The next wave of image trust isn't reverse image search or watermarking. It's C2PA. The Content Credentials standard that embeds a cryptographically signed manifest into JPG, PNG, and WebP metadata declaring who made the image, when, with what tool, and what edits were applied. Adobe and Leica ship it. Meta and Microsoft read it. Search engines are starting to weigh it as an authenticity signal.
Most publishers have no idea which of their images carry a manifest and which don't. The Content Credentials Checker answers that directly. Paste a page URL. It scans every image on the page. Or paste a single image URL for a targeted check.
How the detection works
C2PA manifests live in the first few KB of the image file, inside JUMBF containers (for JPEG) or XMP packets (everywhere else). The tool downloads the first 64 KB of each image via the Netlify fetch proxy and scans for the canonical markers: the c2pa namespace in XMP, jumd/jumb JUMBF segments, and urn:c2pa claim URIs.
One caveat the tool is explicit about: on very large JPEGs, the manifest occasionally lives past the first 64 KB. A "not detected" result in those cases means "not in the header". Not definitively "no manifest." For edge cases, point the tool at a single image URL so it has more room.
What the output tells you
Coverage percentage across the scanned images. Which specific images carry credentials. Which have XMP but no C2PA block (a fixable state. You already have the XMP container, you just need to add the signed manifest). And which don't even have XMP, meaning your pipeline is stripping metadata at export and you need to fix the export tool.
The fix prompt asks Claude for a build-time signing pipeline. The Adobe Content Authenticity tools, the CAI JS SDK, or the c2patool CLI. Pick one and chain it into your build. Every image you publish gets signed once; the signing cert is cached; the manifest travels with the file forever.
Why this is a 2026 thing
Three shifts. First, Google and Bing both said publicly they'll use C2PA as an authenticity signal. Not ranking yet, but they're reading. Second, the AI-generated-image problem is pushing publishers to mark human-produced images specifically so they can be distinguished from AI ones. Third, LinkedIn and Instagram both surface "Made by AI" labels automatically when they read a matching C2PA manifest; publishers want the matching "human content creator" label on their legit work.
Chapter 14 of The $100 Network. Dynamic OG Images, Social Cards, and Visual Assets. Covers the image pipeline. Chain C2PA signing into the dynamic-OG step and every card you ship already carries provenance.