C2PA Content Credentials Image Demo
(A companion to the relevant videos)
I made this page in WordPress, but the ideas may well work on other website platforms.
This picture (below) has a C2PA Content Credential. You should be able to verify it at contentcredentials.org/verify by downloading the image and dragging it to the verifier page. Or use the button under the picture. Or use a Content Credentials browser extension.

For this first demo, I just FTPed to my webserver and deleted all the renditions of this photo, leaving only the original upload – which of course retains its C2PA Content Credential manifest. It works, in a brute force kind of way. But I wanted something better, thus the next effort below.
Once I got my CORS ducks in a row, I was able to make a URL, as per the C2PA’s instructions, that would send my picture to the Verify page so you can check its credential. I just put it in an ordinary CTA link button. For a real webpage, I’m sure you’ll think of slicker way. With a CORS header sorted out, the “Inspect” button in the popup from my Content Credentials browser extension now works, too.
The link to verify an image is of the form:
https://contentcredentials.org/verify?source=<ASSET_URL>
Like,
https://contentcredentials.org/verify?source=https://c2pa.org/public-testfiles/image/jpeg/truepic-20230212-camera.jpg
The caption on the photo above was placed by WordPress on the page directly from the IPTC caption that was embedded in the photo file. This is standard WordPress behavior. Nothing special here. Just like the image itself, the caption is protected by the Content Credential in that if it is tampered with, the authenticity chain will break. The caption is not recorded in the C2PA manifest, however.
A better way
For this next picture, I left all the renditions in place on my server and specified the image by the discrete URL of the original uploaded image – which has a Content Credential. You can do that with the Add Image by URL button, but a way better way is to add the image normally and then use the Replace button and edit the image’s URL from there. It’s all in the video.

Then.. a responsive image!
Next up, I did a fully responsive image by replacing the Content Credential-less renditions that WordPress put on my server with versions that I made on my desktop that do include Content Credentials. If you make different-sized incognito windows and display this page, this image will be served responsively and retain its Content Credential. Use “save image as…” or a Content Credentials extension to confirm that this is so.

The videos:
The video explaining this page is here:
The video on using Content Credentials in Adobe Lightroom or Capture One is here:
And if you’re having trouble making verify-image links or Content Credentials browser extensions work, a video on setting your CORS (Cross Origin Resource Sharing) header is here: