What exactly am I deleting when I "strip metadata" from a PDF?

Several distinct layers, not one field, which is why a thorough job needs more than clearing the author box. The first layer is the document properties — author, title, subject, keywords — the identifiers most people picture. The second is the producer and timestamp data your software writes automatically: the application and version, and the created/modified dates. The third is the XMP metadata block, an extended metadata area many viewers do not surface, which can hold more than the basic fields. Beyond metadata proper, there are embedded-image EXIF tags (camera, date, sometimes GPS) carried inside any photos, and hidden or deleted-but-recoverable content. A real "strip metadata" pass addresses the metadata layers and is paired with redaction for hidden content, because clearing property fields does nothing to remove data still sitting in the file.

How do I actually delete the metadata?

Use a tool that scrubs the full metadata set, rather than only editing the visible fields. The quickest reliable method is a dedicated "scrub" or "sanitise" function that blanks the document properties and the XMP block in one pass, so you are not relying on manually clearing each field and missing the hidden ones. If you only have a basic metadata editor, clear every field you can see, but be aware it may leave XMP data behind. After scrubbing, the document properties should show empty or generic values. For files containing photos, treat the embedded-image EXIF as a separate step, since a document-level scrub may not reach inside the images. The principle is: prefer a tool that removes the whole metadata set automatically over hand-editing fields, because the fields you cannot see are the ones that leak.

Does deleting metadata also remove hidden or sensitive content?

No — and conflating the two is the most dangerous mistake here. Stripping metadata removes data about the document (who made it, when, with what); it does nothing to remove content within the document, including text you hid behind a box, deleted-but-recoverable layers, or comments. If your concern is that the visible or hidden content contains sensitive information, you need redaction — actually removing that content — not metadata deletion. Likewise, a password does not remove either. So separate the jobs: scrub metadata to remove identity and origin data, redact to remove sensitive content, and do both when both matter. A file with perfectly clean metadata can still leak a phone number someone "deleted" by drawing a rectangle over it.

How do I verify the metadata is really gone?

Check the file after scrubbing rather than assuming the tool worked. Reopen the document and look at its properties/info panel — author, producer, and dates should now be empty or generic, not your name and software. For a thorough check, run the file through a metadata-inspection tool that shows the full set including the XMP block, since the basic properties panel may not reveal everything. If the PDF contains photos and image privacy matters, inspect an extracted image for residual EXIF. Only once the inspection comes back clean should you treat the file as sanitised. This verification step matters because different tools scrub different layers, and "I clicked remove metadata" is not the same as "the metadata is gone" — confirm it before sharing anything sensitive.

Can I strip metadata from many PDFs at once?

Yes, and you should if you regularly share documents, because doing it per-file by hand is where people get lazy and leak. Batch metadata scrubbing applies the same sanitisation across many files in one operation, which is ideal for a folder of documents going out, a set of files for publication, or a routine "clean before send" step in a workflow. The same verification logic applies: spot-check a few of the batch afterward to confirm the scrub took. For an ongoing need, the best habit is to make sanitisation a standard final step before any document leaves your control, rather than something you remember to do only for files you happen to think are sensitive — the leaks come from the ones you did not think about.

Is it safe to strip metadata using an online tool?

Use a tool that runs on your own device, because uploading a file to remove its identifying data is self-defeating. Many online metadata tools send your file to a third-party server, which may log or retain it — the opposite of what you are trying to achieve. Client-side (in-browser) tools scrub the metadata locally so the file never leaves your computer — ScoutMyTool’s PDF tools work this way. For anything you care about enough to sanitise, confirm the tool is client-side before uploading, or use offline software. The caution that makes you want to delete metadata in the first place should extend to choosing a tool that does not quietly create a new copy of your file somewhere else.

7 min read

How to delete metadata from PDFs — a privacy guide

By ScoutMyTool Editorial Team · Last updated: 2026-05-21

Knowing your PDFs carry hidden metadata is one thing; reliably deleting it before you share is another, and it trips people up because "remove metadata" is not a single button — it is several layers, and the easy ones are not the ones that leak. I learned this after confidently clearing a document’s author field and then finding my name still sitting in the XMP block a viewer never showed me. This is the practical companion to knowing what your PDF reveals: a step-by-step guide to actually stripping the metadata — document properties, the hidden XMP data, embedded-image EXIF, and the remnants that need redaction rather than scrubbing — and, just as important, how to verify it is genuinely gone before the file leaves your hands.

The layers to strip

Layer	What to remove	Note
Document properties	Author, title, subject, keywords	The obvious identifiers; clear or blank them
Producer / dates	Creating app, created/modified times	Often auto-written; reset on export
XMP metadata block	Extended metadata viewers hide	Use a tool that scrubs XMP, not just basic fields
Embedded image EXIF	Camera, date, possible GPS	Document-level strip may miss this — handle images
Hidden / deleted remnants	Old content, comments, layers	Redact / flatten — clearing fields does not remove these

Step by step — strip metadata before sharing

Inspect first. Open the file’s properties and, ideally, a full metadata inspector to see what is actually there — you cannot confirm removal of what you never checked.
Scrub the full metadata set. Use a scrub/sanitise function that clears the document properties and the XMP block in one pass, rather than hand-editing visible fields and missing hidden ones.
Handle embedded image EXIF separately. If the PDF contains photos, address their EXIF (camera, date, GPS) too, since a document-level scrub may not reach inside the images.
Redact hidden or sensitive content. For deleted-but-recoverable content or things hidden behind boxes, redact properly — metadata scrubbing does not remove document content.
Verify it is gone. Reopen the file and re-inspect the metadata (including XMP); confirm properties are empty/generic before you treat it as clean.
Make it a habit (and batch it). Sanitise as a standard final step before any file leaves your control, batch-scrubbing folders where you can.

