Skip to content
https://krebsonsecurity.com

Accessibility

· 13 checks — Landmarks, headings, alt text, forms, and link quality rolled into one auditable list.
SCORE
51
GRADE
F
FIX
6
REVIEW
5
PASS
2
INFO
0
Checks
13
2 PASS 5 REVIEW 6 FIX
F
Alt Text Quality
Action
4 of 18 images have issues
FIX
4 of 18 images have issues
Critical::
4 image(s) missing alt attribute
Images without alt text are invisible to screen readers.
Critical::
4 image-in-link without alt text
An image inside a link with no alt creates an empty link.
Info::
1 image(s) with alt text over 125 characters
Info::
10 decorative image(s) correctly marked
Info::
3 image(s) with good alt text
18 images 3 good alt text 10 decorative 4 missing
IssueCount
missing4 image(s)
too long1 image(s)

Images without alt text are invisible to screen readers.

Why this matters

Each image without alt text is a WCAG 1.1.1 failure — invisible to screen-reader users, lost from Google Image Search.

Learn more

WCAG 2.1 Level A requires text alternatives for non-decorative images. Empty alt='' is fine for decorative; meaningful images need descriptive text. Common fixes: CMS audit + bulk add, build-time linter (alt-text-required ESLint rule), CI gate on Lighthouse a11y score.

Source: WCAG 2.1 SC 1.1.1 / WebAIM Million Report

An image inside a link with no alt creates an empty link.

Why this matters

Image-only links with no alt create empty links — screen-reader users hear 'link' with no destination context.

Learn more

An <a><img></a> with no img alt is the worst-case for accessibility: AT announces the link but can't describe where it goes. Either add alt to the image OR add aria-label to the link.

Source: WCAG 2.1 SC 2.4.4

F
Favicon & Branding
Action
1 icon(s) detected
FIX
1 icon(s) detected
Info::
favicon.ico present at site root
Info::
No apple-touch-icon detected
iOS devices use this when users add your site to their home screen. Add <link rel='apple-touch-icon' sizes='180x180' href='/apple-touch-icon.png'>.
favicon.ico Present
PNG Icons Missing
Apple Touch Missing
SVG Favicon Missing
Manifest Icons Missing
Multiple Sizes Missing
D
Web Manifest
Action
Not found
FIX
Not found
Info::
No web manifest found
No manifest at standard paths (/manifest.json, /site.webmanifest). A manifest is optional but enables PWA features like home screen installation and standalone display.

No web manifest found.

D
Dark Mode Support
Action
No dark mode signals
FIX
No dark mode signals
Info::
No dark mode signals detected
Consider adding CSS with @media (prefers-color-scheme: dark) and <meta name='color-scheme' content='light dark'>.
Info::
Detection limited to meta tags and inline styles
External CSS files may contain prefers-color-scheme rules not visible to this scan.
Dark ModeNo Dark Mode Detected
color-scheme meta Not set Dark theme-color Not set CSS indicators Not detected

Detection limited to meta tags and inline styles.

D
Print Stylesheet
Action
No print styles
FIX
No print styles
Info::
No print-specific styles detected
When users print this page, they get the screen layout including navigation and non-essential elements. Add @media print rules to hide navigation and optimize layout for paper.
Print Stylesheet No Print Styles
Print stylesheet Not found Inline @media print Not detected
F
Navigation UX
Action
No navigation patterns
FIX
No navigation patterns
Info::
2 navigation landmark(s) detected
Info::
No breadcrumbs, search, or skip link detected
These navigation aids help users orient themselves and find content efficiently, especially on large sites.
Breadcrumbs
Search
Skip Link
Labeled Navigation 2 <nav> element(s)
Back to Top
Hamburger Menu
Sticky Navigation Cannot reliably detect (CSS-based)
1 of 6 testable patterns navigation patterns detected. Limited navigation support. Consider adding breadcrumbs, search, and skip link.
B
Landmark Structure
31 landmarks
REVIEW
31 landmarks
Info::
<main> landmark present
Info::
2 <nav> landmark(s) found
Warning::
2 of 2 <nav> elements are unlabeled
Multiple navigations need aria-label to distinguish them for screen readers.
Warning::
Skip navigation link is missing (WCAG 2.4.1)
Add a skip link as the first focusable element so keyboard users can bypass repeated navigation.
Page Structure — as a screen reader sees it
BANNER header NAV MAIN ASIDE CONTENTINFO footer

Multiple navigations need aria-label to distinguish them for screen readers.

Why this matters

Some <nav> elements lack aria-label — screen-reader users hear 'navigation' multiple times with no way to distinguish them.

