How exactly could it obfuscate it? You can see every request in its entirety and if you see a request that you can't read, that's already enough reason to not use it. As for delaying it, it would have to store it somewhere like localStorage, which is just as easily inspectable.

If you're worried about that, loading it in a private window and switching to offline mode, then closing it after you're done makes any exfiltration impossible.

I don't know, sorry.

I mean, you can be completely sure that the website works offline by unplugging the cable/turning off your wifi connection after it's completely loaded. But that's just a functional test, not something you can expect users to do during a normal browsing session

If you're this concerned that the app might delay sending until later, I would probably suggest you just use ImageMagick or GraphicsMagick locally instead. I use it all the time for processing photos. If you want to clean exif data look at exiftool. It's in most repos.

This is something the web platform is missing.

I'd like some API for a page to load, then become "offline". Then I can use it, and have the browser block any attempts to send/receive data from anywhere except local storage.