MIME Types Explained: What They Are and How They Work

The Quick Answer

A MIME type is a label that tells browsers and applications what format a file is in. It follows the type/subtype pattern:

MIME Type	Format	Used For
`text/html`	HTML	Web pages
`application/json`	JSON	APIs, config files
`image/png`	PNG	Images
`application/pdf`	PDF	Documents
`video/mp4`	MP4	Video
`font/woff2`	WOFF2	Web fonts

When a server sends a file, it includes the MIME type in the Content-Type HTTP header:

Content-Type: application/json; charset=utf-8

The browser reads this header and decides how to handle the response — render it, play it, or download it.

Why MIME Types Exist

The internet transfers billions of files daily. Without a standard way to identify file formats, browsers would have to guess what to do with every response. MIME types solve this by providing an explicit, machine-readable label for every piece of data.

MIME stands for Multipurpose Internet Mail Extensions. The standard was originally designed in 1996 (RFC 2045) to support attachments in email — which was limited to plain ASCII text. The type/subtype format worked so well that HTTP, APIs, and nearly every internet protocol adopted it.

Today, MIME types are used in:

HTTP headers — Content-Type tells browsers how to handle responses
HTML — <script type="text/javascript">, <style type="text/css">
Email — Identifies attachment formats
APIs — Accept and Content-Type headers negotiate data formats
File uploads — Browsers set the MIME type when submitting forms

The Structure: type/subtype

Every MIME type has exactly two parts separated by a forward slash:

type/subtype

Type is the broad category. There are seven top-level types:

text — Human-readable text (HTML, CSS, plain text, CSV)
image — Image data (PNG, JPEG, SVG, WebP)
audio — Audio data (MP3, WAV, OGG, FLAC)
video — Video data (MP4, WebM, AVI)
application — Binary or structured data (JSON, PDF, ZIP, XML)
font — Font formats (WOFF2, TTF, OTF)
multipart — Multiple data parts combined (form uploads, email)

Subtype is the specific format within that category. Some subtypes include additional suffixes:

image/svg+xml — The +xml suffix indicates SVG is XML-based
application/ld+json — JSON-LD is a JSON-based format
application/vnd.ms-excel — The vnd. prefix marks vendor-specific types

Optional Parameters

A MIME type can include parameters after a semicolon. The most common parameter is charset:

Content-Type: text/html; charset=utf-8
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

For text-based types, always include charset=utf-8 to prevent character encoding issues.

MIME Type vs File Extension

File extensions (.jpg, .pdf) and MIME types (image/jpeg, application/pdf) both identify formats, but they work differently:

File extensions live in the filename and are used by operating systems to pick the right application. They can be changed or removed freely — renaming photo.jpg to photo.txt doesn't change the actual image data.
MIME types live in HTTP headers or file metadata and are set by the server. Browsers use the MIME type, not the file extension in the URL, to decide how to handle a response.

Why this matters: A file at https://example.com/data.txt served with Content-Type: application/json is treated as JSON by the browser, not as plain text. The header always wins.

This distinction is particularly important for security. Modern browsers enforce MIME type checking — a JavaScript file served as text/plain is blocked from executing, even if the <script> tag points to it correctly.

Common MIME Types You Need to Know

Web Fundamentals

Extension	MIME Type	Notes
`.html`	`text/html`	Always include `charset=utf-8`
`.css`	`text/css`	Wrong type = stylesheet ignored
`.js`	`text/javascript`	Official type per RFC 9239
`.json`	`application/json`	Standard for APIs
`.xml`	`text/xml` or `application/xml`	Both are valid; `application/xml` preferred for data
`.wasm`	`application/wasm`	WebAssembly binary

Images

Extension	MIME Type	Notes
`.jpg` / `.jpeg`	`image/jpeg`	Lossy compression, photographs
`.png`	`image/png`	Lossless, supports transparency
`.gif`	`image/gif`	Animations, limited color palette
`.webp`	`image/webp`	Modern format, smaller file size
`.avif`	`image/avif`	Newer format, best compression
`.svg`	`image/svg+xml`	Vector graphics, XML-based
`.ico`	`image/x-icon`	Favicons

Documents and Archives

Extension	MIME Type	Notes
`.pdf`	`application/pdf`	Portable documents
`.zip`	`application/zip`	Compressed archive
`.gz`	`application/gzip`	Gzip compressed
`.docx`	`application/vnd.openxmlformats-officedocument.wordprocessingml.document`	Word document
`.xlsx`	`application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`	Excel spreadsheet
`.csv`	`text/csv`	Comma-separated values

Audio and Video

Extension	MIME Type	Notes
`.mp3`	`audio/mpeg`	Most common audio format
`.mp4`	`video/mp4`	Most common video format
`.webm`	`video/webm`	Open format, good browser support
`.ogg`	`audio/ogg` or `video/ogg`	Depends on actual content
`.wav`	`audio/wav`	Uncompressed audio

How to Configure MIME Types on Your Server

Most web servers handle common MIME types automatically. You need manual configuration mainly for newer formats (AVIF, WOFF2, WebAssembly) or custom file types.

