To inspect a PDF's version, encryption, and permission flags, use Zro7 Inspect PDF. It parses the header, trailer, encryption dictionary, and metadata stream, then shows you a plain-English summary: PDF version, page count, whether it's encrypted, what actions are allowed (print, copy, edit), producer, creation date, and embedded fonts.
The parts of a PDF Inspect PDF surfaces
- Header —
%PDF-1.7or%PDF-2.0; anything else is unusual. - Encryption dictionary — algorithm (RC4-40, RC4-128, AES-128, AES-256), R value, and P permission bitmask.
- Info + XMP metadata — Producer, Creator, Title, Author, dates.
- Page tree — count, sizes, and rotation flags.
- Attachments and JavaScript — presence flagged for review.
Reading the permissions bitmask
A password-protected PDF has an owner password and a user password. Even if the user password is empty (opens without a prompt), the owner can restrict printing, copying, editing, and form-filling via the P bitmask. Inspect PDF decodes those bits so you can see, for example, "Printing: not allowed, Content copying: not allowed" — the exact reason Acrobat greys out those menus.
When to run it
- Before merging PDFs from untrusted sources (check for JavaScript / attachments).
- Before publishing (confirm metadata doesn't leak your username or software path).
- Diagnosing "why can't I print this?" or "why won't the text copy?" — it's the P flags.
Steps
- Open Inspect PDF.
- Drop the file.
- Read the report — everything is displayed inline; nothing is uploaded.
Zro7