Accessibility
· 13 checks — Landmarks, headings, alt text, forms, and link quality rolled into one auditable list.FAlt Text QualityAction4 of 18 images have issuesFIX
| Issue | Count |
|---|---|
| missing | 4 image(s) |
| too long | 1 image(s) |
Images without alt text are invisible to screen readers.
Each image without alt text is a WCAG 1.1.1 failure — invisible to screen-reader users, lost from Google Image Search.
Learn more ▾ ▴
WCAG 2.1 Level A requires text alternatives for non-decorative images. Empty alt='' is fine for decorative; meaningful images need descriptive text. Common fixes: CMS audit + bulk add, build-time linter (alt-text-required ESLint rule), CI gate on Lighthouse a11y score.
Source: WCAG 2.1 SC 1.1.1 / WebAIM Million Report
An image inside a link with no alt creates an empty link.
Image-only links with no alt create empty links — screen-reader users hear 'link' with no destination context.
Learn more ▾ ▴
An <a><img></a> with no img alt is the worst-case for accessibility: AT announces the link but can't describe where it goes. Either add alt to the image OR add aria-label to the link.
Source: WCAG 2.1 SC 2.4.4
FFavicon & BrandingAction1 icon(s) detectedFIX
DWeb ManifestActionNot foundFIX
No web manifest found.
DDark Mode SupportActionNo dark mode signalsFIX
Detection limited to meta tags and inline styles.
DPrint StylesheetActionNo print stylesFIX
BLandmark Structure31 landmarksREVIEW
Multiple navigations need aria-label to distinguish them for screen readers.
Some <nav> elements lack aria-label — screen-reader users hear 'navigation' multiple times with no way to distinguish them.
Learn more ▾ ▴
When a page has multiple <nav> regions (primary, footer, breadcrumb), each needs aria-label or aria-labelledby. AT users navigate by landmark; identical 'navigation' announcements force them to enter each one to discover purpose.
Source: WAI-ARIA Authoring Practices
Add a skip link as the first focusable element so keyboard users can bypass repeated navigation.
Without a skip-nav link, keyboard users tab through every nav item before reaching content — every page, every visit.
Learn more ▾ ▴
WCAG 2.4.1 (Bypass Blocks) requires a mechanism to skip past repeated content. The standard implementation is a 'Skip to main content' link that's the first focusable element, visually hidden until focused. Three lines of HTML + four of CSS.
Source: WCAG 2.1 SC 2.4.1
BHeading Hierarchy11 headingsREVIEW
- H2 ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
- H2 Patch Tuesday, April 2026 Edition
- H2 Russia Hacked Routers to Steal Microsoft Office Tokens
- H2 Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
- H2 ‘CanisterWorm’ Springs Wiper Attack Targeting Iran
- H2 Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
- H2 Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
- H2 Microsoft Patch Tuesday, March 2026 Edition
- H2 How AI Assistants are Moving the Security Goalposts
- H2 WHEN AI INSTALLS AI
- H2 Who is the Kimwolf Botmaster “Dort”?
Every page should have one H1 that describes the page content.
No H1 means screen-reader users can't identify the page's primary topic, and Google's content-extraction degrades.
Learn more ▾ ▴
The H1 is the document title for assistive tech and a strong signal to search engines about page topic. Pages without one force screen readers to fall back to the <title> attribute or page chrome. Add a single H1 that names the page's primary subject.
