100% client-side · WebAssembly · free forever

Free Content Credentials & C2PA Checker

Check if an image is AI-generated, verify digital signatures, trace edit history, and validate C2PA content provenance — all in your browser, for free.

Drop an image here or click to upload

JPEG · PNG · WebP · AVIF · HEIC · TIFF · GIF · SVG · PDF · DNG · NEF · ARW · max 10 MB

What are Content Credentials? (C2PA explained)

Content Credentials are a new type of tamper-evident metadata that travel with images and other media files. Think of them as a digital nutrition label for photos: they tell you who created the image, what tools were used, and whether AI was involved.

The technology is built on the C2PA standard (Coalition for Content Provenance and Authenticity), an open specification developed by a coalition including Adobe, Microsoft, Google, Intel, BBC, and many others. Unlike regular EXIF metadata which can be easily edited in any hex editor, Content Credentials use cryptographic digital signatures to ensure the information hasn't been tampered with.

When a camera or software creates Content Credentials, it signs the manifest with a certificate from a trusted authority. If anyone modifies the image or the manifest data after signing, the signature becomes invalid — making tampering immediately detectable when you verify the file.

How does C2PA work?

Four components work together to create a verifiable chain of provenance from capture to publication.

01

Claim Generator

Identifies the software or hardware that created the manifest. This could be "Adobe Photoshop 2025", "Google Pixel 9 Camera", or "Adobe Firefly". Every C2PA manifest records exactly what tool created it, including version information.
02

Digital Signature

A cryptographic seal proving the manifest hasn't been altered since it was created. Tied to a certificate from a trusted certificate authority, similar to how HTTPS certificates work for websites. If the image is edited after signing, the signature fails verification.
03

Assertions

Individual claims within the manifest: the digital source type (camera capture, AI-generated, composite), edit actions performed (crop, color-correct, generate), and other provenance data. The stds.schema-org.CreativeWork assertion is where AI source type is recorded.
04

Ingredients

Source assets used to create the final image. If a photo is a composite of multiple sources, each source is recorded with its own provenance chain, creating a full history from original capture through every editing step.

What do Trusted, Valid, and Invalid mean?

The checker returns one of three verdicts based on the cryptographic signature and the signer's certificate chain.

Trusted ✓

Trusted

The digital signature is cryptographically valid AND the signer's certificate comes from a recognized, trusted certificate authority (such as Adobe or a known camera manufacturer). This is the highest level of assurance — the content hasn't been tampered with, and the source is verified.

Valid △

Valid

The signature mathematics check out — the data has not been tampered with since it was signed. However, the signer's certificate is not in a recognized trust list. This could be a legitimate tool using its own self-signed certificate, or a newer service not yet on the trust list.

Invalid ✗

Invalid

Something is wrong. Either the image was modified after signing (breaking the cryptographic seal), the signature is corrupted, or the manifest doesn't conform to the C2PA specification. Invalid credentials are worse than no credentials — they indicate deliberate tampering or a corrupted file.

Can you detect AI-generated images with Content Credentials?

When a tool embeds Content Credentials, it records the method used to create the content using standardized assertion types from the Schema.org vocabulary.

The stds.schema-org.CreativeWork assertion contains a @type field that identifies the creation method. Our checker reads this directly and tells you what it means in plain language.

trainedAlgorithmicMedia Content created entirely by an AI model trained on existing data. Used by DALL-E, Adobe Firefly, Imagen, and other text-to-image AI tools. When our checker sees this value, it reports "AI-generated content confirmed."
compositeWithTrainedAlgorithmicMedia AI elements were combined with real photographic content. A real photo with an AI-generated sky replacement, or a photo with an AI-generated object inserted, would carry this type.
algorithmicMedia Content created by algorithms that are not trained machine-learning models. Procedural generation, code-based art, or rule-based image synthesis falls into this category.

Which tools, cameras & AI models support C2PA?

Adoption is growing rapidly. As of 2026, these categories of tools embed Content Credentials by default or as an option.

Adobe Creative Suite

Photoshop, Lightroom, and Illustrator can embed Content Credentials in exported files. Adobe Firefly adds them automatically to all AI-generated content. Adobe's own certificate authority is widely trusted.

Photoshop, Lightroom, Firefly, Illustrator

Camera Manufacturers

Several camera makers now embed C2PA credentials at capture time, providing the strongest possible provenance — the signature is created by the camera hardware itself, before any editing can occur.

Leica M11-P, Nikon Z9, Sony α9 III, Fujifilm X-M5

AI Image Generators

Several major AI image generation platforms embed C2PA credentials in their output, allowing downstream verification that an image was AI-generated. Midjourney and Stable Diffusion do not currently embed credentials.

DALL-E 3, Adobe Firefly, Bing Image Creator, Imagen 3

News Organizations

Major publishers and wire services are adopting C2PA to establish authenticity for photojournalism. Credentials created at point of capture by a verified journalist carry significant evidentiary weight.

