Embedding a single line of code

Embedding a single line of code

Allyable provide each customer with a secured single line of code to embed in their website.

When the script is embedded in the website correctly, the accessibility virtual layer is applied on each visited page, scan for accessibility violations and manipulate it to create a fix for it.

Why to embed a script?

When the script is embedded internally the plugin monitors the behavior of end-users. by doing so it is able to identify static and dynamic content on the fly, and to cover more content of each scenarios of the end-user.


When the script is embedded in your website and end-users are visiting a page the script executes and call the accessibility servers for authentication.

The domain URL is being verified and only when authenticated the accessibility is downloaded and the virtual layer is applied.

Where to embed the script?

  • Embed in a master page - allows all pages to inherit the script and apply the accessibility layer.

  • Embed in the <HEAD> tag - allows the accessibility to start downloading right at the beginning of the page load with no need to wait for the website to load

  • Add an “async” attribute - By adding the “async” attribute to the script we instruct it to work asynchronously without interfering the page loading.

  • Add referrerpolicy = "no-referrer-when-downgrade" - Send the origin, path, and querystring in Referer when the protocol security level stays the same or improves (HTTP→HTTP, HTTP→HTTPS, HTTPS→HTTPS). Don't send the Referer header for requests to less secure destinations (HTTPS→HTTP, HTTPS→file).

  • Using an “https” call - always use https on calls to the accessibility servers


When the Allyable script is embedded in a website, the domain URL is authenticated through Allyable servers and if valid, every page is scanned for accessibility issues and violations reported back the Allyable360 platform. 
Many widgets, editors, applications and  management systems (WordPress, SharePoint, etc.) create menu's and content on top of the existing page for editing or audit purposes. when the domain URL is not changing, the added content is scanned for accessibility violations and reported to the Allyable360 platform just like any other content on the page.

Make sure all content which is not part of the website content is excluded from the scan.


Using Google Tag Manager to embed the Allyable script can raise an invalid script error due to "referrerpolicy" attributes.
It is Recommended to embed the Allyable script manually in the source code.