Source: WCAG 2.4.6 / Google Search Central
CLink & Button QualityAction12 issue(s) across 123 links and 1 buttonsREVIEW
| Element | Text | Issue | Suggested Fix |
|---|---|---|---|
| https://www.doppel.com/?utm_source=krebs… | (empty) | empty | Add link text or aria-label |
| https://www.doppel.com/?utm_source=krebs… | (empty) | empty | Add link text or aria-label |
| http://twitter.com/briankrebs | (empty) | empty | Add link text or aria-label |
| https://krebsonsecurity.com/feed/ | (empty) | empty | Add link text or aria-label |
| https://www.linkedin.com/in/bkrebs/ | (empty) | empty | Add link text or aria-label |
| http://twitter.com/briankrebs | (empty) | empty | Add link text or aria-label |
| https://krebsonsecurity.com/feed/ | (empty) | empty | Add link text or aria-label |
| https://www.linkedin.com/in/bkrebs/ | (empty) | empty | Add link text or aria-label |
| https://krebsonsecurity.com/category/sim… | SIM-swapping attacks | new tab | Add '(opens in new tab)' to text |
| https://www.justice.gov/usao-cdca/pr/bri… | said | new tab | Add '(opens in new tab)' to text |
| https://www.doppel.com/?utm_source=krebs… | (empty) | empty | Add link text or aria-label |
| https://msrc.microsoft.com/update-guide/… | CVE-2026-32201 | new tab | Add '(opens in new tab)' to text |
| https://msrc.microsoft.com/update-guide/… | CVE-2026-33825 | new tab | Add '(opens in new tab)' to text |
| https://www.bleepingcomputer.com/news/se… | published exploit code for it | new tab | Add '(opens in new tab)' to text |
| https://infosec.exchange/@wdormann/11640… | confirmed | new tab | Add '(opens in new tab)' to text |
| https://www.microsoft.com/en-us/security… | a blog post | new tab | Add '(opens in new tab)' to text |
| https://attack.mitre.org/groups/G0007/ | APT28 | new tab | Add '(opens in new tab)' to text |
| https://www.lumen.com/blog-and-news/en-u… | new report | new tab | Add '(opens in new tab)' to text |
| https://www.ncsc.gov.uk/news/apt28-explo… | a new advisory | new tab | Add '(opens in new tab)' to text |
| https://learn.microsoft.com/en-us/entra/… | OAuth authentication tokens | new tab | Add '(opens in new tab)' to text |
| https://www.bka.de/DE/IhreSicherheit/Fah… | an advisory | new tab | Add '(opens in new tab)' to text |
| https://krebsonsecurity.com/wp-content/u… | Feb. 2023 filing | new tab | Add '(opens in new tab)' to text |
| https://krebsonsecurity.com/2019/07/whos… | announced | new tab | Add '(opens in new tab)' to text |
| https://krebsonsecurity.com/2019/07/is-r… | had concluded | new tab | Add '(opens in new tab)' to text |
| https://therecord.media/i-scrounged-thro… | an interview | new tab | Add '(opens in new tab)' to text |
| https://flare.io/learn/resources/blog/te… | wrote | new tab | Add '(opens in new tab)' to text |
| https://github.com/aquasecurity/trivy/di… | removed | new tab | Add '(opens in new tab)' to text |
| https://www.wiz.io/blog/trivy-compromise… | notes | new tab | Add '(opens in new tab)' to text |
| https://www.aikido.dev/blog/teampcp-stag… | a blog post | new tab | Add '(opens in new tab)' to text |
| https://www.justice.gov/usao-ak/pr/autho… | said | new tab | Add '(opens in new tab)' to text |
| https://www.nytimes.com/2026/03/11/us/po… | reports | new tab | Add '(opens in new tab)' to text |
| https://unit42.paloaltonetworks.com/iran… | profiled | new tab | Add '(opens in new tab)' to text |
| https://malpedia.caad.fkie.fraunhofer.de… | Void Manticore | new tab | Add '(opens in new tab)' to text |
| https://www.irishexaminer.com/news/munst… | report | new tab | Add '(opens in new tab)' to text |
| https://msrc.microsoft.com/update-guide/… | CVE-2026-21262 | new tab | Add '(opens in new tab)' to text |
| https://msrc.microsoft.com/update-guide/… | CVE-2026-26127 | new tab | Add '(opens in new tab)' to text |
