How should I interpret PDF analysis results?
Results come in three states:
- Intact — no signs of post-creation modification were found. The PDF file structure matches what you would expect from a freshly generated document.
- Modified — the analysis found signs that the file was changed after it was originally created.
- Cannot Determine — the PDF was created with consumer software such as Microsoft Word, Google Docs, LibreOffice, or a print-to-PDF driver. Anyone can create a document from scratch with these tools, so the integrity check result is not meaningful in this context.
Important: “Intact” does not mean “authentic.” It means the PDF was not modified after it was created. A document created from scratch with false data will also show as Intact — because it was never modified, it was simply created with false content. To understand this limitation fully, see: Can someone create a fake document from scratch?
On the result page you also see detailed metadata (creation date, modification date, creator, producer) and structural findings. These help you understand why the service gave a particular result. If the result seems unexpected, consider the PDF’s creation workflow and whether any modifications were authorized.
For important decisions, use this result as part of a broader fraud-detection strategy rather than the sole factor.
ā Previous
Can a PDF be modified without detection?
Next ā
What PDF formats and versions are supported?
Related questions
Keep reading
3 answers
Our PDF authenticity checker supports most standard PDF formats including PDF 1.3 through PDF 2.0, linearized PDFs, PDF/A (archival format), and PDF/X (print format). While older versions (PDF 1.0-1.2) may work, analysis is most reliable with PDF 1.3 and newer.
The PDF tamper detection system can analyze PDFs created by any standard PDF creation tool including Adobe Acrobat, Microsoft Office, Google Docs, LibreOffice, online PDF converters, and specialized PDF software.
Some limitations apply: password-protected or encrypted PDFs cannot be analyzed, corrupted PDFs may fail to process, and non-standard PDF variants might produce unexpected results. Our PDF modification detection works best with standard, unencrypted PDF files following ISO 32000 specifications.
Each PDF authenticity check generates a unique, permanent URL that you can share with others to view the analysis results. After uploading your PDF and completing the PDF tamper detection, you'll receive a results page with a shareable link (format: htpbe.tech/result/[unique-id]).
This link provides full access to the analysis including modification status, metadata details, and all findings. You can share this link via email, messaging apps, or embed it in documents. The results page includes social sharing buttons for easy distribution.
Recipients don’t need accounts or special accessāthe link works for anyone. This makes it easy to share PDF modification detection results with colleagues, clients, or legal professionals.
Note: The shared link shows analysis results only, not the original PDF file, maintaining privacy while enabling collaboration on PDF authenticity analysis.
Your uploaded PDF file is stored temporarily in secure cloud storage (Vercel Blob) during the analysis process. Files are automatically deleted approximately one hour after upload as part of Vercel's standard retention policy.
We do not manually delete files immediately after analysis because this allows you time to re-check results if needed. However, the automatic cleanup ensures your files don’t remain stored indefinitely.
Important: We only retain the analysis results and metadata permanently in our databaseānever the actual PDF file content. This includes information like filename, file size, creation date, modification date, and detected findings. The original PDF file itself is automatically purged from storage after approximately one hour.
This approach balances security, privacy, and functionality while complying with data retention best practices.