BBC, Associated Press, Reuters, New York Times

Social Media & Platforms

LinkedIn now displays Content Credentials on AI-generated images. Meta, TikTok, and YouTube have announced C2PA support. Note that many platforms strip metadata on upload, which removes credentials.

LinkedIn, YouTube (in progress), Meta (announced)

Can Content Credentials be removed, faked, or stripped?

Two very different questions with very different answers.

Removed — yes

Content Credentials are metadata and can be stripped from an image just like EXIF data. Our own Metadata Cleaner tool does exactly this. Resizing, re-saving, or uploading to most social media platforms also removes them. The absence of credentials does not prove an image is fake — it simply means no verifiable provenance is available.

Faked — no (practically)

Creating fake but cryptographically valid credentials requires access to a signing certificate from a trusted certificate authority — the same kind of certificate used for HTTPS. You cannot create credentials that appear to come from Adobe or a Nikon camera without stealing their private keys. Faked credentials will always show as Invalid or Valid-but-untrusted, never as Trusted.

Why verify Content Credentials before trusting an image?

Different users have different reasons to care about image provenance.

01

Journalists & Fact-Checkers

Verify whether a viral image has authentic camera provenance before publishing. A Trusted credential from a known camera, timestamped at the location of an event, provides strong evidence of authenticity that can withstand editorial scrutiny.
02

Photographers & Stock Agencies

Confirm that submitted photos are authentic captures and not AI-generated replacements. C2PA credentials from a camera body provide a chain of custody that protects both the photographer's credit and the agency's reputation.
03

Businesses & Legal Teams

Verify provenance of images used in contracts, advertising, or evidence. An Invalid credential — indicating the image was modified after signing — may be significant in disputes about what was agreed or represented.
04

Consumers & General Public

Understand whether a product photo, news image, or social media post is AI-generated before sharing or making decisions based on it. As AI image quality improves, verifiable provenance becomes one of the few reliable signals.
05

Platforms & Developers

Integrate C2PA verification into content moderation and trust-and-safety pipelines. Checking credentials at upload time allows platforms to surface provenance information to users without requiring manual review.

The EU AI Act and content provenance

The EU Artificial Intelligence Act, which entered force in August 2024, includes specific provisions about transparency for AI-generated content. Article 50 directly affects anyone deploying AI systems that generate synthetic images, video, or audio in the European Union.

Article 50 mandates that providers of AI systems that generate synthetic content must ensure the output is "marked in a machine-readable format and detectable as artificially generated or manipulated."

C2PA Content Credentials are the primary technical mechanism being adopted to meet this requirement. By embedding a digitally signed manifest identifying the content as AI-generated, tools like Adobe Firefly and DALL-E 3 provide machine-readable disclosure that satisfies the Article 50 intent.

For businesses operating in or serving the EU market: if you use AI-generated images in commercial communications, advertising, or information services, verifying and preserving C2PA credentials is increasingly important for compliance. If your AI tool doesn't currently embed C2PA credentials, watch for updates — compliance timelines are already in effect for high-risk systems.

Our C2PA Checker lets you verify whether an image carries compliant AI disclosure credentials before publishing. Our Metadata Cleaner, by contrast, can strip those credentials — a use that should be considered carefully in light of regulatory requirements in your jurisdiction.

Frequently asked questions

Common questions about the C2PA Checker and Content Credentials verification.

Does this tool upload my images to a server?

No. All analysis happens entirely in your browser using WebAssembly. Your images never leave your device. The C2PA verification engine — including the WASM binary — is loaded once from a CDN and then runs locally for every file you check.

What file formats are supported?

JPEG, PNG, WebP, AVIF, HEIC/HEIF, TIFF, GIF, SVG, PDF, and RAW formats (DNG, NEF, ARW). Note that some formats like AVIF and RAW may have limited support in certain browsers. If a format fails to parse, you'll see a clear error message.

Why does my AI-generated image show no credentials?

Not all AI tools embed Content Credentials. Stable Diffusion, Midjourney (as of early 2026), and most open-source models do not add C2PA data. Credentials are also removed when images are downloaded from most social media platforms, re-saved in basic photo editors, or processed by our own Metadata Cleaner.

What's the difference between this and the main Metadata Cleaner?

The Metadata Cleaner removes traditional metadata (EXIF, XMP, IPTC) and alters the image's perceptual fingerprint to disrupt reverse-image search. The C2PA Checker reads and cryptographically verifies C2PA provenance data — signatures, edit history, and AI generation flags. They complement each other: use the Checker to read provenance, use the Cleaner to remove it.

Can I use this to verify if a photo is real?

Content Credentials can help confirm authenticity when present. A Trusted signature from a known camera manufacturer, timestamped at the time of an event, provides strong evidence. However, the absence of credentials does not prove an image is fake — many legitimate photos simply don't have credentials yet. Treat verified credentials as positive evidence; treat missing credentials as neutral.

Source Type	—
Interpretation	—