Skip to content

Accessibility (a11y) in Runet 2026

Key idea:

The measured data reveals several key findings: Sites without critical violations have a pass value of 27%, while the pass value for missing alt text on images is 62%. Additionally, the pass value for weak color contrast, which is below 4.5:1, stands at 58%. For missing ARIA landmarks, the pass value is 51%, and for form inputs without labels, it is 43%. Full tables are provided below on this page.

Below: key findings, platform breakdown, implications, methodology, FAQ.

Check your site's security →

Key Findings

MetricPass/ValueMedianp75
Sites without critical violations27%
Missing alt on images62%
Weak color contrast (<4.5:1)58%
Missing ARIA landmarks51%
Form inputs without labels43%
Keyboard navigation broken34%
Missing lang attribute on html11%
Skip-to-content link8%

Breakdown by Platform

PlatformShareDetail
Government (.gov.ru)10%a11y pass: 42%
E-commerce (retail)22%a11y pass: 18%
Banking / Fintech8%a11y pass: 38%
Media / news15%a11y pass: 24%
SaaS / tech12%a11y pass: 47%
Landing / marketing33%a11y pass: 22%

Why It Matters

  • Federal Law 181-FZ since 2023 requires accessibility for government and municipal sites. Fine up to ₽200k
  • Google ranks accessible sites higher (confirmed 2023). +5-10% rankings on accessibility
  • Business: 15% of Russian users have some disability — without a11y you lose that segment
  • Automated axe-core catches a significant portion of WCAG issues, but manual testing is necessary for the remaining violations.
  • Quick wins: alt for images (1 hour), semantic HTML (nav/main/article), ARIA labels on forms

Methodology

Top-500 Russian sites (SimilarWeb.ru). axe-core 4.x via Puppeteer. WCAG 2.2 AA rules. Classification by business type using meta keywords + HTML structure. Scan on publicly accessible pages (homepage + 3 top-linked).

TL;DR: Understanding Web Accessibility in Runet 2026

Web accessibility in Runet 2026 is crucial for ensuring compliance with WCAG 2.1 standards. Organizations should perform thorough WCAG audits to identify accessibility issues, focusing on areas such as keyboard navigation, screen reader compatibility, and color contrast ratios. Tools like Axe and Lighthouse can automate this process, enabling developers to achieve a minimum conformance level of AA. For example, ensuring all images have alt text is a key requirement.

Conducting a WCAG Audit: Best Practices and Tools

To ensure compliance with WCAG 2.1 standards, a systematic approach to auditing web accessibility is essential. This section outlines the practical steps and tools necessary for a comprehensive WCAG audit.

1. Understanding WCAG 2.1 Guidelines

WCAG 2.1 is divided into four principles: Perceivable, Operable, Understandable, and Robust (POUR). Each principle has specific criteria that web content must meet to be considered accessible.

2. Preparing for the Audit

Before beginning the audit, gather the following:

  • Website Inventory: List all pages, forms, and interactive elements.
  • Accessibility Guidelines: Familiarize yourself with WCAG 2.1 criteria.
  • Tools: Select appropriate auditing tools such as Axe, Lighthouse, and WAVE.

3. Automated Testing with Tools

Start the audit with automated tools to identify common issues. For instance, using npm install -g axe-cli allows you to run accessibility tests directly from the command line. Here's a sample command:

axe  --save 

This command scans the specified URL and saves the results in JSON format, which can then be analyzed for violations.

4. Manual Testing Techniques

While automated tools are effective, manual testing is crucial for identifying issues that tools may miss. Here are key manual testing techniques:

  1. Keyboard Navigation: Ensure all interactive elements are accessible via keyboard (Tab, Enter, Space).
  2. Screen Reader Compatibility: Test with popular screen readers like NVDA or JAWS to ensure content is read correctly.
  3. Color Contrast: Use tools like the Color Contrast Analyzer to check that text meets the required contrast ratio of 4.5:1 for regular text and 3:1 for large text.

5. Documenting Findings

As you identify accessibility issues, document your findings clearly. Use a structured format that includes:

  • Issue Description: Clearly state what the issue is.
  • WCAG Criterion: Reference the specific WCAG criterion that the issue violates.
  • Recommended Fix: Provide actionable steps to resolve the issue.

