Frequently Asked Questions

HTPBE (Has This PDF Been Edited) is a free online service that detects whether a PDF document has been modified after it was originally created. Upload your PDF and get an instant result in seconds.

The service analyzes the PDF’s internal structure, metadata, and creation history to detect any signs of post-creation modifications. Results come in three states: Intact (no modification found), Modified (modification detected), or Cannot Verify (the PDF was created with consumer software such as Microsoft Word or Google Docs, where anyone can create a document from scratch).

Common scenarios: verifying payment confirmations from buyers, checking invoice integrity, validating certificates and diplomas, confirming contract integrity, and detecting document tampering.

You don’t need technical knowledge to use HTPBE—just upload your PDF and get clear results in seconds. The service is completely free, requires no registration, and works with PDF files up to 10 MB.

Payment confirmation fraud is a real problem in online transactions. When someone sends you a PDF screenshot or receipt as “proof of payment”, it could have been digitally edited to fake the transaction details.

Common fraud scenarios:

• Marketplace sellers: A buyer sends a fake payment confirmation to receive goods before actually paying
• Freelancers: A client shows an edited bank transfer screenshot claiming payment was sent
• Rental/accommodation: A tenant provides a modified payment receipt to avoid actual payment
• Online businesses: Customers submit altered invoices or receipts to claim refunds or discounts
• Peer-to-peer transactions: Someone shows fake payment proof to receive goods or services

How HTPBE helps: By checking if the PDF has been modified, you can quickly identify suspicious payment confirmations. If a payment screenshot shows as “modified” in our analysis, it’s a red flag that the document may have been tampered with.

Important: Always verify payment through your actual bank account or payment platform. HTPBE is an additional verification tool, not a replacement for checking your real account balance.

People use HTPBE to verify PDF authenticity in many real-world situations:

Financial & Payments:

• Payment confirmations: Verify bank transfer receipts and payment screenshots from buyers or clients
• Invoices: Check if invoices from suppliers or contractors have been altered
• Receipts: Validate expense receipts for reimbursement or accounting
• Financial statements: Confirm authenticity of bank statements or financial reports

Business & Legal:

• Contracts: Verify that contracts haven’t been modified after signing
• Agreements: Check business agreements for tampering before execution
• Legal documents: Validate authenticity of court documents or legal notices

Academic & Professional:

• Certificates: Verify educational certificates and diplomas from applicants
• Transcripts: Check academic transcripts for modifications
• Professional credentials: Validate licenses and certifications

E-commerce & Marketplaces:

• Shipping confirmations: Verify delivery receipts and shipping documents
• Order confirmations: Check authenticity of purchase orders
• Return receipts: Validate return and refund documentation

In all these scenarios, HTPBE provides a quick first check to identify potentially tampered documents, helping you make safer decisions in your transactions and business dealings.

HTPBE is used by a wide range of people and businesses who need to verify document authenticity:

Online Sellers & Marketplace Vendors: Verify payment confirmations from buyers before shipping products, especially on platforms without integrated payment protection.

Freelancers & Independent Contractors: Check client payment receipts and invoices before starting work or delivering projects.

Small Business Owners: Validate invoices, receipts, and financial documents from customers, suppliers, and partners.

HR & Recruitment Professionals: Verify authenticity of certificates, diplomas, and professional credentials from job applicants.

Landlords & Property Managers: Check payment confirmations and rental receipts from tenants.

Accountants & Bookkeepers: Validate expense receipts and financial documents for accurate record-keeping.

Legal Professionals: Perform preliminary checks on document integrity for contracts and legal paperwork.

E-commerce Operations: Verify return receipts, shipping confirmations, and order documentation.

Anyone Making Peer-to-Peer Transactions: Validate payment proof when buying or selling goods/services directly to other individuals.

Basically, anyone who receives PDF documents from others and needs to trust their authenticity before making important decisions or transactions can benefit from HTPBE.

