Your latest accessFlow audit didn’t complete because Cloudflare blocked the audit requests. This usually happens when Cloudflare’s security rules present a CAPTCHA challenge or block requests entirely.
Because accessFlow relies on automated auditing to identify accessibility issues, these blocks prevent the scan from reaching and testing your site.
Why this happens
Cloudflare is designed to protect websites from unwanted or malicious bot traffic. In some configurations, its security settings may also block legitimate tools, including accessFlow's accessibility audit, unless they are explicitly allowed.
How to resolve it
Configure a Cloudflare bypass
To bypass automatic Cloudflare bot management, create a safe list for the accessFlow scanner. This creates an exception so Cloudflare ignores requests that include your unique secret string.
- Create Rule: In the Cloudflare dashboard, go to Rules > Configuration Rules.
- Matching Criteria: Set the field to User Agent and use the operator Contains.
- The Secret: Enter a custom secret string (e.g.,
accessFlow-Audit-Bypass-XYZ). - The Action: Set the Security Level to Off for this rule.
This ensures that any request carrying your secret User Agent string will skip standard bot challenges.
Configure accessFlow settings
Next, configure accessFlow to include your secret string in audit requests. This helps Cloudflare recognize the accessFlow scanner as a legitimate accessibility tool.
- In accessFlow go to Settings > Pre-audit configurations.
- Scroll down to Site access settings and next to User Agent select Add.
- Enter the following string where userSecret is the secret you configured in Cloudflare (exactly as you typed it).
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.71 Safari/537.36 AccessibeBot/1.0/{{userSecret}} - Select Apply.