How to Audit PDF Tool Network Requests

Audit worksheet

Before testing, create a simple worksheet with these fields:

| Field | Example | | --- | --- | | Tool route | /tools/merge-pdf | | Browser and version | Chrome 134 | | Test file name and size | audit-sample-2mb.pdf | | Time window tested | 14:05 to 14:12 CET | | Result | Pass / Needs review |

This prevents ad-hoc interpretation later.

Step-by-step method

Step 1 - Prepare a clean environment

• open private/incognito session
• disable non-essential extensions
• clear old Network entries

Step 2 - Establish baseline traffic

Load the page and wait for initial static traffic to settle. Mark this as baseline.

Step 3 - Trigger one operation

Select a file and run one complete action from selection to download.

Step 4 - Inspect only operation-window requests

Review requests created during the operation window. Capture:

• request URL
• content type
• request body preview
• payload size

Red-flag criteria

| Signal | Risk level | Interpretation | | --- | --- | --- | | Multipart request created immediately after file pick | High | Likely upload path | | Binary payload matching file size pattern | High | Possible file transfer | | Only static assets and tiny telemetry events | Low | No file transfer evidence in this run | | Processing works fully offline after first load | Low | Strong indicator of local execution |

Decision rule

Use a strict decision rule for consistency:

• Pass: no binary/multipart file payload observed in operation window.
• Needs review: ambiguous payload or unclear route behaviour.
• Fail: clear file-body transfer to remote endpoint.

Document the decision and reviewer name.

Re-test cadence

Re-run this audit when:

• browser major version changes
• tool architecture changes
• your team introduces a new document type workflow

That cadence keeps trust checks practical and current.