This article needs an editorial review. How you can help.
The MIME type is the mechanism to tell the client the kind of document transmitted: the extension of a file name has no meaning on the web. It is, therefore, important that the server is correctly set up, so that the correct MIME type is transmitted with each document. Browsers often use the MIME-type to determine what default action to do when a resource is fetched.
There are many kind of documents and so there are many MIME types. In this article, we will list the most important ones for Web development, but you can find the one fitting a specific kind of document in this dedicated article: Complete list of MIME types.
MIME types are not the only way to convey the document type information:
- Name suffixes are sometimes used, especially on Microsoft Windows systems. Not all operating systems consider these suffixes meaningful (this is not the case on Linux or OS X), and like for an external MIME type, there is no guarantee they are correct.
- Magic numbers. The syntax of the different kind of files often allow to determine the type by looking at the structure. E.g. each GIF files starts with the 47 49 46 38 hexadecimal value [GIF89] or PNG files with 89 50 4E 47 [.PNG]. Not all types of files have magic numbers, so this is not a 100% reliable system either.
On the Web, only the MIME type is relevant and has therefore to be set carefully. Browsers and servers often used heuristics based on suffixes or magic numbers to define the MIME type, to check for coherence, or to find the correct MIME type when only a generic type has been provided.
The structure of a MIME type is very simple; it consists of a type and a subtype, two strings, separated by a
'/'. No space is allowed. The type represents the category and can be a discrete or a multipart type. The subtype is specific to each type.
A MIME type is insensitive to the case, but traditionally is written all in lower case.
text/plain text/html image/jpeg image/png audio/mpeg audio/ogg audio/* video/mp4 application/octet-stream …
Discrete types indicates the category of the document, it can be one of the following:
|Type||Description||Example of typical subtypes|
||Represents any document that contains text and is theoretically human readable||
||Represents any kind of images. Videos are not included, though animated images (like animated gif) are describes with an image type.||
||Represents any kind of audio files||
||Represents any kind of video files||
||Represents any kind of binary data.||
For text documents without specific subtype,
text/plain should be used. Similarly for binary documents without specific or known subtype,
application/octet-stream should be used.
Multipart types indicates a category of document that are broken in distinct parts, often with different MIME types. It is a way to represent composite document. With the exception of
multipart/form-data, that are used in relation of HTML Forms and
POST method, and
multipart/byteranges that are used in conjunction with
Partial Content status message to send only a subset of a whole document, HTTP doesn't handle in a specific way multipart documents: the message is simply transmitted to the browser (that will likely propose a Save As window as it doesn't know how display it inline.)
Important MIME types for Web developers
This is the default value for a binary files. As it really means unknown binary file, browsers usually don't automatically execute it, or even ask if it should be execute. They treat it as if the
Content-Disposition header was set with the value
attachment and propose a 'Save As' file.
This is the default value for textual files. Even if it really means unknown textual file, browsers assume they can display it.
text/plain doesn't means any kind of textual data. if they expect a specific kind of textual data, they will likely not consider it a match. Specifically if they download a
text/plain file from a
<link> element declaring a CSS files, they will not recognize it as a valid CSS files if presented with
text/plain. The CSS mime type
text/css must be used.
Any CSS files that have to be interpreted as such in a Web page must be of the
text/css files. Often servers doesn't recognized files with the
.css suffix as CSS files and send them with
application/octet-stream MIME type: in these cases, they won't be recognized as CSS files by most browsers and will be silently ignored. A special attention has to be paid to serve CSS files with the right type.
Any HTML content should be served with this content. Alternative MIME types for XHTML, like
application/xml+html, are mostly useless nowadays (HTML5 unified these format long ago).
Only a handful of image types are widely recognized and are considered Web safe, that is can be used in a Web page:
|MIME type||Image type|
||GIF images (lossless compression, superseded by PNG)|
||SVG images (vector images)|
There are discussion to add WebP (
image/webp) but as each new type of images increase the size of the codebase, it may introduce new security problems, so browser vendors are very cautious before accepting it.
Other kinds of images can be found in Web documents. For example, a lot of browsers support icon image types for favicons or similar. In particular ICO images are supported in this context, with the
image/x-icon MIME type.
Audio and video types
Like for images, HTML doesn't defines a set of supported types to use with the
<video> elements, so only a small group of them can be used on the Web. The Media formats supported by the HTML audio and video elements explains both the codecs and container formats that can be used.
