// content credentials checker

Content Credentials
Checker

See whether an image or video carries C2PA content credentials — the cryptographically signed manifests that Adobe, OpenAI, Microsoft, and others embed to flag AI involvement. The check runs locally; nothing is uploaded.

What is C2PA?

C2PA — the Coalition for Content Provenance and Authenticity — is the metadata standard major AI tools use to mark generated or edited media. The manifest is cryptographically signed and tamper-evident. Instagram and Facebook read it to add the “Made with AI” label.

Where does this checker look?

  • JPEG / PNG: APP11 JUMBF segments and PNG caBX chunks containing C2PA box trees.
  • MP4 / MOV / WebM: ISO BMFF uuid boxes with the C2PA UUID D8FEC3D6-1B0B-4872-BD80-E04F827E80D9.
  • All formats: presence of C2PA label strings (c2pa.assertions, c2pa.claim, c2pa.signature).

Tools that embed C2PA today

  • Adobe Firefly — every output is signed.
  • Photoshop Generative Fill — signs Generative Fill edits.
  • ChatGPT image generator (DALL·E 3) — signed since spring 2024.
  • Microsoft Designer and Bing Image Creator.
  • Some Google models — selectively, since 2024.

Honest scope

This checker detects presence of C2PA. It does not yet parse the manifest to show which toolsigned it or what edit history is recorded. That level of detail requires a heavier C2PA library (Adobe’s c2pa-js, ~250 KB) — we may add it as an optional “deep parse” later. For now, the does this file carry C2PA? question gets a fast, reliable yes/no.

// common questions

Frequently asked.

Why does my AI-generated image not show C2PA?+

Three common reasons: (1) the tool that generated it doesn't embed C2PA (many open-source models don't); (2) you took a screenshot or re-saved the image through a tool that strips metadata; (3) the file was re-encoded somewhere — even uploading and downloading from a platform can strip C2PA.

Will removing C2PA stop the 'Made with AI' label on Meta platforms?+

Sometimes. Meta uses multiple signals — C2PA is one of them, but they also read model-disclosure metadata, user self-disclosure on upload, and may run their own detectors. Removing C2PA removes one trigger; others may still apply.

Is this checker a full C2PA viewer?+

Not yet — it detects presence and basic AI-tool fingerprints. For full manifest inspection (signed claims, edit history, certificate chain), use Adobe's official Content Credentials Verify tool at contentcredentials.org. We may add deep parsing here later.

Does the file get uploaded?+

Never. All scanning runs in your browser via JavaScript. Open dev tools and watch the Network tab — there are zero requests when you drop a file. The page works fully offline once loaded.

// related tools

Keep cleaning.

C2PA Remover
Strip the content credentials this checker just found.
AI Info Tag Checker
Broader inspection — C2PA plus EXIF, GPS, AI tags.
Reading: How C2PA gets stripped
Why a browser canvas wipes the manifest in one pass.