| https://msrc.microsoft.com/update-guide/… | CVE-2026-26113 | new tab | Add '(opens in new tab)' to text |
| https://msrc.microsoft.com/update-guide/… | CVE-2026-26110 | new tab | Add '(opens in new tab)' to text |
| https://snyk.io/articles/clawdbot-ai-ass… | observed | new tab | Add '(opens in new tab)' to text |
| https://x.com/summeryue0/status/20257740… | recounted on Twitter/X | new tab | Add '(opens in new tab)' to text |
| https://en.wikipedia.org/wiki/Schadenfre… | schadenfreude | new tab | Add '(opens in new tab)' to text |
| https://x.com/theonejvo/status/201540121… | story | new tab | Add '(opens in new tab)' to text |
| https://x.com/theonejvo/status/201589298… | another experiment | new tab | Add '(opens in new tab)' to text |
| https://grith.ai/blog/clinejection-when-… | wrote | new tab | Add '(opens in new tab)' to text |
| https://en.wikipedia.org/wiki/Confused_d… | confused deputy | new tab | Add '(opens in new tab)' to text |
| https://krebsonsecurity.com/tag/lapsus/ | LAPSUS$ | new tab | Add '(opens in new tab)' to text |
| https://pypi.org/project/dort/ | Dortsolver | new tab | Add '(opens in new tab)' to text |
| https://krebsonsecurity.com/category/sim… | SIM-swapping | new tab | Add '(opens in new tab)' to text |
| https://www.xbox.com/en-US/xbox-game-pas… | Microsoft Xbox Game Pass accou… | new tab | Add '(opens in new tab)' to text |
| https://www.keepersecurity.com/free-data… | (empty) | empty | Add link text or aria-label |
| (empty) | empty | Add link text or aria-label | |
| https://krebsonsecurity.com/2017/06/why-… | (empty) | empty | Add link text or aria-label |
Links without text are announced as raw URLs by screen readers.
https://www.doppel.com/?utm_source=krebsonsecurity&utm_medium=display&utm_cam…; https://www.doppel.com/?utm_source=krebsonsecurity&utm_medium=display&utm_cam…; http://twitter.com/briankrebs; https://krebsonsecurity.com/feed/; https://www.linkedin.com/in/bkrebs/; http://twitter.com/briankrebs; https://krebsonsecurity.com/feed/; https://www.linkedin.com/in/bkrebs/; https://www.doppel.com/?utm_source=krebsonsecurity&utm_medium=display&utm_cam…; https://www.keepersecurity.com/free-data-breach-scan.html?utm_source=Krebs&ut… (+2 more)
Links with no accessible text (empty <a></a>, image-only no alt, icon-only no aria-label) are unidentifiable to screen readers.
Source: WCAG 2.1 SC 2.4.4
Add '(opens in new tab)' to link text or aria-label.
https://krebsonsecurity.com/category/sim-swapping/; https://www.justice.gov/usao-cdca/pr/british-national-pleads-guilty-hacking-c…; https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-32201; https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-33825; https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-b…; https://infosec.exchange/@wdormann/116404516592597593; https://www.microsoft.com/en-us/security/blog/2026/04/07/soho-router-compromi…; https://attack.mitre.org/groups/G0007/; https://www.lumen.com/blog-and-news/en-us/frostarmada-forest-blizzard-dns-hij…; https://www.ncsc.gov.uk/news/apt28-exploit-routers-to-enable-dns-hijacking-op… (+30 more)
Links with target="_blank" without rel="noopener" leak the originating page's window context — security and UX issue.
Learn more ▾ ▴
Without rel="noopener", the new tab can navigate the original tab via window.opener (tab-nabbing attack). Modern browsers default to noopener for target=_blank but only since recent versions. Always set rel="noopener noreferrer" explicitly.
Source: MDN target / OWASP
CColor Contrast (Screenshot)Action20 text elements analyzed, 2 fail WCAG AAREVIEW
Analyzes text contrast against the actual rendered page, including background images, gradients, and overlays that CSS-based tools cannot detect.
