Field guide · Accessibility audit operations
How to create a website scoping report
A credible scope separates the complete public inventory from the representative manual audit sample. This workflow shows how to discover, qualify, preserve and deliver both without overstating what automation proved.
- Method
- 6 evidence gates
- Updated
Before discovery
Define what “the website” means.
Website boundaries are business decisions before they become crawler settings. A corporate root, support subdomain, checkout host and careers platform may look like one experience to a customer while being owned by different teams and technologies.
Record which hosts, paths, locales, documents and public applications belong in the engagement. Keep authenticated journeys separate unless the statement of work includes test credentials and the capture process has appropriate privacy controls.
The key distinction
Complete website inventory describes coverage. Representative manual sampling describes audit effort. One should not be disguised as the other.
The method
Six gates between a domain and a deliverable scope.
- 01
Define the public boundary
Write down the canonical domain, included subdomains, allowed public paths and known exclusions. Decide how redirects, documents, localized pages and campaign hosts should be treated before discovery starts.
Output: a written inclusion and exclusion rule
- 02
Run complete discovery
Use sitemap documents and same-site link traversal together. Normalize canonical URLs, follow permitted redirects and retain blocked, failed or unsupported resources in the inventory with their outcome.
Output: a canonical, reconciled URL inventory
- 03
Qualify the coverage
Confirm the crawler did not stop at a page cap, timeout or unresolved discovery state. If the boundary cannot be proven, label the result as partial and resolve the gap before presenting it as full scope.
Output: complete coverage or an explicit limitation
- 04
Preserve page-level evidence
Capture rendered HTML, the corresponding archived CSS, desktop and mobile screenshots, final URL, status, metadata and automated accessibility results. Keep each page independently retryable.
Output: one evidence manifest per in-scope URL
- 05
Group representative templates
Cluster pages by stable structure rather than by URL naming alone. Select representative pages for manual testing while keeping every discovered page visible in the complete inventory.
Output: explainable template families and samples
- 06
Reconcile and deliver the report
Verify that dashboard totals, exports and client views agree. Explain failures, exclusions, automation limits and retention. Deliver the scoped link to the correct client contact with clear next actions.
Output: an auditable scope ready for estimation
Scope acceptance checklist
Review before you send.
The report is ready when its boundary, evidence and delivery controls agree—not merely when the crawler stops.
- Canonical site root and included hosts are recorded
- Discovery completed without a page cap or unresolved limit
- Redirects, blocked pages and failures remain in the totals
- Every successful page has HTML, CSS and viewport evidence
- Automated findings are labelled as evidence, not conformance
- Template families have explainable representative pages
- On-screen, CSV and JSON totals reconcile
- Client access is scoped, time-limited and revocable
What the client should receive
A scope they can inspect, not a number they must trust.
Coverage summary
Root, hosts, capture window, total URLs and every limitation.
Searchable inventory
Canonical URL, title, template, status and accessibility severity.
Archived evidence
Safe replay plus desktop and mobile captures for each successful page.
Audit planning evidence
Automated findings and representative templates without a conformance claim.
Reconciled exports
Accessible report and complete CSV and JSON inventories.
Controlled access
One report-scoped link for the eligible client contact.
FAQ
Scoping decisions that need a human
- How many pages should an accessibility audit include?
- The complete inventory and the manual audit sample are different things. Preserve every in-scope public URL, then use templates, critical user journeys, content types, technologies and risk to choose a representative manual sample. Do not hide unsampled pages from the scope record.
- Is sitemap.xml enough to define the website scope?
- Not by itself. Sitemaps can be incomplete, stale or omit orphaned-but-linked pages. Combine sitemap discovery with same-site link traversal, canonical handling and explicit exclusions, then record the discovery evidence used to qualify coverage.
- Should login and authenticated pages be included?
- Not in a public-site capture unless a separate authenticated methodology and authorization are established. Record those surfaces as excluded or outside the public boundary, then scope them as a distinct engagement with appropriate test accounts and privacy controls.
- When should the website be scoped again?
- Create another snapshot after a redesign, migration, major release, CMS or component-library change, material content expansion or accessibility remediation cycle. Comparing completed scopes shows how the inventory, templates and automated risk moved.
Use the method