PDF Safety Checker
Check a PDF for risky active content (JavaScript, auto-actions, embedded files) right in your browser — nothing is uploaded.
Report a problem
Drop a PDF to check if it’s safe.
or tap to choose a file
How to use
- Drop a PDF in — it’s read in your browser and never uploaded.
- Press Check this PDF to scan it for risky active content.
- Read the status and log; if you like, press Sanitize & download to rebuild a cleaner copy.
FAQ
Is my PDF uploaded anywhere?
No. The whole check runs in your browser — the file never leaves your device, so it works offline and stays private. Even the optional “sanitize” step rebuilds the PDF locally.
What does the checker look for?
It scans the file’s visible structure for tokens that signal active or risky content: JavaScript (/JavaScript, /JS), auto-run actions (/OpenAction, /AA), launching other programs (/Launch), embedded files (/EmbeddedFile), rich media (/RichMedia, /Movie, /Sound), forms (/XFA, /AcroForm) and links/submit actions (/URI, /SubmitForm, /GoToR). It also checks the header, end-of-file marker, cross-reference table and whether the file is encrypted.
Does a clean result mean the PDF is definitely safe?
No — treat it as a quick triage, not a guarantee. The scan reads the file’s visible bytes and can’t decompress object streams, so a cleverly hidden payload could be missed, and a harmless PDF can legitimately contain forms or links. If a document is from an untrusted source, stay cautious whatever the result says.
What does “Sanitize & download” actually remove?
It rebuilds the PDF by copying just the pages into a brand-new document, which drops document-level JavaScript, auto-run actions, embedded files and form definitions. Some page-level annotations may carry over, so it reduces risk rather than promising a perfectly clean file. Always keep your original.