2 contrast failures on background images/gradients
These failures are invisible to CSS-based accessibility tools like Lighthouse. The text may be fine on a solid background, but fails when rendered over an image or gradient.
Show all checked elements (20)
| Element | Ratio | Required | FG | BG | Result |
|---|---|---|---|---|---|
| h2 WHEN AI INSTALLS AI | 21.00:1 | 3.0:1 | #000000 | #FFFFFF | Pass |
| title Krebs on Security … | 4.44:1 | 4.5:1 | #000000 | #767276 | Fail |
| div Advertisement | 1.87:1 | 4.5:1 | #000000 | #3B3A41 | Fail |
| div Advertisement | 4.63:1 | 4.5:1 | #000000 | #70777F | Pass |
| a Skip to content | 12.63:1 | 4.5:1 | #000000 | #C6C9CC | Pass |
| a Home | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| a About the Author | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| a Advertising/Speaking | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| a ‘Scattered Spider… | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| span April 21, 2026 | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| a 3 Comments | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| p A 24-year-old Britis… | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| strong Scattered Spider | 21.00:1 | 3.0:1 | #000000 | #FFFFFF | Pass |
| p ” has pleaded guil… | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| strong Tyler Robert Buchana… | 21.00:1 | 3.0:1 | #000000 | #FFFFFF | Pass |
| p admitted his role in… | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| p Buchanan’s hacker … | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| strong Tylerb | 21.00:1 | 3.0:1 | #000000 | #FFFFFF | Pass |
| p ” once graced a le… | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| p Two photos published… | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
Methodology: The top 20 text elements by font size were checked. Background color was sampled from the desktop screenshot using a 5-point pattern. WCAG 2.1 AA requires 4.5:1 for normal text and 3:1 for large text.
CLighthouse Accessibility AuditsActionScore 79/100 — 5 failing, 20 passedREVIEW
Accessibility
These checks highlight opportunities to improve the accessibility of your web app. Automatic detection can only detect a subset of issues and does not guarantee the accessibility of your web app, so manual testing is also encouraged.
Contrast
Low-contrast text is difficult or impossible for many users to read. Learn how to provide sufficient color contrast.
Performance issues directly impact user engagement and conversion rates.
| Failing Elements |
|---|
April 21, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
SIM-swapping attacks article#post-73470 > div.entry-content > p > a |
said article#post-73470 > div.entry-content > p > a |
Continue reading → article#post-73470 > div.entry-content > p > a.more-link |
April 14, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
CVE-2026-32201 article#post-73440 > div.entry-content > p > a |
CVE-2026-33825 article#post-73440 > div.entry-content > p > a |
published exploit code for it article#post-73440 > div.entry-content > p > a |
confirmed article#post-73440 > div.entry-content > p > a |
Continue reading → article#post-73440 > div.entry-content > p > a.more-link |
Advertisement div#primary > div#content > div.themonic-ad2 > div.a-statement |
April 7, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
a blog post article#post-73422 > div.entry-content > p > a |
APT28 article#post-73422 > div.entry-content > p > a |
new report article#post-73422 > div.entry-content > p > a |
a new advisory article#post-73422 > div.entry-content > p > a |
OAuth authentication tokens article#post-73422 > div.entry-content > p > a |
Continue reading → article#post-73422 > div.entry-content > p > a.more-link |
April 5, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
an advisory article#post-73394 > div.entry-content > p > a |
Feb. 2023 filing article#post-73394 > div.entry-content > p > a |
announced article#post-73394 > div.entry-content > p > a |
had concluded article#post-73394 > div.entry-content > p > a |
an interview article#post-73394 > div.entry-content > p > a |
Continue reading → article#post-73394 > div.entry-content > p > a.more-link |
March 23, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
