Skip to main content

Field guide · Accessibility audit operations

How to create a website scoping report

A credible scope separates the complete public inventory from the representative manual audit sample. This workflow shows how to discover, qualify, preserve and deliver both without overstating what automation proved.

Method
6 evidence gates
Updated

Before discovery

Define what “the website” means.

Website boundaries are business decisions before they become crawler settings. A corporate root, support subdomain, checkout host and careers platform may look like one experience to a customer while being owned by different teams and technologies.

Record which hosts, paths, locales, documents and public applications belong in the engagement. Keep authenticated journeys separate unless the statement of work includes test credentials and the capture process has appropriate privacy controls.

The key distinction

Complete website inventory describes coverage. Representative manual sampling describes audit effort. One should not be disguised as the other.

The method

Six gates between a domain and a deliverable scope.

  1. 01

    Define the public boundary

    Write down the canonical domain, included subdomains, allowed public paths and known exclusions. Decide how redirects, documents, localized pages and campaign hosts should be treated before discovery starts.

    Output: a written inclusion and exclusion rule

  2. 02

    Run complete discovery

    Use sitemap documents and same-site link traversal together. Normalize canonical URLs, follow permitted redirects and retain blocked, failed or unsupported resources in the inventory with their outcome.

    Output: a canonical, reconciled URL inventory

  3. 03

    Qualify the coverage

    Confirm the crawler did not stop at a page cap, timeout or unresolved discovery state. If the boundary cannot be proven, label the result as partial and resolve the gap before presenting it as full scope.

    Output: complete coverage or an explicit limitation

  4. 04

    Preserve page-level evidence

    Capture rendered HTML, the corresponding archived CSS, desktop and mobile screenshots, final URL, status, metadata and automated accessibility results. Keep each page independently retryable.

    Output: one evidence manifest per in-scope URL

  5. 05

    Group representative templates

    Cluster pages by stable structure rather than by URL naming alone. Select representative pages for manual testing while keeping every discovered page visible in the complete inventory.

    Output: explainable template families and samples

  6. 06

    Reconcile and deliver the report

    Verify that dashboard totals, exports and client views agree. Explain failures, exclusions, automation limits and retention. Deliver the scoped link to the correct client contact with clear next actions.

    Output: an auditable scope ready for estimation

Scope acceptance checklist

Review before you send.

The report is ready when its boundary, evidence and delivery controls agree—not merely when the crawler stops.

  • Canonical site root and included hosts are recorded
  • Discovery completed without a page cap or unresolved limit
  • Redirects, blocked pages and failures remain in the totals
  • Every successful page has HTML, CSS and viewport evidence
  • Automated findings are labelled as evidence, not conformance
  • Template families have explainable representative pages
  • On-screen, CSV and JSON totals reconcile
  • Client access is scoped, time-limited and revocable

What the client should receive

A scope they can inspect, not a number they must trust.

Coverage summary

Root, hosts, capture window, total URLs and every limitation.

Searchable inventory

Canonical URL, title, template, status and accessibility severity.

Archived evidence

Safe replay plus desktop and mobile captures for each successful page.

Audit planning evidence

Automated findings and representative templates without a conformance claim.

Reconciled exports

Accessible report and complete CSV and JSON inventories.

Controlled access

One report-scoped link for the eligible client contact.

FAQ

Scoping decisions that need a human

How many pages should an accessibility audit include?
The complete inventory and the manual audit sample are different things. Preserve every in-scope public URL, then use templates, critical user journeys, content types, technologies and risk to choose a representative manual sample. Do not hide unsampled pages from the scope record.
Is sitemap.xml enough to define the website scope?
Not by itself. Sitemaps can be incomplete, stale or omit orphaned-but-linked pages. Combine sitemap discovery with same-site link traversal, canonical handling and explicit exclusions, then record the discovery evidence used to qualify coverage.
Should login and authenticated pages be included?
Not in a public-site capture unless a separate authenticated methodology and authorization are established. Record those surfaces as excluded or outside the public boundary, then scope them as a distinct engagement with appropriate test accounts and privacy controls.
When should the website be scoped again?
Create another snapshot after a redesign, migration, major release, CMS or component-library change, material content expansion or accessibility remediation cycle. Comparing completed scopes shows how the inventory, templates and automated risk moved.

Use the method

Create the evidence set before the estimate.

Generate scoping report