yflow.dev/v1/keys
$ # 2. Scan a URL
$ curl -X POST https://api.a11yflow.dev/v1/scans \
-d '{"url":"https://example.com"}'
$ # 3. Read the results
$ curl https://api.a11yflow.dev/v1/scans/SCAN_ID
{
"score": 87,
"violations": 3,
"standard": "WCAG 2.2 AA"
}WCAG 2.2
Latest standard
<10s
Avg scan time
axe-core
Industry engine
REST
Simple JSON API
A11yFlow is a WCAG 2.2 accessibility scanning API for developers. You send any public URL to a REST endpoint and get back structured JSON: severity-ranked violations, the WCAG 2.2 success criteria each one breaks, plain-English remediation steps, and an overall accessibility score from 0 to 100. Scans run in real Chromium using the axe-core engine, so JavaScript-rendered pages are tested the way a browser sees them. Automated tools like this catch roughly 57% of accessibility issues by volume (Deque, 2021), which is why A11yFlow flags the rest for manual review instead of claiming full compliance. It exists because 94.8% of the top one million homepages still have detectable WCAG failures (WebAIM Million, 2025), and most are the structural problems an API can catch in a CI pipeline before they ship.
Most accessibility tools make you leave your editor, open a browser extension, and click through a UI. A11yFlow is different — submit any URL via API and get a WCAG 2.2 audit in seconds. We launch a real Chromium browser, execute your JavaScript, and run the axe-core rule set against the rendered page. Automated scanning catches around 57% of WCAG issues reliably — and we clearly flag the rest as items that need manual review, so nothing slips through the cracks.
POST /v1/scans
{
"url": "https://your-site.com",
"standard": "wcag22aa",
"options": {
"waitFor": "networkidle"
}
}// GET /v1/scans/:id
{
"status": "completed",
"summary": {
"violations": 3,
"passes": 42,
"incomplete": 1
},
"violations": [
{
"id": "color-contrast",
"impact": "serious",
"help": "Elements must meet minimum color contrast ratio"
}
]
}No more wading through vague warnings. Every scan returns a weighted accessibility score, violation counts by severity and category, contrast ratios down to the element, WCAG guideline references, and plain-English remediation guidance. Items that need manual review are returned separately as "incomplete" — so you know exactly what\'s been verified automatically and what still needs a human check. Everything arrives as clean JSON you can parse, store, or pipe straight into your issue tracker.
Before every release, know exactly where you stand. Get formatted reports that break violations down by severity — critical issues that block users entirely, serious ones that cause real difficulty, and minor ones you can schedule for later. Share reports with your team, attach them to pull requests, or wire them into your CI/CD pipeline to catch regressions before they ship.
// GET /v1/scans/:id/report
{
"summary": {
"totalViolations": 3,
"totalPasses": 42,
"critical": 0,
"serious": 2,
"moderate": 1,
"minor": 0
}
}Your API key is hashed before we store it — we never see the raw value after creation. Rate limiting protects your account and ours. Every request is logged so you can track usage. This isn't a side project with a toy API — it's production infrastructure you can trust with real traffic.
API keys are hashed before storage. Raw keys shown once at creation.
Per-minute sliding window + monthly fixed window. Tier-based quotas.
Standard Authorization header. Works with any HTTP client.
Every request logged with endpoint, status, and response time.
All inputs validated at the edge. Type-safe from request to response.
Secure headers, CORS configuration, and error sanitisation built in.
A11yFlow fits into whatever you already use — the terminal, your CI pipeline, or your AI coding assistant. One API, three ways in.
Scan from the terminal. Get results as tables, JSON, or plain-language explanations. No install needed — just npx.
$ npx @a11yflowdev/cli scan example.com
Score: 74/100 | 4 violations
critical button-name 2 el
serious color-contrast 5 el
serious label 1 el
moderate html-has-lang 1 elGive your AI agent accessibility superpowers. Works with Claude Code, Cursor, Windsurf, and any MCP-compatible client.
// .mcp.json
{
"mcpServers": {
"a11yflow": {
"command": "npx",
"args": ["@a11yflowdev/mcp"],
"env": {
"A11YFLOW_API_KEY": "sk_..."
}
}
}
}Block deployments that break accessibility. The --fail-on flag returns exit code 1 when violations exceed your threshold.
# GitHub Actions
- name: A11y scan
env:
A11YFLOW_API_KEY: ${{ secrets.KEY }}
run: |
npx @a11yflowdev/cli scan $URL \
--fail-on seriouscurl -X POST https://api.a11yflow.dev/v1/keys \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com"}'curl -X POST https://api.a11yflow.dev/v1/scans \
-H "Authorization: Bearer sk_live_your_key" \
-H "Content-Type: application/json" \
-d '{"url": "https://your-site.com"}'curl https://api.a11yflow.dev/v1/scans/SCAN_ID \
-H "Authorization: Bearer sk_live_your_key"Accessibility testing shouldn't cost a fortune or require a dedicated team. Most enterprise tools charge thousands per year and lock you into clunky dashboards. Credit-based APIs nickel-and-dime you for every scan and charge extra for detailed results. We think there's a better way.
One monthly price, all features included. No surprise bills, no paying extra for contrast data or XPath selectors. Every scan gives you everything.
A REST API that fits into your existing workflow — CI/CD pipelines, monitoring scripts, custom dashboards. No browser extensions or manual clicking required.
We scan the page your users actually see, after JavaScript has executed and CSS has loaded. Not a static HTML snapshot — the real, rendered page.
Every violation comes with a severity rating, the exact element that failed, the WCAG guideline it breaks, and a plain-English explanation of how to fix it.
Our pricing is on the website. No "contact sales" for basic features. No annual contracts. Start free, upgrade when you need more, downgrade if you don't.
Clean JSON responses, comprehensive API docs with code examples in cURL, JavaScript, and Python. Get your first scan result in under a minute.
No credit card required. No annual lock-in. Every plan includes the full feature set — score, contrast data, WCAG mappings, and more. The only difference is volume.
Try it out
For side projects
For growing teams
For organisations
Need more? Contact us for Enterprise pricing with unlimited scans and a dedicated SLA.
We support WCAG 2.0 Level A, AA, AAA, and WCAG 2.2 Level AA (the default and recommended standard). Our scanner uses axe-core, the industry-standard accessibility testing engine.
Most scans complete in 5–15 seconds depending on page complexity. We load the page in a real Chromium browser, wait for JavaScript to execute, then run the full axe-core audit.
A11yFlow helps you identify WCAG 2.2 AA violations, which is the standard referenced by the European Accessibility Act (EAA). Regular scanning helps demonstrate ongoing compliance efforts.
Not yet — authenticated page scanning is on our roadmap. Currently we scan publicly accessible URLs only.
We store only a SHA-256 hash of your API key. The raw key is shown once at creation time and cannot be retrieved later. This is the same approach used by Stripe, GitHub, and other major API providers.
Automated tools like axe-core can reliably catch around 57% of WCAG issues — things like missing alt text, insufficient colour contrast, broken ARIA attributes, missing form labels, and keyboard traps. The remaining issues (e.g. quality of alt text, logical reading order, cognitive load) require human judgement. A11yFlow flags these as "incomplete" items that need manual review, so you always know what's been checked and what still needs a human eye.
A11yFlow scans rendered HTML pages. It cannot scan PDFs, Word documents, native mobile apps, Canvas/WebGL content, or content inside cross-origin iframes. Pages behind authentication are not yet supported. Single-page apps are supported — we wait for JavaScript to finish rendering before scanning.
Enterprise plans include a 99.9% uptime SLA. Contact us for details on custom enterprise agreements.
DOJ delayed the Title II web deadline to 2027/2028, four days before it landed. But for 15+-employee HHS recipients, Section 504 already bit first anyway.
Federal website accessibility lawsuits jumped 27% to 3,117 in 2025. Six machine-detectable failures cause 96% of detected errors. What to fix first.
Pages using ARIA average 40.7% more accessibility errors than pages without it (WebAIM, 2026). Here are the eight mistakes behind it, with code to fix each.
95.9% of home pages fail WCAG, the first rise since 2020 (WebAIM, 2026). Every stat here is traced to a primary source, and five famous ones are debunked.
Automated tools catch 57% of accessibility issues by volume but only 13% of WCAG criteria with high accuracy (Deque; Accessible.org, 2025).
Six error types cause 96% of accessibility failures (WebAIM Million, 2026). Here is how to fix the 10 most common WCAG violations, with copy-paste code.
Over a billion people worldwide live with some form of disability. Accessibility isn't a nice-to-have — it's a legal requirement in most markets and, more importantly, the right thing to do. A11yFlow makes it easy to build accessible products from day one.