Learn more

When a page has multiple <nav> regions (primary, footer, breadcrumb), each needs aria-label or aria-labelledby. AT users navigate by landmark; identical 'navigation' announcements force them to enter each one to discover purpose.

Source: WAI-ARIA Authoring Practices

Add a skip link as the first focusable element so keyboard users can bypass repeated navigation.

Why this matters

Without a skip-nav link, keyboard users tab through every nav item before reaching content — every page, every visit.

Learn more

WCAG 2.4.1 (Bypass Blocks) requires a mechanism to skip past repeated content. The standard implementation is a 'Skip to main content' link that's the first focusable element, visually hidden until focused. Three lines of HTML + four of CSS.

Source: WCAG 2.1 SC 2.4.1

B
Heading Hierarchy
11 headings
REVIEW
11 headings
Critical::
No H1 heading found
Every page should have one H1 that describes the page content.
  • H2 ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
  • H2 Patch Tuesday, April 2026 Edition
  • H2 Russia Hacked Routers to Steal Microsoft Office Tokens
  • H2 Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
  • H2 ‘CanisterWorm’ Springs Wiper Attack Targeting Iran
  • H2 Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
  • H2 Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
  • H2 Microsoft Patch Tuesday, March 2026 Edition
  • H2 How AI Assistants are Moving the Security Goalposts
  • H2 WHEN AI INSTALLS AI
  • H2 Who is the Kimwolf Botmaster “Dort”?

Every page should have one H1 that describes the page content.

Why this matters

No H1 means screen-reader users can't identify the page's primary topic, and Google's content-extraction degrades.

Learn more

The H1 is the document title for assistive tech and a strong signal to search engines about page topic. Pages without one force screen readers to fall back to the <title> attribute or page chrome. Add a single H1 that names the page's primary subject.

Source: WCAG 2.4.6 / Google Search Central

C
Color Contrast (Screenshot)
Action
20 text elements analyzed, 2 fail WCAG AA
REVIEW

Analyzes text contrast against the actual rendered page, including background images, gradients, and overlays that CSS-based tools cannot detect.

18 pass 2 fail WCAG AA 1 pass AA only
title Krebs on Security – In-depth security …
4.44:1
#000000
on
#767276
needs 4.5:1 (normal text)
16px · top of page (header area) · over background image/gradient
div Advertisement
1.87:1
#000000
on
#3B3A41
needs 4.5:1 (normal text)
16px · top of page (header area) · over background image/gradient

2 contrast failures on background images/gradients

These failures are invisible to CSS-based accessibility tools like Lighthouse. The text may be fine on a solid background, but fails when rendered over an image or gradient.

Show all checked elements (20)
ElementRatioRequiredFGBGResult
h2 WHEN AI INSTALLS AI21.00:13.0:1
#000000
#FFFFFF
Pass
title Krebs on Security …4.44:14.5:1
#000000
#767276
Fail
div Advertisement1.87:14.5:1
#000000
#3B3A41
Fail
div Advertisement4.63:14.5:1
#000000
#70777F
Pass
a Skip to content12.63:14.5:1
#000000
#C6C9CC
Pass
a Home21.00:14.5:1
#000000
#FFFFFF
Pass
a About the Author21.00:14.5:1
#000000
#FFFFFF
Pass
a Advertising/Speaking21.00:14.5:1
#000000
#FFFFFF
Pass
a ‘Scattered Spider…21.00:14.5:1
#000000
#FFFFFF
Pass
span April 21, 202621.00:14.5:1
#000000
#FFFFFF
Pass
a 3 Comments21.00:14.5:1
#000000
#FFFFFF
Pass
p A 24-year-old Britis…21.00:14.5:1
#000000
#FFFFFF
Pass
strong Scattered Spider21.00:13.0:1
#000000
#FFFFFF
Pass
p ” has pleaded guil…21.00:14.5:1
#000000
#FFFFFF
Pass
strong Tyler Robert Buchana…21.00:13.0:1
#000000
#FFFFFF
Pass
p admitted his role in…21.00:14.5:1
#000000
#FFFFFF
Pass
p Buchanan’s hacker …21.00:14.5:1
#000000
#FFFFFF
Pass
strong Tylerb21.00:13.0:1
#000000
#FFFFFF
Pass
p ” once graced a le…21.00:14.5:1
#000000
#FFFFFF
Pass
p Two photos published…21.00:14.5:1
#000000
#FFFFFF
Pass

Methodology: The top 20 text elements by font size were checked. Background color was sampled from the desktop screenshot using a 5-point pattern. WCAG 2.1 AA requires 4.5:1 for normal text and 3:1 for large text.

