File Metadata Viewer

About File Metadata Viewer

This tool extracts and displays metadata from various file types. Upload images to view EXIF data (camera settings, GPS location), videos to see codec and resolution info, PDFs to view document properties, and more. All processing happens in your browser for complete privacy.

How do I verify a download against its published SHA-256 checksum?

Drop the downloaded file here, click Analyze, and read the SHA-256 value under File Integrity. Then paste the checksum from the project's release page into the Verify Hash field: the tool instantly shows a green Match or red Mismatch verdict. A match confirms the file is byte-for-byte identical to what the publisher released — it was not corrupted in transit and was not tampered with. The hash is computed entirely in your browser with the Web Crypto API, streamed in chunks so even large installers, ISOs, and release tarballs stay light on memory. SHA-256 verification needs an HTTPS page (secure context); on plain HTTP the tool falls back to the CRC32 checksum only.

Are these SHA-256 hashes the same as Linux sha256sum or certutil on Windows?

Yes — byte-identical. The Web Crypto digest of a file equals what sha256sum file on Linux/macOS, certutil -hashfile file SHA256 on Windows, or Get-FileHash in PowerShell would print for the same bytes. That makes this a drop-in way to verify downloads against a published SHA-256, confirm integrity after a transfer, or de-duplicate files during a storage audit. CRC32 is also shown as a fast non-cryptographic checksum useful for detecting accidental corruption (it is not suitable for security because collisions are easy to craft).

How does the magic-byte type detection work, and why does it matter?

Browsers report a file's type purely from its extension, which is trivially wrong or spoofed. This tool instead reads the first bytes of the file and matches them against a signature table — FF D8 FF for JPEG, 89 50 4E 47 for PNG, 25 50 44 46 for PDF, 50 4B 03 04 for ZIP and Office formats, ftyp boxes for MP4/MOV, RIFF for WebP/WAV/AVI, ID3 or frame sync for MP3. The result appears as Detected Type (magic bytes) in Basic Information, and when the real type does not match the extension it is flagged as an extension mismatch — handy for spotting a renamed .pdf that is actually a .docx, or a disguised executable.

What metadata does my photo expose, and why should I care?

A typical smartphone photo carries dozens of EXIF fields (Exchangeable Image File Format, JEITA CP-3451): the camera make and model, lens, exposure settings, ISO, focal length, the exact date and time the shutter fired, and very commonly the GPS latitude and longitude where the shot was taken. This viewer reads the EXIF block and shows GPS as decimal degrees with a maps link, so you can see exactly what a photo would reveal before you share it. Sharing the original file publicly can leak your home address (via GPS), the camera used, and the editing software. Most social networks strip metadata on upload, but messaging apps, email attachments, and direct file shares usually do not.

Are GPS coordinates always accurate, and what is the privacy risk?

Smartphone GPS is typically accurate to 3–10 meters outdoors with clear sky, and EXIF stores coordinates with enough precision to identify the exact room in a house. The privacy risk is severe: posting a photo of your child from home can broadcast your home address; a journalist photographing a source can betray the meeting location; a real-estate photo can reveal the agent's office. Some camera apps strip GPS on share but keep it locally; others encode it so subtly that even experienced users miss it. Always check the EXIF here before publishing any photo taken outside obviously public locations, and consider disabling location tagging by default in your camera app.

How do I remove metadata before sharing a file?

On Windows, right-click the file → Properties → Details → Remove Properties and Personal Information. On macOS, Preview → Tools → Show Inspector → remove GPS, or use third-party apps like ImageOptim. On Linux, exiftool with the -all= flag wipes every field: exiftool -all= photo.jpg. For PDFs, Adobe Acrobat's Sanitize Document feature or the qpdf --remove-metadata option strips embedded metadata. Important caveats: some operations preserve a thumbnail with original metadata inside it, image editors may write fresh metadata even as they strip the old, and removing metadata does not erase information visible in the pixels themselves (faces, street signs, license plates). For high-stakes anonymity, take a screenshot of the photo rather than sharing the file directly — the screenshot has no inherited history.

What video, audio, and PDF metadata can I see?

For video the tool reads the container with MediaInfo and shows format, duration, resolution, frame rate, the video and audio codecs, and bit rates. For audio it reads ID3 and similar tags: title, artist, album, year, genre, track number, plus duration, bitrate, sample rate, channels, codec and lossless flag. For PDF it reads the document information dictionary: title, author, subject, creator, producing application, creation and modification dates, and page count. Image files show EXIF plus the true pixel dimensions, probed directly from the decoded image when EXIF omits them.

Is my file uploaded, and how big a file can I inspect?

Nothing is uploaded. Hashing runs via the Web Crypto API and the EXIF, audio, video and PDF parsers run in WebAssembly and JavaScript entirely in your browser, so files never leave your device — safe for confidential contracts, source code, or personal photos. Practical size depends on your device's memory; the SHA-256 read streams the file in 4 MB chunks to keep usage low, but very large files (4K video, disk images over a few hundred MB) are better hashed with a desktop tool such as sha256sum.