How to Redact a PDF — and Why "Black Box" Redaction Isn't Real Redaction

Updated June 2026 · Covers macOS, Windows, online tools, and browser-only redaction

"How to redact a PDF" is one of the most-searched PDF questions, and one of the most failed. The black rectangle people draw over confidential text in Word, Preview, or an online editor looks final — but the original characters usually survive inside the file, still selectable and copyable. This guide shows what's actually happening at the file-format level, walks through the right way to redact (with the tool that fits each situation), and gives you a 30-second test to verify the result is real before you share it.

Overlay redaction versus content-stream removal Two PDF pages side by side. The left page shows an overlay redaction with a hidden, selectable text layer beneath a black rectangle. The right page shows true content-stream removal with no underlying text. OVERLAY (FAKE) Patient name: John Smith SSN: 123-45-6789 selectable underneath CONTENT-STREAM (REAL) Patient name: SSN: nothing underneath
Both look identical at a glance. Only one survives copy-paste.

The most common redaction failure

Search the news for "redaction failure" and you'll find court filings, government reports, and corporate disclosures where the "redacted" PDF still contained the underlying text. The pattern repeats every few months. It usually isn't malice — it's the tool. The person doing the redaction drew a black rectangle in Word, or Preview, or some online editor, exported to PDF, and assumed the visible result matched the underlying data. It didn't.

The mechanism is mundane. PDFs separate what's drawn on the page from the text content of the page. A black rectangle drawn over text covers the visual rendering but leaves the text content untouched. Any modern PDF reader can read past the rectangle and select the original characters — including search engines, screen readers, and the copy-paste tool built into every browser.

Real-world example. A 2023 court filing in a high-profile antitrust case was filed with black-rectangle redactions over witness names. Within hours, journalists copied the underlying text out of the PDF and published it. The legal team had used Word's highlight-and-export-to-PDF workflow, assuming the rectangles were destructive. They weren't.

How PDFs actually store text

A PDF page is described by a content stream — a sequence of drawing instructions. To render the word Hello at coordinates (100, 200), the content stream contains something like:

BT /F1 12 Tf 100 200 Td (Hello) Tj ET

The string (Hello) is the actual text. It's in the file as plain characters (often compressed, but trivially recoverable). When a PDF viewer renders the page, it executes the content stream and the word appears. When you copy-paste from the rendered view, the viewer pulls the same string out of the content stream.

Now suppose someone draws a black rectangle over the word in their editor. The editor appends a new instruction to the content stream:

BT /F1 12 Tf 100 200 Td (Hello) Tj <-- original text still here ET 0 0 0 rg <-- set fill colour to black 95 195 30 15 re <-- draw rectangle f <-- fill it

The rectangle is drawn after the text, so it visually covers it. But the (Hello) Tj instruction is unchanged. The text is still in the file. Any reader that walks the content stream sees both — and most ignore the rectangle when extracting text.

Overlay redaction vs. content-stream removal

There are two materially different operations both called "redaction" in casual use:

  1. Overlay redaction. Add a black shape on top of the original content. The original survives in the file. This is what Word, Google Docs, macOS Preview, most online "redaction" tools, and some PDF editors do — even when their UI calls it "redact".
  2. Content-stream removal. Parse the content stream, identify the text and image operators that fall inside the redacted area, and delete those operators from the stream. Then write the modified PDF. The redacted content no longer exists in the output file.

Only the second is genuine redaction. The output of the first is functionally a screenshot with embedded plaintext underneath.

The difference also matters for image content. Overlay redaction over a face or signature leaves the original pixels in the file — anyone who decompresses the image stream gets the unredacted picture back. True redaction either removes the image object entirely or replaces it with a blacked-out version compressed back into the same stream slot.

Which tools do which

The table below covers the tools people most often reach for. "Overlay" means the original content survives in the file. "Stream" means the content is removed.

Tool Redaction type File leaves your device? Cost
Essex Redact (this site) Stream No — runs in your browser Free
Adobe Acrobat Pro Stream (if you click Apply) Depends on workflow $23/mo
Microsoft Word "Highlight" → Export PDF Overlay No Included with Office
macOS Preview "Markup" → Save Overlay No Free
Smallpdf / iLovePDF online redact Stream (usually) — but file uploaded Yes — uploaded to their servers Free tier with caps
Foxit PhantomPDF Stream No $129+ one-time
Google Docs / LibreOffice black rectangle Overlay Google: yes; LibreOffice: no Free

The cleanest combinations from a privacy standpoint are Essex Redact (stream removal, files stay on your device, free) and Foxit PhantomPDF (stream removal, local, paid). Adobe Acrobat Pro can do real redaction but the workflow has a footgun — marking is not applying, and many users save after marking, producing a PDF with unredacted content under draft overlay marks.

