MIME Types Reference
Quick lookup for file extension MIME types with search and category filtering
Document(17)
application/pdf
application/msword
application/vnd.openxmlformats-officedocument.wordprocessingml.document
application/vnd.ms-excel
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
application/vnd.ms-powerpoint
application/vnd.openxmlformats-officedocument.presentationml.presentation
text/plain
application/rtf
application/vnd.oasis.opendocument.text
application/vnd.oasis.opendocument.spreadsheet
application/vnd.oasis.opendocument.presentation
text/csv
application/json
application/xml
text/html
text/html
Image(15)
image/jpeg
image/jpeg
image/png
image/gif
image/webp
image/svg+xml
image/x-icon
image/bmp
image/tiff
image/tiff
image/avif
image/heic
image/heif
image/vnd.adobe.photoshop
image/raw
Audio(10)
audio/mpeg
audio/wav
audio/ogg
audio/mp4
audio/flac
audio/aac
audio/x-ms-wma
audio/aiff
audio/midi
audio/midi
Video(12)
video/mp4
video/webm
video/x-msvideo
video/quicktime
video/x-ms-wmv
video/x-flv
video/x-matroska
video/mp4
video/mpeg
video/mpeg
video/3gpp
video/mp2t
Archive(9)
application/zip
application/vnd.rar
application/x-7z-compressed
application/x-tar
application/gzip
application/x-bzip2
application/x-xz
application/x-iso9660-image
application/x-apple-diskimage
Code(31)
application/javascript
application/javascript
application/typescript
application/typescript
application/javascript
text/css
text/x-scss
text/x-sass
text/x-less
text/x-python
text/x-java
text/x-c
text/x-c++
text/x-c
text/x-c++
text/x-csharp
text/x-go
text/x-rust
text/x-ruby
text/x-php
text/x-swift
text/x-kotlin
application/sql
application/x-sh
application/x-sh
application/x-yaml
application/x-yaml
application/toml
text/x-ini
text/x-vue
text/x-svelte
Font(5)
font/woff
font/woff2
font/ttf
font/otf
application/vnd.ms-fontobject
Other(16)
application/vnd.microsoft.portable-executable
application/x-msi
application/vnd.android.package-archive
application/octet-stream
application/vnd.debian.binary-package
application/x-rpm
application/java-archive
application/java-archive
application/x-shockwave-flash
application/x-chrome-extension
application/x-xpinstall
application/x-bittorrent
text/calendar
text/vcard
application/epub+zip
application/x-mobipocket-ebook
What is a MIME Type?
MIME types (Multipurpose Internet Mail Extensions) are an internet standard for indicating the nature and format of documents, files, or byte streams. Browsers and servers use MIME types to determine how to handle received content. For example, when a browser receives image/jpeg, it displays an image; application/pdf might open a PDF preview. Setting correct MIME types is crucial for web applications to function properly. MIME types describe what kind of content a file or HTTP response contains, such as text/html, application/json, image/png, or application/pdf. They affect browser rendering, downloads, API parsing, upload validation, caching, and security behavior. File extension and MIME type do not always match, so checking them matters when diagnosing server configuration, unknown files, or upload problems. For security, MIME types should not be trusted blindly; content inspection, extension rules, and an explicit allowlist should be used together.
How to Use
Quick Reference
- Use the search box to find specific extensions or MIME types
- Click category tags to filter by file type category
- Click 'Ext' or 'MIME' buttons to copy corresponding content
- Browse categories for quick lookup: documents, images, audio, video, archives, code, fonts, etc.
Lookup Notes
- MIME types are conventions used by servers, browsers, and applications; file extension alone is not proof of actual content.
- For uploads and security checks, validate both declared MIME type and file signature when possible.
Use Cases
Technical Principle
MIME types (Multipurpose Internet Mail Extensions) are standardized identifiers for data formats, originally defined in RFC 2045/RFC 2046 for email attachments and later adopted by HTTP (RFC 7231 §3.1.1.5) for web content negotiation. A MIME type is structured as type/subtype — the type declares the broad category (text, image, audio, video, application, multipart, font, model) and the subtype specifies the exact format (e.g., text/html, image/png, application/json). Optional parameters follow a semicolon (text/html; charset=utf-8). The Internet Assigned Numbers Authority (IANA) maintains the official MIME type registry at iana.org/assignments/media-types. Registration follows RFC 6838, which defines a review process requiring a specification document, security considerations, and interoperability notes. Unregistered types can use the x- prefix (e.g., application/x-tar) as a convention for experimental or vendor-specific formats, though RFC 6648 recommends avoiding the x- prefix in favor of proper registration. In HTTP, the Content-Type header tells the client how to interpret the response body. A server returning Content-Type: image/svg+xml triggers the browser's SVG renderer; Content-Type: application/octet-stream triggers a download prompt because the browser cannot determine the format. The browser also uses MIME type information for MIME sniffing — when a server omits Content-Type or sends a generic type, the browser may inspect the first few bytes of the response (magic bytes) to guess the actual format. This behavior is controlled by the X-Content-Type-Options: nosniff header, which disables sniffing and requires the server to declare the correct type. For file uploads, the Accept header tells the server what MIME types the client expects in response, while the input element's accept attribute restricts the file picker to specific types (e.g., accept="image/png, image/jpeg"). On the server side, uploaded files should be validated by both their declared MIME type and their file signature (magic bytes), as neither alone is trustworthy — a file named image.png with Content-Type: image/png could contain executable code. The tool serves as a reference for looking up the canonical MIME type for a given file extension, covering 100+ common formats across eight categories.