Our PDF modification checker uses multi-layer forensic analysis to detect whether a PDF document was changed after it was originally created. The system analyzes PDF metadata including creation dates, modification timestamps, creator and producer information, and PDF version details.

We also examine the internal file structure at the byte level to identify evidence of post-creation modifications, detect digital signatures and analyze their integrity, and scan for embedded malicious code or suspicious scripts.

You see one of three outcomes: Intact (no modification detected), Modified (modification detected), or Cannot Verify (the PDF was created with consumer software such as Microsoft Word or a print-to-PDF driver — integrity analysis does not apply to documents anyone can create from scratch).

Our PDF modification detection system provides high accuracy through multi-layer analysis combining metadata validation, structural analysis, and signature verification. The accuracy depends on several factors: the quality of PDF metadata, the sophistication of modification attempts, and the PDF creation tools used.

Results come in three states: Intact (no signs of modification found), Modified (modification detected), and Cannot Verify (the PDF was created with consumer software such as Microsoft Word or LibreOffice — integrity analysis does not apply to documents created with these tools).

There is one fundamental limitation to understand: the tool detects post-creation modifications, not fabricated content. If someone creates a fake invoice or certificate from scratch in Word and exports it to PDF, that PDF will show as Intact — because it was never modified after creation. The check only tells you whether the file was changed after it was generated, not whether the data inside it is truthful. See Can someone create a fake document from scratch? for details.

For critical decisions, we recommend using this tool as part of a broader verification strategy rather than relying solely on automated results.

Yes, our PDF authenticity verification service prioritizes your privacy and security. PDF files are temporarily processed in secure cloud storage (Vercel Blob) solely for the duration necessary to complete the analysis. Files are permanently and automatically deleted immediately after analysis completes, typically within minutes.

We only store analysis results and extracted metadata such as filename, file size, creation date, modification date, creator information, and detection findings—never the actual PDF file content.

All data transmission uses encrypted HTTPS/TLS protocols, and our infrastructure follows industry-standard security practices. We analyze technical file structure only and never read document content, ensuring your sensitive information remains private throughout the PDF verification process.

Our PDF authenticity checker accepts PDF files up to 10 megabytes (10 MB) in size. This limit ensures fast analysis and optimal performance for most common PDF documents including contracts, certificates, invoices, reports, and academic documents.

Files exceeding this limit will be rejected with an error message. If you need to check larger PDF files, consider splitting them into smaller documents or compressing the PDF before upload.

The 10 MB limit applies to the original file size before any processing. Our free PDF verification service is designed to handle typical document sizes efficiently while maintaining quick response times and reliable analysis results for PDF modification detection.

HTPBE analyzes four layers of evidence: metadata (creation and modification timestamps, creator/producer applications), file structure (incremental update sections, cross-reference tables), digital signatures (presence, validity, post-signature modifications), and embedded content (JavaScript, hidden file attachments).

What you see is one of three results: Intact (no modification detected), Modified (modification detected), or Cannot Verify (the PDF was created with consumer software such as Microsoft Word, LibreOffice, or a print-to-PDF driver). The detailed metadata and findings on the result page explain the reasoning behind each outcome.

Our PDF modification detection system can identify most common types of PDF alterations including:

• Metadata changes (creation dates, modification dates, creator/producer information)
• Structural modifications (xref table changes, incremental updates, object-level changes)
• Post-creation content modifications (page additions, object insertions, structural edits)
• Digital signature tampering

The most important limitation is not technical — it is fundamental: the tool detects modifications to existing PDF files. It cannot detect documents created from scratch with false content. If someone creates a fake bank statement in Microsoft Word and exports it to PDF, the result will show as Intact, because the file was never modified after creation. Always check the creation date and consider the document’s claimed origin alongside the analysis result.

Additionally, PDFs created with consumer software (Microsoft Word, LibreOffice, Google Docs, print-to-PDF drivers) will show a Cannot Verify result rather than Intact, because anyone can create any document from scratch with these tools.