wrote article#post-73368 > div.entry-content > p > a |
removed article#post-73368 > div.entry-content > p > a |
notes article#post-73368 > div.entry-content > p > a |
a blog post article#post-73368 > div.entry-content > p > a |
Continue reading → article#post-73368 > div.entry-content > p > a.more-link |
March 19, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
said article#post-73345 > div.entry-content > p > a |
Continue reading → article#post-73345 > div.entry-content > p > a.more-link |
March 11, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
reports article#post-73316 > div.entry-content > p > a |
profiled article#post-73316 > div.entry-content > p > a |
Void Manticore article#post-73316 > div.entry-content > p > a |
report article#post-73316 > div.entry-content > p > a |
Continue reading → article#post-73316 > div.entry-content > p > a.more-link |
March 10, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
CVE-2026-21262 article#post-73276 > div.entry-content > p > a |
CVE-2026-26127 article#post-73276 > div.entry-content > p > a |
CVE-2026-26113 article#post-73276 > div.entry-content > p > a |
CVE-2026-26110 article#post-73276 > div.entry-content > p > a |
Continue reading → article#post-73276 > div.entry-content > p > a.more-link |
March 8, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
observed article#post-73278 > div.entry-content > p > a |
recounted on Twitter/X article#post-73278 > div.entry-content > p > a |
schadenfreude article#post-73278 > div.entry-content > p > a |
story article#post-73278 > div.entry-content > p > a |
another experiment article#post-73278 > div.entry-content > p > a |
wrote article#post-73278 > div.entry-content > p > a |
confused deputy article#post-73278 > div.entry-content > p > a |
Continue reading → article#post-73278 > div.entry-content > p > a.more-link |
February 28, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date |
LAPSUS$ article#post-73057 > div.entry-content > p > a |
Dortsolver article#post-73057 > div.entry-content > p > a |
SIM-swapping article#post-73057 > div.entry-content > p > a |
Microsoft Xbox Game Pass accounts article#post-73057 > div.entry-content > p > a |
Continue reading → article#post-73057 > div.entry-content > p > a.more-link |
Next › div.pagination > ul > li > a.inactive |
Last » div.themonic-pagination > div.pagination > ul > a.inactive |
© Krebs on Security - Mastodon
body.home > div#page > div.site-wordpress |
Low-contrast text is difficult or impossible for many users to read. Link text that is discernible improves the experience for users with low vision. Learn how to make links distinguishable.
Performance issues directly impact user engagement and conversion rates.
| Failing Elements |
|---|
SIM-swapping attacks article#post-73470 > div.entry-content > p > a |
said article#post-73470 > div.entry-content > p > a |
Continue reading → article#post-73470 > div.entry-content > p > a.more-link |
CVE-2026-32201 article#post-73440 > div.entry-content > p > a |
CVE-2026-33825 article#post-73440 > div.entry-content > p > a |
published exploit code for it article#post-73440 > div.entry-content > p > a |
confirmed article#post-73440 > div.entry-content > p > a |
Continue reading → article#post-73440 > div.entry-content > p > a.more-link |
a blog post article#post-73422 > div.entry-content > p > a |
APT28 article#post-73422 > div.entry-content > p > a |
new report article#post-73422 > div.entry-content > p > a |
a new advisory article#post-73422 > div.entry-content > p > a |
OAuth authentication tokens article#post-73422 > div.entry-content > p > a |
Continue reading → article#post-73422 > div.entry-content > p > a.more-link |
an advisory article#post-73394 > div.entry-content > p > a |
Feb. 2023 filing article#post-73394 > div.entry-content > p > a |
announced article#post-73394 > div.entry-content > p > a |
had concluded article#post-73394 > div.entry-content > p > a |
an interview article#post-73394 > div.entry-content > p > a |
Continue reading → article#post-73394 > div.entry-content > p > a.more-link |
wrote article#post-73368 > div.entry-content > p > a |
removed article#post-73368 > div.entry-content > p > a |
notes article#post-73368 > div.entry-content > p > a |
a blog post article#post-73368 > div.entry-content > p > a |
