Accessibility (a11y) in Runet 2026
Enterno.io ran automated WCAG 2.2 AA audit (axe-core) for the top 500 Russian sites (March 2026). Only 27% pass without critical violations. Most common issues: missing alt on images (62%), weak color contrast (58%), missing ARIA landmarks (51%), form inputs without labels (43%). Fines under Federal Law 181-FZ (accessibility for disabled) are possible for gov sector and large businesses.
Below: key findings, platform breakdown, implications, methodology, FAQ.
Key Findings
| Metric | Pass/Value | Median | p75 |
|---|---|---|---|
| Sites without critical violations | 27% | — | — |
| Missing alt on images | 62% | — | — |
| Weak color contrast (<4.5:1) | 58% | — | — |
| Missing ARIA landmarks | 51% | — | — |
| Form inputs without labels | 43% | — | — |
| Keyboard navigation broken | 34% | — | — |
| Missing lang attribute on html | 11% | — | — |
| Skip-to-content link | 8% | — | — |
Breakdown by Platform
| Platform | Share | Detail | — |
|---|---|---|---|
| Government (.gov.ru) | 10% | a11y pass: 42% | — |
| E-commerce (retail) | 22% | a11y pass: 18% | — |
| Banking / Fintech | 8% | a11y pass: 38% | — |
| Media / news | 15% | a11y pass: 24% | — |
| SaaS / tech | 12% | a11y pass: 47% | — |
| Landing / marketing | 33% | a11y pass: 22% | — |
Why It Matters
- Federal Law 181-FZ since 2023 requires accessibility for government and municipal sites. Fine up to ₽200k
- Google ranks accessible sites higher (confirmed 2023). +5-10% rankings on accessibility
- Business: 15% of Russian users have some disability — without a11y you lose that segment
- Automated axe-core catches 30-40% of WCAG issues, manual testing is required for the rest
- Quick wins: alt for images (1 hour), semantic HTML (nav/main/article), ARIA labels on forms
Methodology
Top-500 Russian sites (SimilarWeb.ru). axe-core 4.x via Puppeteer. WCAG 2.2 AA rules. Classification by business type using meta keywords + HTML structure. Scan on publicly accessible pages (homepage + 3 top-linked).
Why teams trust us
How it works
Enter site URL
Security headers analyzed
Get grade A–F
What Does the Security Analysis Check?
The tool checks HTTP security headers, SSL/TLS configuration, server info leaks, and protection against common attacks (XSS, clickjacking, MIME sniffing). A grade fromA to F shows overall security level.
Header Analysis
Checking Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and more.
SSL Check
TLS version, certificate expiry, chain of trust, HSTS support.
Leak Detection
Finding exposed server versions, debug modes, open configs, and directories.
Report with Recommendations
Detailed report explaining each issue with specific steps to fix it.
Who uses this
Security teams
HTTP header audit
DevOps
config verification
Developers
CSP & HSTS setup
Auditors
compliance checks
Common Mistakes
Strict-Transport-Security.Server: Apache/2.4.52 helps attackers find exploits. Hide the version.DENY or SAMEORIGIN.nosniff, browsers may misinterpret file types (MIME sniffing).Best Practices
Content-Security-Policy-Report-Only, monitor violations, then enforce.Server, X-Powered-By, X-AspNet-Version from responses.Get more with a free account
Security check history and HTTP security header monitoring.
Sign up freeLearn more
Frequently Asked Questions
How to check my own site?
Chrome DevTools → Lighthouse → Accessibility report. Or <a href="/en/security">Enterno Security Scanner</a> includes basic a11y checks (Pro: full axe-core).
WCAG 2.2 vs 2.1 — difference?
WCAG 2.2 added 9 new success criteria (Oct 2023): focus appearance, dragging movements, target size, consistent help. Backwards-compatible with 2.1.
Are fines actually applied?
For gov sector — yes, often a prosecutor notifies the Ministry. Private business — rarely, but risk exists via Rospotrebnadzor (consumer protection).
Quick wins for low-effort compliance?
1) alt on images. 2) Semantic HTML (nav/main/article instead of div). 3) aria-label on icon buttons. 4) Color contrast check via WebAIM. These 4 close ~60% of automated violations.