C
Lighthouse Accessibility Audits
Action
Score 79/100 — 5 failing, 20 passed
REVIEW
79

Accessibility

These checks highlight opportunities to improve the accessibility of your web app. Automatic detection can only detect a subset of issues and does not guarantee the accessibility of your web app, so manual testing is also encouraged.

Contrast

Low-contrast text is difficult or impossible for many users to read. Learn how to provide sufficient color contrast.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
April 21, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
SIM-swapping attacks article#post-73470 > div.entry-content > p > a
said article#post-73470 > div.entry-content > p > a
Continue reading → article#post-73470 > div.entry-content > p > a.more-link
April 14, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
CVE-2026-32201 article#post-73440 > div.entry-content > p > a
CVE-2026-33825 article#post-73440 > div.entry-content > p > a
published exploit code for it article#post-73440 > div.entry-content > p > a
confirmed article#post-73440 > div.entry-content > p > a
Continue reading → article#post-73440 > div.entry-content > p > a.more-link
Advertisement div#primary > div#content > div.themonic-ad2 > div.a-statement
April 7, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
a blog post article#post-73422 > div.entry-content > p > a
APT28 article#post-73422 > div.entry-content > p > a
new report article#post-73422 > div.entry-content > p > a
a new advisory article#post-73422 > div.entry-content > p > a
OAuth authentication tokens article#post-73422 > div.entry-content > p > a
Continue reading → article#post-73422 > div.entry-content > p > a.more-link
April 5, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
an advisory article#post-73394 > div.entry-content > p > a
Feb. 2023 filing article#post-73394 > div.entry-content > p > a
announced article#post-73394 > div.entry-content > p > a
had concluded article#post-73394 > div.entry-content > p > a
an interview article#post-73394 > div.entry-content > p > a
Continue reading → article#post-73394 > div.entry-content > p > a.more-link
March 23, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
wrote article#post-73368 > div.entry-content > p > a
removed article#post-73368 > div.entry-content > p > a
notes article#post-73368 > div.entry-content > p > a
a blog post article#post-73368 > div.entry-content > p > a
Continue reading → article#post-73368 > div.entry-content > p > a.more-link
March 19, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
said article#post-73345 > div.entry-content > p > a
Continue reading → article#post-73345 > div.entry-content > p > a.more-link
March 11, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
reports article#post-73316 > div.entry-content > p > a
profiled article#post-73316 > div.entry-content > p > a
Void Manticore article#post-73316 > div.entry-content > p > a
report article#post-73316 > div.entry-content > p > a
Continue reading → article#post-73316 > div.entry-content > p > a.more-link
March 10, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
CVE-2026-21262 article#post-73276 > div.entry-content > p > a
CVE-2026-26127 article#post-73276 > div.entry-content > p > a
CVE-2026-26113 article#post-73276 > div.entry-content > p > a
CVE-2026-26110 article#post-73276 > div.entry-content > p > a
Continue reading → article#post-73276 > div.entry-content > p > a.more-link
March 8, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
observed article#post-73278 > div.entry-content > p > a
recounted on Twitter/X article#post-73278 > div.entry-content > p > a
schadenfreude article#post-73278 > div.entry-content > p > a
story article#post-73278 > div.entry-content > p > a
another experiment article#post-73278 > div.entry-content > p > a
wrote article#post-73278 > div.entry-content > p > a
confused deputy article#post-73278 > div.entry-content > p > a
Continue reading → article#post-73278 > div.entry-content > p > a.more-link
February 28, 2026 div.btm-wrap > div.below-title-meta > div.adt > span.date
LAPSUS$ article#post-73057 > div.entry-content > p > a
Dortsolver article#post-73057 > div.entry-content > p > a
SIM-swapping article#post-73057 > div.entry-content > p > a
Microsoft Xbox Game Pass accounts article#post-73057 > div.entry-content > p > a
Continue reading → article#post-73057 > div.entry-content > p > a.more-link
Next › div.pagination > ul > li > a.inactive
Last » div.themonic-pagination > div.pagination > ul > a.inactive
© Krebs on Security - Mastodon body.home > div#page > div.site-wordpress