- RFC 2046 structure: type/subtype — the type indicates the broad content category and the subtype the exact format; optional parameters follow a semicolon (text/html; charset=utf-8) and are case-insensitive by spec, though lowercase is the convention.
- IANA registration (RFC 6838): New media types require a specification document, security considerations section, and interoperability notes — the review process ensures types are well-documented and conflicts are avoided before they enter the registry.
- HTTP Content-Type header: The server declares the MIME type of the response body; browsers use it to select the appropriate renderer (HTML parser, image decoder, PDF viewer) or trigger a download — an incorrect Content-Type is the most common cause of 'file downloads instead of displaying' bugs.
- MIME sniffing and X-Content-Type-Options: When Content-Type is missing or generic, browsers may inspect magic bytes to guess the format — X-Content-Type-Options: nosniff disables this behavior and requires an exact Content-Type match, which is a security best practice.
- application/octet-stream: The generic binary fallback type — browsers treat it as an opaque stream and trigger a download, making it the safest default when the server cannot determine the format, but it prevents in-browser preview of otherwise displayable content.
- File upload validation: The input accept attribute filters the file picker client-side, but server-side validation must check both the declared Content-Type and the file's magic bytes — a mismatch between extension, MIME type, and file signature is a red flag for malicious uploads.
- Vendor-specific and experimental types: The x- prefix convention (application/x-tar, video/x-matroska) predates the formal registration process — RFC 6648 recommends migrating these to proper IANA-registered types where possible, but many remain in widespread use.
Examples
Nginx mime.types configuration
types {
text/html html htm;
image/jpeg jpg jpeg;
application/pdf pdf;
application/javascript js;
}
Note: each line maps a MIME type to one or more file extensions; Nginx serves the type in the Content-Type header
IANA: https://www.iana.org/assignments/media-types/ maintains the official registryHTTP Content-Type response header
Content-Type: application/json; charset=utf-8
Note: charset is optional but recommended for text/* and application/json; clients use it to decode the body correctly
RFC: RFC 7231 section 3.1.1.5 defines Content-Type header semantics
MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-TypeBrowser Blob constructor
const blob = new Blob([data], { type: 'application/pdf' });
const url = URL.createObjectURL(blob);
Note: the type becomes the Content-Type when the blob is later downloaded or uploaded; pick a specific subtype to avoid application/octet-stream
MDN: https://developer.mozilla.org/en-US/docs/Web/API/Blob/Blob documents the type parameterCommon MIME types by category
Text: text/plain, text/html, text/css, text/javascript, text/markdown
Image: image/jpeg, image/png, image/gif, image/webp, image/svg+xml
Audio: audio/mpeg, audio/wav, audio/ogg, audio/aac
Video: video/mp4, video/webm, video/ogg
Application: application/json, application/pdf, application/xml, application/zip
IANA categorizes these in the Media Types registry under top-level type namesFAQ
What is a MIME type and why does it matter?
A MIME type (Multipurpose Internet Mail Extensions, also called media type) is a short label like text/html, image/png, or application/json that tells receiving software how to interpret a stream of bytes. Browsers, mail clients, file uploaders, and APIs all key off it to decide whether to render, download, parse, or reject content.
How is MIME type different from a file extension?
The extension is part of the filename and is purely a naming convention. The MIME type is sent over the network in the Content-Type header. They are usually consistent (.png ↔ image/png), but a server can serve any extension with any MIME type, and browsers trust the header much more than the extension. Aligning the two is good hygiene; relying on the extension for security is a bug.
What does application/octet-stream mean?
It is the generic 'arbitrary binary data' MIME type. Browsers receiving it will offer a download instead of trying to render the content. Servers fall back to it when they cannot identify the format, which usually means a missing or misconfigured MIME mapping. Replace it with the correct specific type whenever you can.
Can I trust Content-Type to validate uploaded files?
Not on its own. Anyone can claim image/png while uploading an executable. Always sniff the actual bytes (magic numbers, PNG header 89 50 4E 47, PDF header %PDF-, ZIP header PK), check the file extension, enforce a server-side allowlist, and limit file size. Browser-derived MIME on uploads is a hint, not proof.
Why does a download save the wrong filename or extension?
Browsers pick the saved name from the Content-Disposition header, the URL path, and the MIME type, in that order. If the server returns text/html for a PDF download, the browser may save it with .html. Set Content-Disposition: attachment; filename="name.pdf" and the correct application/pdf MIME type to avoid surprises.
How do I find the right MIME type for a custom or rare format?
Check the IANA media type registry first (iana.org/assignments/media-types). For unregistered or vendor-specific formats, the convention is application/vnd.* or application/x-* (e.g. application/vnd.api+json, application/x-7z-compressed). Use the closest standard match before inventing a new one.
Why do .json and .js show different MIME types?
JSON is data and uses application/json. JavaScript is executable code served as text/javascript or application/javascript (RFC 9239 made text/javascript the recommended one). Mixing them up matters: a script tag will refuse to execute application/json, and some servers reject application/javascript when they only accept the text variant.