axe-core WCAG Audit Guide: What It Tests, What It Misses, and How to Use It

axe-core is the open-source WCAG accessibility testing engine developed by Deque Systems. It is used by Microsoft Accessibility Insights, Google Lighthouse, GitHub's CI pipeline, and the BBC — and it is the engine that powers AccessBinder audits. Understanding what it tests and what it cannot detect will help you interpret your audit results and prioritize remediation.

What axe-core is

axe-core is a JavaScript library that runs in a browser context (or via Playwright/Puppeteer headlessly) and evaluates the current DOM against a set of rules derived from WCAG 2.1 and 2.2 success criteria. It reports violations with four impact levels:

• critical — Blocks assistive technology from functioning (e.g., a form input with no label at all)
• serious — Serious barrier to accessibility (e.g., insufficient color contrast on body text)
• moderate — Barrier with partial workaround (e.g., an icon button whose purpose can sometimes be inferred)
• minor — Minor deviation from best practice (e.g., redundant role attribute)

What axe-core detects automatically

axe-core can reliably detect approximately 30–40% of WCAG violations automatically. These are the "mechanical" violations — ones that can be determined from DOM structure without human judgment:

• Images with missing or empty alt attributes (WCAG 1.1.1)
• Form inputs without associated <label> elements or aria-label (WCAG 1.3.1, 4.1.2)
• Color contrast failures for text on backgrounds (WCAG 1.4.3, 1.4.6, 1.4.11)
• Missing document language (<html lang="en">) (WCAG 3.1.1)
• Duplicate IDs on interactive elements (WCAG 4.1.1)
• ARIA attribute violations (invalid values, roles used on wrong elements) (WCAG 4.1.2)
• Page title missing (WCAG 2.4.2)
• Landmark regions missing or duplicated (WCAG 1.3.6)
• Keyboard focus order issues detectable from DOM order (WCAG 1.3.2)
• Interactive elements with insufficient target size <24px (WCAG 2.5.8)
• Focus-not-obscured detectable via CSS overlap (WCAG 2.4.11)
• reCAPTCHA v2 detection (WCAG 3.3.8)

What axe-core cannot detect

The 60–70% that requires human evaluation includes:

• Meaningful alternative text quality — axe-core can detect a missing alt, but it cannot judge whether "image-1234.jpg" is a meaningful alternative for a product photo
• Reading order logic — DOM order may differ from visual order in ways that only a human reader can evaluate
• Language changes within page — a French product description on an English page without lang="fr" (WCAG 3.1.2)
• Keyboard traps — these require interactive keyboard testing
• Complex ARIA patterns — a carousel or data table may have syntactically valid ARIA but semantically incorrect roles
• Cognitive accessibility — readability, plain language, consistent navigation (WCAG 3.2.3) when layout changes are subtle
• Error identification quality — can detect missing error messages, not whether the message clearly explains the error
• Video captions quality — can detect absent captions (WCAG 1.2.2), not whether captions are accurate

How AccessBinder uses axe-core

AccessBinder runs Playwright headlessly to load each of your store's pages (product pages, category pages, homepage, cart, checkout where accessible), then:

1. Injects axe-core into the page context
2. Runs axe.run({ runOnly: ['wcag22aa'] }) — explicitly targeting WCAG 2.2 Level AA
3. Captures a screenshot of any element with a critical or serious violation (Pro/Defense plans)
4. Stores the full axe-core result (violations, nodes, CSS selectors, help URLs) in the database
5. Generates a dated PDF with every violation grouped by URL and impact level
6. SHA-256 fingerprints the PDF to create an immutable evidence record

Why WCAG 2.2 specifically

Running runOnly: ['wcag2aa'] (without the "2" version specifier) defaults to WCAG 2.1 in most axe-core versions. Explicitly targeting wcag22aa ensures the 9 new WCAG 2.2 success criteria (including 2.5.8 Target Size, 2.4.11 Focus Not Obscured, 3.3.8 Accessible Authentication) are evaluated. Courts in ADA litigation and EAA enforcement bodies are increasingly citing 2.2 as the current standard — your audit tool should match.

Running axe-core yourself (browser extension)

The fastest way to audit a single page is the axe DevTools browser extension (Chrome/Firefox). Install it, open DevTools, and run Scan Page. The free version uses axe-core and detects the same violations as our engine on a single page.

For multi-page, scheduled audits with immutable storage — which is what you need for legal evidence — a manual browser extension scan is not sufficient. You need a dated, reproducible process that runs on a schedule and stores fingerprinted reports.