Other technical limitations: password-protected PDFs cannot be analyzed, extremely sophisticated manipulation techniques using specialized tools may sometimes evade detection, and PDFs with corrupted metadata may produce unexpected results. For critical legal or financial documents, use our service alongside other verification methods.

PDF authenticity checking typically completes within a few seconds for most documents. The analysis time depends on file size, complexity, and server load.

Typical processing times:

• Small PDF files (under 1 MB) usually process in 2-5 seconds
• Larger files (5-10 MB) may take 10-20 seconds

The multi-layer PDF verification process includes metadata extraction, structural analysis, and signature verification—all optimized for speed. You'll see real-time progress updates during upload and analysis.

Our PDF modification detection service is designed for instant results, allowing you to quickly verify document integrity without waiting. If analysis takes longer than expected, it may indicate a complex PDF structure or temporary server load, but most PDF authenticity checks complete rapidly.

PDF metadata is embedded information within a PDF file that includes creation date, modification date, creator application, producer application, PDF version, title, author, subject, keywords, and other document properties.

This metadata is crucial for PDF authenticity verification because it provides a digital fingerprint of the document’s history. When someone edits a PDF, metadata often changes—modification dates update, producer information may change, and structural elements can be altered.

Our PDF authenticity checker analyzes this metadata to detect inconsistencies that suggest tampering. For example, if a PDF shows a creation date after its modification date, or if the producer tool doesn’t match the creator tool in expected ways, these anomalies indicate potential PDF modification.

Understanding PDF metadata helps you interpret analysis results and make informed decisions about document integrity and authenticity.

Yes, our PDF authenticity verification service can analyze legal documents, but results should be interpreted carefully. The PDF modification detection provides technical evidence about document integrity based on metadata and structural analysis.

However, for legal proceedings, you may need additional verification methods including expert witness testimony, forensic document examination, or certified PDF analysis. Our service helps identify potential issues with legal PDFs such as contracts, agreements, or court documents, but the results are indicative rather than definitive legal proof.

We recommend consulting with legal professionals about how PDF authenticity analysis results can support your case. The detailed analysis report can serve as supporting evidence, but it should be part of a comprehensive document verification strategy rather than the sole basis for legal decisions.

In PDF metadata, Creator refers to the application that originally created the document content (like Microsoft Word, Google Docs, or Adobe InDesign), while Producer refers to the application that converted or last saved the document to PDF format (like Adobe Acrobat, PDF printer, or online converters).

This distinction is important for PDF authenticity checking because mismatches between Creator and Producer can indicate document modification. For example, a document created in Word but saved as PDF through a different tool shows different Creator and Producer values—this is normal.

However, if our PDF modification detection finds unexpected changes in these values or timestamps that don’t align with the document history, it may suggest tampering. Understanding Creator vs Producer helps interpret PDF verification results and identify potential document integrity issues.

No, our PDF authenticity checker does not read or store your document content. While we temporarily load the PDF file into memory for technical analysis, we only examine file structure, metadata, and PDF formatting information—never extracting or reading the actual text, images, or content within your PDF files.

This privacy-focused approach means sensitive documents remain completely confidential. The PDF verification process examines file structure, creation/modification dates, creator/producer information, digital signatures, and structural elements like xref tables and incremental updates.

We extract metadata such as filename, file size, page count, and PDF version, but never access or extract document content. This makes our PDF modification detection service safe for confidential documents including contracts, financial statements, personal records, and proprietary information. Your document content is never read, extracted, or stored—only technical metadata and structural information that helps determine PDF authenticity.

Incremental updates in PDF files occur when changes are saved to a PDF without rewriting the entire file. Instead, modifications are appended to the end of the file, creating multiple versions within a single PDF.

This is significant for PDF authenticity checking because incremental updates can indicate document modification history. Our PDF modification detection system analyzes these incremental updates to identify when and how a PDF was changed.