said article#post-73345 > div.entry-content > p > a |
Continue reading → article#post-73345 > div.entry-content > p > a.more-link |
reports article#post-73316 > div.entry-content > p > a |
profiled article#post-73316 > div.entry-content > p > a |
Void Manticore article#post-73316 > div.entry-content > p > a |
report article#post-73316 > div.entry-content > p > a |
Continue reading → article#post-73316 > div.entry-content > p > a.more-link |
CVE-2026-21262 article#post-73276 > div.entry-content > p > a |
CVE-2026-26127 article#post-73276 > div.entry-content > p > a |
CVE-2026-26113 article#post-73276 > div.entry-content > p > a |
CVE-2026-26110 article#post-73276 > div.entry-content > p > a |
Continue reading → article#post-73276 > div.entry-content > p > a.more-link |
observed article#post-73278 > div.entry-content > p > a |
recounted on Twitter/X article#post-73278 > div.entry-content > p > a |
schadenfreude article#post-73278 > div.entry-content > p > a |
story article#post-73278 > div.entry-content > p > a |
another experiment article#post-73278 > div.entry-content > p > a |
wrote article#post-73278 > div.entry-content > p > a |
confused deputy article#post-73278 > div.entry-content > p > a |
Continue reading → article#post-73278 > div.entry-content > p > a.more-link |
LAPSUS$ article#post-73057 > div.entry-content > p > a |
Dortsolver article#post-73057 > div.entry-content > p > a |
SIM-swapping article#post-73057 > div.entry-content > p > a |
Microsoft Xbox Game Pass accounts article#post-73057 > div.entry-content > p > a |
Continue reading → article#post-73057 > div.entry-content > p > a.more-link |
Mastodon body.home > div#page > div.site-wordpress > a |
These are opportunities to improve the legibility of your content.
Names and labels
Informative elements should aim for short, descriptive alternate text. Decorative elements can be ignored with an empty alt attribute. Learn more about the `alt` attribute.
Performance issues directly impact user engagement and conversion rates.
| Failing Elements |
|---|
div#page > div.themonic-logo > a > img div#page > div.themonic-logo > a > img |
div#content > div#between_article_ad > a > img div#content > div#between_article_ad > a > img |
Link text (and alternate text for images, when used as links) that is discernible, unique, and focusable improves the navigation experience for screen reader users. Learn how to make links accessible.
Performance issues directly impact user engagement and conversion rates.
| Failing Elements |
|---|
body.home > div#page > div.themonic-logo > a body.home > div#page > div.themonic-logo > a |
header#masthead > div.mobile-social > div.socialmedia > a header#masthead > div.mobile-social > div.socialmedia > a |
header#masthead > div.mobile-social > div.socialmedia > a.rss header#masthead > div.mobile-social > div.socialmedia > a.rss |
header#masthead > div.mobile-social > div.socialmedia > a.rss header#masthead > div.mobile-social > div.socialmedia > a.rss |
div#primary > div#content > div#between_article_ad > a div#primary > div#content > div#between_article_ad > a |
div#main > div#secondary > aside#media_image-2 > a div#main > div#secondary > aside#media_image-2 > a |
These are opportunities to improve the semantics of the controls in your application. This may enhance the experience for users of assistive technology, like a screen reader.
Tables and lists
Screen readers have a specific way of announcing lists. Ensuring proper list structure aids screen reader output. Learn more about proper list structure.
Performance issues directly impact user engagement and conversion rates.
| Failing Elements |
|---|
1
2
3
4
Next ›
Last » div#content > div.themonic-pagination > div.pagination > ul |
These are opportunities to improve the experience of reading tabular or list data using assistive technology, like a screen reader.
AForm Accessibility1 of 2 controls have issuesPASS
| Control | Type | Label | Method |
|---|---|---|---|
| #s | text | Search for: | for/id |
| #searchsubmit | submit | (none) | none |
Form controls need a <label>, aria-label, or aria-labelledby for screen readers.
<input type="submit" id="searchsubmit">
Form controls without labels — assistive tech announces 'edit text' with no context; users can't complete forms.
Source: WCAG 2.1 SC 3.3.2