Low-contrast text is difficult or impossible for many users to read. Link text that is discernible improves the experience for users with low vision. Learn how to make links distinguishable.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
SIM-swapping attacks article#post-73470 > div.entry-content > p > a
said article#post-73470 > div.entry-content > p > a
Continue reading → article#post-73470 > div.entry-content > p > a.more-link
CVE-2026-32201 article#post-73440 > div.entry-content > p > a
CVE-2026-33825 article#post-73440 > div.entry-content > p > a
published exploit code for it article#post-73440 > div.entry-content > p > a
confirmed article#post-73440 > div.entry-content > p > a
Continue reading → article#post-73440 > div.entry-content > p > a.more-link
a blog post article#post-73422 > div.entry-content > p > a
APT28 article#post-73422 > div.entry-content > p > a
new report article#post-73422 > div.entry-content > p > a
a new advisory article#post-73422 > div.entry-content > p > a
OAuth authentication tokens article#post-73422 > div.entry-content > p > a
Continue reading → article#post-73422 > div.entry-content > p > a.more-link
an advisory article#post-73394 > div.entry-content > p > a
Feb. 2023 filing article#post-73394 > div.entry-content > p > a
announced article#post-73394 > div.entry-content > p > a
had concluded article#post-73394 > div.entry-content > p > a
an interview article#post-73394 > div.entry-content > p > a
Continue reading → article#post-73394 > div.entry-content > p > a.more-link
wrote article#post-73368 > div.entry-content > p > a
removed article#post-73368 > div.entry-content > p > a
notes article#post-73368 > div.entry-content > p > a
a blog post article#post-73368 > div.entry-content > p > a
said article#post-73345 > div.entry-content > p > a
Continue reading → article#post-73345 > div.entry-content > p > a.more-link
reports article#post-73316 > div.entry-content > p > a
profiled article#post-73316 > div.entry-content > p > a
Void Manticore article#post-73316 > div.entry-content > p > a
report article#post-73316 > div.entry-content > p > a
Continue reading → article#post-73316 > div.entry-content > p > a.more-link
CVE-2026-21262 article#post-73276 > div.entry-content > p > a
CVE-2026-26127 article#post-73276 > div.entry-content > p > a
CVE-2026-26113 article#post-73276 > div.entry-content > p > a
CVE-2026-26110 article#post-73276 > div.entry-content > p > a
Continue reading → article#post-73276 > div.entry-content > p > a.more-link
observed article#post-73278 > div.entry-content > p > a
recounted on Twitter/X article#post-73278 > div.entry-content > p > a
schadenfreude article#post-73278 > div.entry-content > p > a
story article#post-73278 > div.entry-content > p > a
another experiment article#post-73278 > div.entry-content > p > a
wrote article#post-73278 > div.entry-content > p > a
confused deputy article#post-73278 > div.entry-content > p > a
Continue reading → article#post-73278 > div.entry-content > p > a.more-link
LAPSUS$ article#post-73057 > div.entry-content > p > a
Dortsolver article#post-73057 > div.entry-content > p > a
SIM-swapping article#post-73057 > div.entry-content > p > a
Microsoft Xbox Game Pass accounts article#post-73057 > div.entry-content > p > a
Continue reading → article#post-73057 > div.entry-content > p > a.more-link
Mastodon body.home > div#page > div.site-wordpress > a

These are opportunities to improve the legibility of your content.

Names and labels

Informative elements should aim for short, descriptive alternate text. Decorative elements can be ignored with an empty alt attribute. Learn more about the `alt` attribute.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
div#page > div.themonic-logo > a > img div#page > div.themonic-logo > a > img
div#content > div#between_article_ad > a > img div#content > div#between_article_ad > a > img

Link text (and alternate text for images, when used as links) that is discernible, unique, and focusable improves the navigation experience for screen reader users. Learn how to make links accessible.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
body.home > div#page > div.themonic-logo > a body.home > div#page > div.themonic-logo > a
header#masthead > div.mobile-social > div.socialmedia > a header#masthead > div.mobile-social > div.socialmedia > a
header#masthead > div.mobile-social > div.socialmedia > a.rss header#masthead > div.mobile-social > div.socialmedia > a.rss
header#masthead > div.mobile-social > div.socialmedia > a.rss header#masthead > div.mobile-social > div.socialmedia > a.rss
div#primary > div#content > div#between_article_ad > a div#primary > div#content > div#between_article_ad > a
div#main > div#secondary > aside#media_image-2 > a div#main > div#secondary > aside#media_image-2 > a

These are opportunities to improve the semantics of the controls in your application. This may enhance the experience for users of assistive technology, like a screen reader.

Tables and lists

Screen readers have a specific way of announcing lists. Ensuring proper list structure aids screen reader output. Learn more about proper list structure.

Why this matters

Performance issues directly impact user engagement and conversion rates.

Failing Elements
1 2 3 4 Next › Last » div#content > div.themonic-pagination > div.pagination > ul

These are opportunities to improve the experience of reading tabular or list data using assistive technology, like a screen reader.