Why "browser-only" matters for redaction specifically

For most file operations, "the file is uploaded to a server and processed there" is fine. Compressing an image, converting a format, generating a thumbnail — none of those carry sensitive content the recipient shouldn't see. Redaction is the opposite. The entire point is that some specific bytes shouldn't be visible to anyone except your intended audience. Sending the file to a third party to remove those bytes is a contradiction: the bytes you're trying to hide are now sitting on someone else's server.

Online redaction services solve this with promises — "we don't keep your files", "we encrypt in transit", "the file is deleted after 1 hour". Those promises are unverifiable from your side. You uploaded the file. Whether it was deleted afterwards is a policy claim, not a fact about your data.

Browser-only redaction is verifiable. The redaction code runs in the same browser tab you're sitting in. The file never crosses the network. You can prove this with a simple test: open the redaction tool, then disconnect from Wi-Fi, then redact and download. If the tool keeps working, no upload happened — there's no other explanation. Our redaction tool passes this test. Try it below.

Try true PDF redaction in your browser

Our redact tool uses content-stream removal via WebAssembly. Files never leave your device. Free, no signup, no upload, no caps.

Open the redact tool →

The Wi-Fi-off test works on this page too: load it, disconnect, and the tool still redacts.

How to verify your PDF is actually redacted

Regardless of which tool you use, run this two-step verification on every redacted PDF before you share it:

  1. Copy-paste test. Open the PDF in any reader. Click-and-drag across the redacted area as if you were selecting normal text. Then press Ctrl+C (or Cmd+C) and paste into a text editor. If anything appears, the redaction is fake — the underlying text survived.
  2. Text-extraction test. Open a terminal and run pdftotext yourfile.pdf - (the pdftotext tool ships with most Linux distributions and is free for macOS via Homebrew or Windows via the Xpdf project). The output is every text fragment in the file. Search it for any term you intended to redact. If you find it, the redaction is fake.

The text-extraction test is more reliable than the copy-paste test because PDF readers sometimes refuse to select over an overlay even when the underlying text is there. pdftotext doesn't render — it just walks the content stream and reports every string it finds. It bypasses any visual trickery.

If either test surfaces the redacted content, your tool did an overlay rather than a removal. Redo the redaction with a tool that does content-stream removal.

Try true redaction yourself

The redaction tool on this site uses the mupdf engine compiled to WebAssembly. mupdf is the same library that powers many production PDF readers and renderers, and it natively understands content-stream editing. We bundle it, the rendering UI, and the drag-to-mark interaction into a single browser page. The actual redaction code runs in your tab, talks to no server, and writes the output file directly into your downloads folder.

Open the redact tool

Drop a PDF, drag rectangles over what you want gone, click Apply. The output downloads automatically.

Redact a PDF now →

FAQ

Why does my "redacted" PDF still show the original text when I copy and paste?

Because the tool you used drew a black rectangle on top of the text instead of removing it. The original characters are still in the PDF's content stream — any modern PDF reader can select and copy them. This is the most common redaction failure across word processors, online tools, and even some paid desktop apps.

Is redaction in Microsoft Word safe?

No. Highlighting text in black or covering it with a black shape in Word, then exporting to PDF, produces a PDF where the original text remains selectable. Word does not have a true redaction feature. The same applies to Google Docs and LibreOffice.

Does Adobe Acrobat redact properly?

Adobe Acrobat Pro has a true Redact tool that removes content from the underlying stream — but only if you click Apply, not just Mark. Many users save the file after marking but before applying, which produces an unredacted PDF. The Acrobat Standard tier and the free Reader do not include this feature.

Is online redaction safe for confidential documents?

Most online redaction tools upload your file to a server, redact there, and send you a download. The file leaves your device. For legal, medical, or financial documents the right rule is simple: if the redaction tool requires an upload, do not use it for sensitive material. Browser-only WebAssembly tools that run the redaction locally avoid the upload entirely.

How can I verify my PDF is actually redacted?

Open the PDF in any reader. Move your cursor over the redacted area and try to select text with click-and-drag. If nothing highlights and copy-paste produces nothing, the content is genuinely gone. For a stronger test, run pdftotext yourfile.pdf - in a terminal and search the output for any term you intended to redact.

Does redacting a PDF also strip metadata?

Not automatically. PDF metadata — author, title, creation tool, edit history — lives outside the content stream. A real redaction removes the marked text and images but the document properties can still leak information. After redacting, also clear the PDF metadata: Acrobat exposes this under Document Properties, and most PDF libraries can wipe it programmatically.

Can I redact images and signatures, not just text?

Yes. Our redact tool removes image objects that fall inside the marked area, not just text. The output PDF doesn't contain the original image bytes at all — they're stripped from the file along with the text characters.