Check any image for Content Credentials (C2PA), right in your browser.
Live at: https://danraveh-ai.github.io/effortproof/ (soon effortproof.com)
Drop an image on the page and it instantly reports whether the file carries a C2PA Content Credentials manifest, who generated it, whether a signature block is present, and which assertions it contains. Everything runs client-side: your file never leaves your device. No uploads, no analytics, no external requests of any kind.
The page ships a small, dependency-free JavaScript detector (detect.js), a direct port of the c2pacheck Python CLI:
- JPEG: C2PA rides in APP11 (0xFFEB) marker segments. The detector walks the segments and reassembles the JUMBF payload per box-instance in packet-sequence order.
- PNG: JUMBF lives in the
caBXancillary chunk. - Other formats: a best-effort raw byte scan for manifest tokens.
The port is verified two ways: a node --test suite using the same fixture
structures as c2pacheck's tests, and a cross-check on a real signed image
where both implementations must produce identical results (same manifest
footprint, claim generator, and assertion list).
This tool detects and inspects. It does not validate the signing certificate chain. "Signature present" means a signature block is embedded, not that it is valid or from a trusted issuer. The claim generator string is read heuristically (no full CBOR parse) and can include stray bytes. For full cryptographic verification use the official Content Credentials Verify tool.
No build step. Serve the folder and open it:
node serve.mjs 8642 # or any static file server
# open http://127.0.0.1:8642/Run the tests:
node --test "test/**/*.test.mjs"samples/ contains two test images from
contentauth/c2pa-rs
(MIT/Apache-2.0): one with a C2PA manifest signed with a test certificate,
one without.
MIT. See LICENSE.