PDF Security Cleaner

Automatically detect and remove security threats hidden in PDF files. Text, fonts, and layout are preserved — file size may decrease slightly as removed elements are stripped.

Drag PDF files here or click to upload

PDF files only · Multiple files supported · Max 100MB

Hidden Threats Inside PDFs

JavaScript Execution

JavaScript can run the moment you open a PDF — stealing system info or communicating with malicious servers. Adobe Acrobat Reader allows this by default; other viewers may also be vulnerable.

Phishing Links

Invisible links overlay normal text, redirecting clicks to phishing sites. The real destination is hidden and nearly impossible to spot visually.

Auto-Run Actions

OpenAction and AA (Additional Actions) trigger automatically when you open a PDF or turn a page. In Adobe Acrobat Reader, they can download files, visit URLs, or submit forms silently.

Tracking Metadata

Author names, company info, edit history, and GPS coordinates can be embedded in XMP metadata. Remove them before sharing sensitive documents.

How IMGLOO Cleaning Works

1

Parses the PDF binary to analyze every object

2

Identifies JavaScript, auto-actions, link annotations, and metadata

3

Precisely removes only threats — text, images, and layout stay intact

4

All processing happens in your browser — files never leave your device

Try it yourself

A test PDF with hidden JavaScript, phishing links, and auto-run actions. Click any link in the PDF to see the phishing simulation. (JS execution is Adobe Acrobat only)

Download Test PDF

Safe PDF Habits

  • Clean PDFs from unknown sources before opening
  • Be suspicious of email PDF attachments — especially 'invoice' or 'shipping' subjects
  • Verify URLs before clicking links inside PDFs
  • Strip metadata from sensitive documents before sharing externally

Frequently Asked Questions

Does cleaning change the PDF content?

No. Text, images, fonts, and layout are fully preserved. Only security threats (scripts, links, auto-actions, metadata) are removed.

What threats does it remove?

JavaScript code, OpenAction/AA (auto-run actions), link annotations (phishing links), XMP metadata, and output intents.

Are files uploaded to a server?

No. All processing happens in the browser's Web Worker. Files never leave your device.

How is this different from PDF compression?

PDF compression reduces file size. Cleaning removes security threats. If you need compression, use the PDF Compressor page.