Multiple incremental updates may suggest frequent editing or tampering attempts. However, some legitimate PDF creation workflows also use incremental updates, so our PDF verification considers context when interpreting these findings.

The presence of incremental updates doesn’t automatically mean tampering—it’s one factor in our comprehensive PDF authenticity analysis that helps build a complete picture of document integrity and modification history.

While our PDF authenticity checker detects most common modification methods, sophisticated PDF editing techniques using specialized tools may sometimes evade detection. Advanced users with deep PDF knowledge could potentially modify documents in ways that minimize metadata changes or structural anomalies.

However, such modifications typically require significant technical expertise and specialized software. Our multi-layer PDF verification approach analyzes multiple detection vectors including metadata consistency, structural integrity, signature verification, and modification traces—making it difficult to modify PDFs without leaving some evidence.

For critical documents, we recommend using our PDF modification detection alongside other verification methods. The detailed findings help identify suspicious patterns even when modifications are sophisticated. No PDF authenticity checking system is 100% foolproof, but our comprehensive analysis provides strong protection against most common tampering attempts.

Results come in three states:

• Intact — no signs of post-creation modification were found. The PDF file structure matches what you would expect from a freshly generated document.
• Modified — the analysis found signs that the file was changed after it was originally created.
• Cannot Verify — the PDF was created with consumer software such as Microsoft Word, Google Docs, LibreOffice, or a print-to-PDF driver. Anyone can create a document from scratch with these tools, so the integrity check result is not meaningful in this context.

Important: “Intact” does not mean “authentic.” It means the PDF was not modified after it was created. A document created from scratch with false data will also show as Intact — because it was never modified, it was simply created with false content. To understand this limitation fully, see: Can someone create a fake document from scratch?

On the result page you also see detailed metadata (creation date, modification date, creator, producer) and structural findings. These help you understand why the service gave a particular result. If the result seems unexpected, consider the PDF’s creation workflow and whether any modifications were authorized.

For important decisions, use this result as part of a broader verification strategy rather than the sole factor.

Yes, our PDF verification service is completely free for basic use. You can upload PDF files up to 10 MB, receive instant PDF modification detection analysis, and access detailed results including metadata information, findings, and modification status—all without registration or payment.

The free PDF authenticity checker includes full access to our multi-layer analysis system, comprehensive results pages, and shareable result links.

For developers and businesses needing programmatic access, bulk processing, or higher monthly quotas, API access is available upon request. The free service is designed to help individuals and small organizations verify PDF document integrity without cost barriers. Whether you’re checking a contract, verifying a certificate, or investigating document tampering, our free PDF authenticity verification provides professional-grade analysis at no charge.

Our PDF authenticity checker supports most standard PDF formats including PDF 1.3 through PDF 2.0, linearized PDFs, PDF/A (archival format), and PDF/X (print format). While older versions (PDF 1.0-1.2) may work, analysis is most reliable with PDF 1.3 and newer.

The PDF verification system can analyze PDFs created by any standard PDF creation tool including Adobe Acrobat, Microsoft Office, Google Docs, LibreOffice, online PDF converters, and specialized PDF software.

Some limitations apply: password-protected or encrypted PDFs cannot be analyzed, corrupted PDFs may fail to process, and non-standard PDF variants might produce unexpected results. Our PDF modification detection works best with standard, unencrypted PDF files following ISO 32000 specifications.

Each PDF authenticity check generates a unique, permanent URL that you can share with others to view the analysis results. After uploading your PDF and completing the PDF verification, you'll receive a results page with a shareable link (format: htpbe.tech/result/[unique-id]).

This link provides full access to the analysis including modification status, metadata details, and all findings. You can share this link via email, messaging apps, or embed it in documents. The results page includes social sharing buttons for easy distribution.

Recipients don’t need accounts or special access—the link works for anyone. This makes it easy to share PDF modification detection results with colleagues, clients, or legal professionals.