The MIME type of such files mostly represent the container formats and the most common ones in a Web context are:
|MIME type||Audio or video type|
||An audio file in the WAVE container format. The PCM audio codec (WAVE codec "1") is often supported, but other codecs have much more limited support (if none).|
||An audio file in the WebM container format. Vorbis and Opus the most common audio codecs.|
||A video file, possibly with audio, in the WebM container format. VP8 and VP9 are the most common video codecs used in it; Vorbis and Opus the most common audio codecs.|
||An audio file in the OGG container format. Vorbis is the most common audio codec used in such container.|
||A video file, possibly with audio, in the OGG container format. Theora is the usual video codec used in it; Vorbis is the usual audio codec.|
||An audio or a video file using the OGG container format. Theora is the usual video codec used in it; Vorbis is the usual audio codec.|
multipart/form-data is one of the type of document that can be used when transmitted the content of an HTML Form from the browser to the server. As a multipart document formal, it consist of different part delimited by a boundary (a string starting with a double dash
'--'). Each part is an entity by itself and can have its own HTTP headers,
Content-Type for file uploading fields, being the most common one (
Content-Length is ignored as the boundary line is used as delimiter).
Content-Type: multipart/form-data; boundary=aBoundaryString (other headers associated with the multipart document as a whole) --aBoundaryString Content-Disposition: form-data; name="myFile"; filename="img.jpg" Content-Type: image/jpeg (data) --aBoundaryString Content-Disposition: form-data; name="myField" (data) --aBoundaryString (more subparts) --aBoundaryString--
The following form:
<form action="http://localhost:8000/" method="post" enctype="multipart/form-data"> <input type="text" name="myTextField"> <input type="checkbox" name="myCheckBox">Check</input> <input type="file" name="myFile"> <button>Send the file</button> </form>
send this message:
POST / HTTP/1.1 Host: localhost:8000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=---------------------------8721656041911415653955004498 Content-Length: 465 -----------------------------8721656041911415653955004498 Content-Disposition: form-data; name="myTextField" Test -----------------------------8721656041911415653955004498 Content-Disposition: form-data; name="myCheckBox" on -----------------------------8721656041911415653955004498 Content-Disposition: form-data; name="myFile"; filename="test.txt" Content-Type: text/plain Simple file. -----------------------------8721656041911415653955004498--
multipart/byteranges is used in the context of sending partial responses back to the browser. When the
Partial Content status code is send, this MIME type is used to indicate that the document is composed of several parts, one for each of the requested range. Like for other multipart types, the
Content-Type uses the
boundary directive to define the boundary string. Each of the different parts have a
Content-Type header with the actual type of the document and a
Content-Range with the range they represent.
HTTP/1.1 206 Partial Content Accept-Ranges: bytes Content-Type: multipart/byteranges; boundary=3d6b6a416f9b5 Content-Length: 385 --3d6b6a416f9b5 Content-Type: text/html Content-Range: bytes 100-200/1270 eta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta name="vieport" content --3d6b6a416f9b5 Content-Type: text/html Content-Range: bytes 300-400/1270 -color: #f0f0f2; margin: 0; padding: 0; font-family: "Open Sans", "Helvetica --3d6b6a416f9b5--
Importance of setting the correct MIME type
Most web servers send unknown-type resources using the default
application/octet-stream MIME type; for security reasons, most browsers do not allow setting a custom default action for such resources and force the user to store it to disk to use it. Some common cases of often incorrectly configured servers happens for the following file types:
RAR-encoded files. The ideal would be to be able to set the real type of the encoded files; this often is not possible (as it may not be known to the server and these files may contain several resources of different types). In that case, configure the server to send the
application/x-rar-compressedMIME type or users will not be able to define a useful default action for them.
Proprietary file types. Pay special attention when serving a proprietary file type. Avoid using
application/octet-streamwhen possible as special handling will not be possible: most browsers doesn't allow to define a default behavior (like "Opening in Word") for this generic MIME type.
In the absence of a MIME type, or in some other cases where a client believes they are set wrongly, browsers may conduct MIME sniffing, that is guessing the correct MIME type by looking at the resource. Each browser does this differently and in different circumstances. There are some security concerns about this practice, as some MIME types represent executable content and others do not. Servers can block this MIME sniffing by sending the
X-Content-Type-Options along the