Interactive controls are keyboard focusable
Interactive elements indicate their purpose and state
The page has a logical tab order
Visual order on the page follows DOM order
User focus is not accidentally trapped in a region
The user's focus is directed to new content added to the page
HTML5 landmark elements are used to improve navigation
Offscreen content is hidden from assistive technology
Custom controls have associated labels
Custom controls have ARIA roles
`[aria-*]` attributes match their roles
`[aria-hidden="true"]` is not present on the document `<body>`
`[role]`s have all required `[aria-*]` attributes
`[role]` values are valid
`[aria-*]` attributes have valid values
`[aria-*]` attributes are valid and not misspelled
Input buttons have discernible text.
Form elements have associated labels
`[user-scalable="no"]` is not used in the `<meta name="viewport">` element and the `[maximum-scale]` attribute is not less than 5.
ARIA attributes are used as specified for the element's role
Elements use only permitted ARIA attributes
Document has a `<title>` element
`<html>` element has a `[lang]` attribute
`<html>` element has a valid value for its `[lang]` attribute
List items (`<li>`) are contained within `<ul>`, `<ol>` or `<menu>` parent elements
Touch targets have sufficient size and spacing.
Heading elements appear in a sequentially-descending order
Document has a main landmark.
Deprecated ARIA roles were not used
Identical links have the same purpose.
`[accesskey]` values are unique
`button`, `link`, and `menuitem` elements have accessible names
Elements with `role="dialog"` or `role="alertdialog"` have accessible names.
`[aria-hidden="true"]` elements do not contain focusable descendents
ARIA input fields have accessible names
ARIA `meter` elements have accessible names
ARIA `progressbar` elements have accessible names
Elements with an ARIA `[role]` that require children to contain a specific `[role]` have all required children.
`[role]`s are contained by their required parent element
Elements with the `role=text` attribute do not have focusable descendents.
ARIA toggle fields have accessible names
ARIA `tooltip` elements have accessible names
ARIA `treeitem` elements have accessible names
Buttons have an accessible name
The page contains a heading, skip link, or landmark region
`<dl>`'s contain only properly-ordered `<dt>` and `<dd>` groups, `<script>`, `<template>` or `<div>` elements.
Definition list items are wrapped in `<dl>` elements
ARIA IDs are unique
No form fields have multiple labels
`<frame>` or `<iframe>` elements have a title
`<html>` element has an `[xml:lang]` attribute with the same base language as the `[lang]` attribute.
`<input type="image">` elements have `[alt]` text
The document does not use `<meta http-equiv="refresh">`
`<object>` elements have alternate text
Select elements have associated label elements.
Skip links are focusable.
No element has a `[tabindex]` value greater than 0
Cells in a `<table>` element that use the `[headers]` attribute refer to table cells within the same table.
`<th>` elements and elements with `[role="columnheader"/"rowheader"]` have data cells they describe.
`[lang]` attributes have a valid value
`<video>` elements contain a `<track>` element with `[kind="captions"]`
Tables have different content in the summary attribute and `<caption>`.
All heading elements contain content.
Uses ARIA roles only on compatible elements
Image elements do not have `[alt]` attributes that are redundant text.
Elements with visible text labels have matching accessible names.
Tables use `<caption>` instead of cells with the `[colspan]` attribute to indicate a caption.
`<td>` elements in a large `<table>` have one or more table headers.
A
Form Accessibility
1 of 2 controls have issues
PASS
1 of 2 controls have issues
Critical::
1 control(s) without accessible label
Form controls need a <label>, aria-label, or aria-labelledby for screen readers.
Got: <input type="submit" id="searchsubmit">
Info::
1 control(s) properly labeled
2 controls
1 labeled
0 placeholder only
1 unlabeled
ControlTypeLabelMethod
#stextSearch for:for/id
#searchsubmitsubmit(none)none

Form controls need a <label>, aria-label, or aria-labelledby for screen readers.

<input type="submit" id="searchsubmit">

Why this matters

Form controls without labels — assistive tech announces 'edit text' with no context; users can't complete forms.

Source: WCAG 2.1 SC 3.3.2

A
404 Error Page
HTTP 404, custom page
PASS
HTTP 404, custom page
Info::
Correct 404 status code returned
Got: HTTP 404
Info::
Custom styled 404 page
Info::
Navigation links present on 404 page
Info::
Homepage link present on 404 page
Info::
Search form present on 404 page
404 Page Quality Custom 404 Page
Status Code HTTP 404 Page Title Page not found – Krebs on Security Custom Styling Navigation Homepage Link Search Form
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback