Scanner Methodology

Scans up to 10 pages using Puppeteer + axe-core to identify WCAG 2.2 Level AA violations. Checks include:

• Missing alt text on images
• Insufficient color contrast ratios
• Missing form labels and ARIA attributes
• Keyboard navigation failures
• Missing skip links and heading hierarchy
• Dynamic content (ARIA live regions, focus management)

Legal basis: ADA Title III (42 U.S.C. 12182). Over 4,000 digital accessibility lawsuits filed in federal courts in 2025.

Performs a single HTTP HEAD request to analyze response headers. Checks:

• HSTS (Strict-Transport-Security) for forced HTTPS
• Content-Security-Policy (CSP) to prevent XSS
• X-Frame-Options to prevent clickjacking
• X-Content-Type-Options for MIME sniffing prevention
• Referrer-Policy for data leakage control
• Permissions-Policy for feature access control

Legal basis: CCPA (Cal. Civ. Code 1798.150) - $100-$750 per consumer for data breaches enabled by missing security controls.

Fetches page source and analyzes for undisclosed tracking technologies:

• Meta Pixel (Facebook) without cookie consent
• Google Analytics without cookie consent banner
• Session replay tools (Hotjar, FullStory, Microsoft Clarity)
• Missing cookie consent mechanism
• Third-party advertising pixels

Legal basis: CIPA (Cal. Penal Code 631) - wiretapping lawsuits targeting websites with undisclosed tracking. $5K-$50K+ per plaintiff.

Scans HTML forms that collect phone numbers and checks for:

• Explicit TCPA consent language
• Required consent checkbox (not pre-checked)
• Opt-out mechanism disclosure
• Clear identification of who will be calling/texting

Legal basis: TCPA (47 U.S.C. 227) - $500-$1,500 per violation in statutory damages. Class action exposure can reach millions.