Note: The shared link shows analysis results only, not the original PDF file, maintaining privacy while enabling collaboration on PDF authenticity verification.

Your uploaded PDF file is stored temporarily in secure cloud storage (Vercel Blob) during the analysis process. Files are automatically deleted approximately one hour after upload as part of Vercel's standard retention policy.

We do not manually delete files immediately after analysis because this allows you time to re-check results if needed. However, the automatic cleanup ensures your files don’t remain stored indefinitely.

Important: We only retain the analysis results and metadata permanently in our database—never the actual PDF file content. This includes information like filename, file size, creation date, modification date, and detected findings. The original PDF file itself is automatically purged from storage after approximately one hour.

This approach balances security, privacy, and functionality while complying with data retention best practices.

A PDF showing as “modified” doesn’t necessarily mean someone tampered with the content. Many legitimate actions create modifications that our PDF authenticity checker detects:

• Saving or exporting: Re-saving a PDF in any tool (even without changes) updates the modification date and metadata
• Format conversion: Converting from Word/Excel to PDF, or PDF to PDF/A, creates new metadata
• Adding signatures: Digitally signing a PDF creates incremental updates
• Printing to PDF: “Printing” a PDF to create a new PDF changes all metadata
• Auto-save features: Some PDF viewers auto-save which triggers modification timestamps
• Annotation or comments: Adding notes, highlights, or comments modifies the file structure

Our system detects any structural changes after the PDF was originally created. This is intentional—it helps you know the document’s complete history. A “modified” result doesn’t automatically mean fraud or tampering; it means the file has a history beyond its initial creation.

Review the detailed findings on the results page to understand what specific changes were detected and whether they align with your document’s known history.

Analysis results are stored permanently in our database. Once you upload and analyze a PDF, the results remain accessible indefinitely at the unique URL (htpbe.tech/result/[unique-id]).

This permanent storage has several benefits:

• You can reference analysis results months or years later for audits or legal proceedings
• Shared links remain valid indefinitely, ensuring recipients can always view results
• Historical analysis can be compared if you check the same document multiple times

What is stored permanently: Analysis metadata, modification verdict, creation/modification dates, creator/producer information, structural findings, and detection results.

What is NOT stored permanently: The actual PDF file content. As mentioned in our privacy policy, uploaded PDF files are automatically deleted from storage approximately one hour after upload. Only the analysis results remain.

This approach ensures you have long-term access to verification results while protecting your document privacy and minimizing storage of sensitive file content.

No, you cannot view or download your original PDF file from the results page. The results page displays only the analysis metadata and findings—not the document itself.

This is a deliberate privacy and security feature. We do not store PDF file content permanently, and we do not provide access to uploaded files after analysis completes. Uploaded PDF files are automatically deleted from storage approximately one hour after upload.

The results page shows comprehensive analysis information including:

• Modification status (modified/not modified)
• Modification verdict and specific findings
• Metadata (creation date, modification date, creator, producer)
• Structural findings (incremental updates, signatures, etc.)
• Specific anomalies detected

Keep your original PDF file: If you need to reference the actual document later, make sure to keep a copy on your local device. The analysis results are permanent, but access to the original file is not.

This policy protects user privacy by ensuring uploaded documents are not accessible to others through shared result links, even if the link is compromised.

Yes, and this is an important limitation to understand. Our PDF authenticity checker detects modifications to existing PDF files—we cannot verify if a brand-new PDF was created with falsified content.

Example scenario: Someone could:

• Create a fake invoice or certificate with false information
• Print or export it as a fresh PDF file
• The PDF will appear as “not modified” because it’s technically a new file, not a modified existing one

How to protect yourself: Always pay close attention to the Creation Date shown in the analysis results. Ask yourself:

• Does the creation date make logical sense for this document?
• If it’s supposedly a 2020 invoice, why was the PDF created in 2026?
• Is the creation date suspiciously recent for an “old” document?
• Does the timeline match the situation and claimed document origin?