The principle: scrub, redact, verify — three jobs

Reliable metadata deletion comes down to keeping three distinct jobs straight and doing the ones you need. Scrubbing removes data about the file — author, software, dates, XMP — and the key is to clear the hidden layers, not just the visible fields. Redaction removes sensitive content withinthe file, which scrubbing never touches. And verification confirms the scrub actually worked, because different tools clean different layers and a clicked button is not proof. The leaks happen when these blur together: someone clears the author field and assumes the file is "clean," or draws a black box and assumes the data is gone. Treat them as separate, deliberate steps — scrub the metadata, redact the content, verify the result — and make it routine before sharing, so the document that leaves your hands says only what you intend it to.

FAQ

What exactly am I deleting when I "strip metadata" from a PDF?: Several distinct layers, not one field, which is why a thorough job needs more than clearing the author box. The first layer is the document properties — author, title, subject, keywords — the identifiers most people picture. The second is the producer and timestamp data your software writes automatically: the application and version, and the created/modified dates. The third is the XMP metadata block, an extended metadata area many viewers do not surface, which can hold more than the basic fields. Beyond metadata proper, there are embedded-image EXIF tags (camera, date, sometimes GPS) carried inside any photos, and hidden or deleted-but-recoverable content. A real "strip metadata" pass addresses the metadata layers and is paired with redaction for hidden content, because clearing property fields does nothing to remove data still sitting in the file.
How do I actually delete the metadata?: Use a tool that scrubs the full metadata set, rather than only editing the visible fields. The quickest reliable method is a dedicated "scrub" or "sanitise" function that blanks the document properties and the XMP block in one pass, so you are not relying on manually clearing each field and missing the hidden ones. If you only have a basic metadata editor, clear every field you can see, but be aware it may leave XMP data behind. After scrubbing, the document properties should show empty or generic values. For files containing photos, treat the embedded-image EXIF as a separate step, since a document-level scrub may not reach inside the images. The principle is: prefer a tool that removes the whole metadata set automatically over hand-editing fields, because the fields you cannot see are the ones that leak.
Does deleting metadata also remove hidden or sensitive content?: No — and conflating the two is the most dangerous mistake here. Stripping metadata removes data about the document (who made it, when, with what); it does nothing to remove content within the document, including text you hid behind a box, deleted-but-recoverable layers, or comments. If your concern is that the visible or hidden content contains sensitive information, you need redaction — actually removing that content — not metadata deletion. Likewise, a password does not remove either. So separate the jobs: scrub metadata to remove identity and origin data, redact to remove sensitive content, and do both when both matter. A file with perfectly clean metadata can still leak a phone number someone "deleted" by drawing a rectangle over it.
How do I verify the metadata is really gone?: Check the file after scrubbing rather than assuming the tool worked. Reopen the document and look at its properties/info panel — author, producer, and dates should now be empty or generic, not your name and software. For a thorough check, run the file through a metadata-inspection tool that shows the full set including the XMP block, since the basic properties panel may not reveal everything. If the PDF contains photos and image privacy matters, inspect an extracted image for residual EXIF. Only once the inspection comes back clean should you treat the file as sanitised. This verification step matters because different tools scrub different layers, and "I clicked remove metadata" is not the same as "the metadata is gone" — confirm it before sharing anything sensitive.
Can I strip metadata from many PDFs at once?: Yes, and you should if you regularly share documents, because doing it per-file by hand is where people get lazy and leak. Batch metadata scrubbing applies the same sanitisation across many files in one operation, which is ideal for a folder of documents going out, a set of files for publication, or a routine "clean before send" step in a workflow. The same verification logic applies: spot-check a few of the batch afterward to confirm the scrub took. For an ongoing need, the best habit is to make sanitisation a standard final step before any document leaves your control, rather than something you remember to do only for files you happen to think are sensitive — the leaks come from the ones you did not think about.
Is it safe to strip metadata using an online tool?: Use a tool that runs on your own device, because uploading a file to remove its identifying data is self-defeating. Many online metadata tools send your file to a third-party server, which may log or retain it — the opposite of what you are trying to achieve. Client-side (in-browser) tools scrub the metadata locally so the file never leaves your computer — ScoutMyTool’s PDF tools work this way. For anything you care about enough to sanitise, confirm the tool is client-side before uploading, or use offline software. The caution that makes you want to delete metadata in the first place should extend to choosing a tool that does not quietly create a new copy of your file somewhere else.

Citations

Scrub your PDF’s metadata — in your browser

Strip the document properties and XMP metadata from your PDF with ScoutMyTool — client-side, so the file you are sanitising never leaves your computer in the process.

Open the Scrub-Metadata tool →