SAMPLE REPORTThis is a representative example of a CertusAudit full compliance report for a mid-size city website.

CertusAudit — Full Compliance Report

Website Accessibility & Compliance Audit

cityofexample.gov · Audited March 2026

Standards

WCAG 2.1 AA · Section 508 · ADA Title II

Pages Scanned

47 pages

Issues Found

23 issues

out of 100

FAIL — Non-Compliant

Score Breakdown

Accessibility

35%

Critical Gap

Structure

20%

Needs Work

Security

15%

Needs Work

Visibility

12%

Needs Work

Content

10%

Needs Work

Privacy

Critical Gap

Executive Summary

This site does not currently meet ADA Title II requirements

The audit identified 7 critical failures and 16 additional issues across WCAG 2.1 AA, Section 508, and security standards. 3 critical failures (missing alt text, unlabeled form fields, keyboard navigation trap) are the most common triggers for DOJ enforcement letters and resident complaints under Title II.

With the April 24, 2026 Wave 1 deadline applying to jurisdictions serving 50,000+ population, immediate remediation is recommended. The Priority Fix Roadmap below identifies 4 low-effort fixes that can be completed within one week and will resolve 60% of the compliance gap.

7 Issues — Full Detail with Regulatory Citations

Every finding includes the specific WCAG success criterion, legal citation, impact analysis, and recommended fix.

criticalAccessibilityWCAG 2.1 SC 1.1.1 (Level A)

Images missing alternative text

Effort: low

14 images across 6 pages have no alt attribute or an empty alt attribute that is not intentional. Screen reader users cannot perceive the content of these images.

Compliance impact

Violates ADA Title II WCAG 2.1 AA mandate. DOJ enforcement letters typically cite 1.1.1 failures first. This finding alone constitutes non-compliance under the April 24, 2026 rule.

Recommended fix

Add descriptive alt attributes to all informational images. For decorative images, use alt="" (empty string). Priority pages: homepage hero, news section images, department logos.

Citation: 28 C.F.R. § 35.200; DOJ Final Rule (Apr 2024) — 89 Fed. Reg. 31320

criticalAccessibilityWCAG 2.1 SC 1.4.3 (Level AA)

Insufficient color contrast on primary navigation

Effort: low

Navigation link text (#999999 on #ffffff background) has a contrast ratio of 2.85:1. WCAG 2.1 AA requires a minimum ratio of 4.5:1 for normal text.

Compliance impact

Affects users with low vision and color deficiencies — estimated 8% of the population. Navigation is the primary means of site access. Failure here affects every page visit.

Recommended fix

Change navigation link color to #595959 or darker on white backgrounds to achieve minimum 7:1 contrast. Retest with WebAIM Contrast Checker after update.

Citation: WCAG 2.1 SC 1.4.3; Section 508 § 1194.22(c)

criticalAccessibilityWCAG 2.1 SC 1.3.1, 3.3.2 (Level A/AA)

Form fields missing programmatic labels

Effort: low

The public comment submission form and permit application form have 8 input fields with no associated <label> element. Visual placeholder text disappears on focus and is not accessible to screen readers.

Compliance impact

Keyboard-only and screen reader users cannot complete these forms. Public comment and permit submission are core government services — inaccessibility here triggers DOJ enforcement under Title II.

Recommended fix

Add <label for="fieldId"> elements to all form inputs. Do not use placeholder as a substitute for labels. Add aria-describedby for helper text.

Citation: 28 C.F.R. § 35.160; WCAG 2.1 SC 3.3.2

highAccessibilityWCAG 2.1 SC 1.1.1, 1.3.1 (Level A)

PDF documents are not accessible

Effort: medium

11 PDF documents linked from the site (meeting agendas, budget documents, ordinances) are scanned images with no text layer. Screen readers receive no content.

Compliance impact

Residents who are blind cannot access public meeting agendas, budget documents, or municipal ordinances — all public records. This is a pattern of systematic exclusion under Title II.

Recommended fix

Run PDFs through Adobe Acrobat's accessibility check. For scanned documents, use OCR to create a text layer, then tag the document structure (headings, lists, tables). Alternatively, provide an accessible HTML version alongside each PDF.

Citation: 28 C.F.R. § 35.200; DOJ Guidance on Web Accessibility (Mar 2022)

highAccessibilityWCAG 2.1 SC 2.1.2 (Level A)

Keyboard navigation trap in modal dialogs

Effort: medium

The emergency alert banner modal and the contact form overlay trap keyboard focus. Users cannot tab out of these dialogs and cannot close them without a mouse.

Compliance impact

Keyboard-only users (which includes many users with motor disabilities) are completely trapped on these interactive elements, effectively preventing site use.

Recommended fix

Implement focus management: on modal open, move focus to the dialog container. Trap focus within the dialog while open. On Escape or close button, return focus to the triggering element.

Citation: WCAG 2.1 SC 2.1.2; ARIA Authoring Practices Guide — Dialog Pattern

mediumStructureWCAG 2.1 SC 1.3.1 (Level A)

Heading hierarchy skips levels on interior pages

Effort: low

Interior department pages jump from <h1> to <h4> without <h2> or <h3> in between. This breaks the document outline used by screen reader navigation.

Compliance impact

Screen reader users rely on heading navigation to scan long pages. A broken hierarchy forces linear reading of all content.

Recommended fix

Audit and correct heading structure across all interior pages. The pattern should be: H1 (page title) → H2 (major sections) → H3 (subsections). Never skip levels for visual styling purposes.

Citation: WCAG 2.1 SC 1.3.1

mediumVisibilityCMMC Level 1 / NIST SP 800-53

Missing HTTPS security and HSTS header

Effort: low

The site serves content over HTTP on several subdomain paths. The Strict-Transport-Security (HSTS) header is not set, allowing downgrade attacks.

Compliance impact

For sites processing public contact forms or permit applications, lack of HTTPS exposes resident data. Federal grant compliance (FTA, HUD, FEMA) requires secure transmission of any PII.

Recommended fix

Force HTTPS redirect at the server level. Add: Strict-Transport-Security: max-age=31536000; includeSubDomains to all responses. Verify with securityheaders.com.

Citation: NIST SP 800-53 SC-8; OMB M-22-09

mediumAccessibilitySkip navigation link missing

mediumPrivacyCookie consent banner not accessible

mediumStructurePage titles not unique across sections

lowAccessibilityFocus indicators suppressed in CSS

lowSecurityX-Frame-Options header not set

📋

16 more findings in the full report

Includes remediation roadmap, priority fix order, and PDF for legal review

Order Full Report — $299

Priority Fix Roadmap

Issues ordered by compliance impact and implementation effort. Start here.

Add alt text to all images

Est. 4 hours

Quick Win

Fix navigation color contrast

Est. 1 hour

Quick Win

Add labels to all form fields

Est. 1 day

Quick Win

Fix keyboard trap in modals

Est. 2–3 days

1–2 Weeks

Remediate PDF documents (11 docs)

Est. 1–2 weeks

Strategic

Ready for your report?

Order your compliance report today

Full report delivered within 24 hours. Includes every finding with regulatory citations, your priority remediation roadmap, and a shareable PDF for legal review.

Order Full Report — $299 Run Free Scan First

One-time payment · Delivered within 24 hours · No subscription required