Additional verification steps for critical documents:

• Request the original file from the issuing organization directly
• Verify document details with the claimed issuer (company, institution, authority)
• Check for official digital signatures or stamps
• Compare document format and layout with known authentic samples
• For scanned documents (photos of documents), request the original digital file instead

Our service is a powerful tool for detecting tampering with existing files, but it cannot replace human judgment and thorough verification processes. The creation date is your first line of defense against completely fabricated documents.

All dates and times on HTPBE are displayed in UTC (Coordinated Universal Time) for consistency, accuracy, and transparency. This is an intentional design choice to ensure everyone sees the same absolute time regardless of their location.

What is UTC?

UTC is the global time standard used worldwide. It’s equivalent to GMT (Greenwich Mean Time) and serves as the reference point for all timezones. Unlike local time, UTC never changes with daylight saving time or regional adjustments.

Why We Use UTC:

• Universal consistency: Everyone sees the exact same timestamp regardless of their location or timezone
• No timezone confusion: A document created “at 14:00” could mean different absolute times in New York vs Tokyo. UTC eliminates this ambiguity
• Technical accuracy: PDF files internally store timestamps in UTC. Displaying them in UTC preserves the original data without conversion errors
• International collaboration: When sharing results with people in different countries, UTC provides a common reference point
• Audit trail integrity: For legal and compliance purposes, UTC timestamps create unambiguous records

How to Convert UTC to Your Local Time:

If you need to know what time something was in your timezone:

• Google search: Type “14:00 UTC in [your timezone]” to get instant conversion
• Mental calculation: Add your UTC offset. For example, if you’re in New York (UTC-5), subtract 5 hours from UTC time
• Time converter tools: Many free online tools convert UTC to any timezone

Common UTC Offsets:

• New York: UTC-5 (or UTC-4 during daylight saving)
• London: UTC+0 (or UTC+1 during summer time)
• Paris/Berlin: UTC+1 (or UTC+2 during summer time)
• Dubai: UTC+4
• Singapore/Hong Kong: UTC+8
• Tokyo: UTC+9
• Sydney: UTC+10 (or UTC+11 during daylight saving)

What This Means for You:

When you see a timestamp like “12.02.2026 09:35:21 UTC” on HTPBE:

• This is the absolute, universal time the event occurred
• It’s the same timestamp everyone else sees, regardless of their location
• You can convert it to your local time if needed, but the UTC value is the authoritative record

Example Scenario:

You upload a PDF at 3:00 PM in New York (UTC-5). The check date shows “20:00 UTC” because:

• 3:00 PM in New York = 15:00 in 12-hour format
• 15:00 - 5 hours offset = 20:00 UTC

Someone viewing the same result in Tokyo (UTC+9) also sees “20:00 UTC”, not their local time. This ensures consistency and prevents confusion.

Bottom Line:

UTC display may seem unusual if you’re used to seeing local times, but it’s the professional standard for global systems. It ensures accuracy, eliminates timezone-related errors, and provides a reliable foundation for document verification timestamps.

A creation date slightly after the check time usually means clock drift — a small difference between your computer’s clock and our server’s clock. Computers without automatic time synchronization can drift several minutes fast, so a PDF created on such a device will show a timestamp a few minutes ahead of the actual server time. This is completely normal.

Quick risk guide based on the time difference:

• Under 10 minutes: Low risk — almost certainly clock drift, not suspicious
• 10 minutes to 1 hour: Medium risk — worth investigating for important documents
• More than 1 hour: High risk — unlikely to be accidental; verify independently
• Days, weeks, or months: Very high risk — strong indicator of intentional clock manipulation or metadata tampering

Always evaluate the full picture: the overall modification result, other metadata fields (Creator, Producer), and the context of where the document came from. A 4-minute discrepancy in a payment confirmation from a known client is routine. A 4-day discrepancy in a contract from a new counterparty requires investigation.

Full explanation with examples →