6. Remediation Strategies

After documenting issues, prioritize them based on impact and effort required for remediation. Focus on critical issues that affect user experience, such as:

  • Missing Alt Text: Ensure all images have descriptive alt attributes.
  • Inaccessible Forms: Label all form elements clearly and ensure they are navigable via keyboard.

7. Continuous Monitoring and Improvement

Accessibility is not a one-time effort. Establish continuous monitoring processes by integrating accessibility checks into your development workflow. This can include:

  • CI/CD Integration: Use tools like Pa11y in your CI/CD pipeline to catch accessibility issues early.
  • User Testing: Conduct regular user testing with individuals who have disabilities to gather feedback.

By following these practices and leveraging both automated and manual testing methods, organizations can ensure that their web content is accessible to all users, as a significant percentage of sites currently face various accessibility challenges. For instance, many sites have issues such as missing alt text on images, weak color contrast, and missing ARIA landmarks. Additionally, a notable portion of form inputs lack proper labels, and keyboard navigation is often broken. Addressing these issues is crucial for aligning with accessibility standards and enhancing overall user experience.

HeadersCSP, HSTS, X-Frame-Options, etc.
SSL/TLSEncryption and certificate
ConfigurationServer settings and leaks
Grade A-FOverall security score

Why teams trust us

OWASP
guidelines
15+
security headers
<2s
result
A–F
security grade

How it works

1

Enter site URL

2

Security headers analyzed

3

Get grade A–F

What Does the Security Analysis Check?

The tool checks HTTP security headers, SSL/TLS configuration, server info leaks, and protection against common attacks (XSS, clickjacking, MIME sniffing). A grade fromA to F shows overall security level.

Header Analysis

Checking Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and more.

SSL Check

TLS version, certificate expiry, chain of trust, HSTS support.

Leak Detection

Finding exposed server versions, debug modes, open configs, and directories.

Report with Recommendations

Detailed report explaining each issue with specific steps to fix it.

Who uses this

Security teams

HTTP header audit

DevOps

config verification

Developers

CSP & HSTS setup

Auditors

compliance checks

Common Mistakes

Missing Content-Security-PolicyCSP is the primary XSS defense. Without it, script injection is much easier.
Missing HSTS headerWithout HSTS, HTTPS-to-HTTP downgrade attacks are possible. Enable Strict-Transport-Security.
Server header exposes versionServer: Apache/2.4.52 helps attackers find exploits. Hide the version.
X-Frame-Options not setSite can be embedded in iframe for clickjacking. Set DENY or SAMEORIGIN.
Missing X-Content-Type-OptionsWithout nosniff, browsers may misinterpret file types (MIME sniffing).

Best Practices

Start with basic headersMinimum: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy. Takes 5 minutes.
Implement CSP graduallyStart with Content-Security-Policy-Report-Only, monitor violations, then enforce.
Hide server headersRemove Server, X-Powered-By, X-AspNet-Version from responses.
Configure Permissions-PolicyRestrict camera, microphone, geolocation access — only what is actually used.
Check after every deploySecurity headers can be overwritten during server configuration updates.

Get more with a free account

Security check history and HTTP security header monitoring.

Sign up free

Learn more

Frequently Asked Questions

How to check my own site?

Chrome DevTools → Lighthouse → Accessibility report. Or <a href="/en/security">Enterno Security Scanner</a> includes basic a11y checks (Pro: full axe-core).

WCAG 2.2 vs 2.1 — difference?

WCAG 2.2 added 9 new success criteria (Oct 2023): focus appearance, dragging movements, target size, consistent help. Backwards-compatible with 2.1.

Are fines actually applied?

For gov sector — yes, often a prosecutor notifies the Ministry. Private business — rarely, but risk exists via Rospotrebnadzor (consumer protection).

Quick wins for low-effort compliance?

1) alt on images. 2) Semantic HTML (nav/main/article instead of div). 3) aria-label on icon buttons. 4) Color contrast check via WebAIM. These 4 close ~60% of automated violations.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.