Apache

Add AddType directives to your .htaccess file:

# Modern image formats
AddType image/webp .webp
AddType image/avif .avif

# Fonts
AddType font/woff2 .woff2
AddType font/woff .woff

# Data formats
AddType application/json .json
AddType application/wasm .wasm

Nginx

Edit the mime.types file or add type blocks in your server config:

types {
    image/webp    webp;
    image/avif    avif;
    font/woff2    woff2;
    font/woff     woff;
    application/wasm  wasm;
}

Node.js with Express

Express sets common MIME types automatically via res.sendFile(). For manual control:

res.setHeader('Content-Type', 'application/json; charset=utf-8');
res.send(JSON.stringify(data));

Vercel, Netlify, Cloudflare Pages

These platforms handle MIME types automatically based on file extensions. No manual configuration needed for standard formats. For custom types, check the platform's header configuration docs.

Common Mistakes That Break Websites

Serving JavaScript as text/plain. Modern browsers enforce strict MIME type checking for scripts. If your .js file is served with the wrong Content-Type, the browser refuses to execute it and logs a MIME type mismatch error in the console.

Forgetting charset=utf-8 on text types. Without an explicit charset, browsers may guess the encoding incorrectly, causing garbled characters — especially for languages with non-ASCII characters. Always include charset=utf-8 for HTML, CSS, JavaScript, and JSON responses.

Using deprecated application/x-javascript. The x- prefix was for experimental types. The official registered type for JavaScript is text/javascript (RFC 9239). While browsers still accept the old form, using the standard type avoids confusion.

Serving SVG as text/xml. The correct MIME type is image/svg+xml. Using the wrong type may prevent browsers from rendering SVGs inline or trigger download prompts.

Relying on file extensions for security. A malicious file named innocent.jpg can contain executable code. Never trust the extension — always validate MIME types server-side and, when possible, inspect the file's actual content (magic bytes) before processing uploads.

Confusing application/x-www-form-urlencoded with multipart/form-data. Use application/x-www-form-urlencoded for simple text form fields. Use multipart/form-data when the form includes file uploads. Using the wrong type for file uploads causes the data to be corrupted.

How Browsers Decide What to Do

When a browser receives an HTTP response, it follows this decision chain:

Read the Content-Type header — this is the primary signal
Check for Content-Disposition: attachment — if present, force download regardless of type
MIME sniffing (fallback) — if the header is missing or set to application/octet-stream, some browsers inspect the first bytes of the file to guess the type
Apply security restrictions — scripts and stylesheets must have correct MIME types; mismatches are blocked

You can disable MIME sniffing with the X-Content-Type-Options: nosniff header, which tells browsers to strictly trust the Content-Type header and never guess. This is a recommended security practice.

Frequently Asked Questions

What is a MIME type?

A MIME type is a standardized label that identifies the format of data sent over the internet. It uses the type/subtype format — for example, image/png or application/json. Browsers use the MIME type from the Content-Type header to decide how to render or handle the data.

What is the difference between MIME type and Content-Type?

They refer to the same concept in practice. MIME type is the label itself (text/html). Content-Type is the HTTP header that delivers the MIME type to the browser, sometimes with parameters: Content-Type: text/html; charset=utf-8.

What is the MIME type for JSON?

The MIME type for JSON is application/json. Include charset=utf-8 when setting it in headers: Content-Type: application/json; charset=utf-8.

What is the MIME type for PDF?

The MIME type for PDF is application/pdf.

What is the MIME type for SVG?

The MIME type for SVG is image/svg+xml. The +xml suffix indicates SVG is XML-based.

Are MIME types case-sensitive?

No. MIME types are case-insensitive per the HTTP specification, but the convention is to write them in lowercase.

Where is the official list of MIME types?

IANA maintains the official registry at iana.org/assignments/media-types. It contains thousands of registered types with links to their specifications.

What happens if I don't set a Content-Type header?

Without a Content-Type header, browsers may attempt MIME sniffing — inspecting the file content to guess the type. This is unreliable and can create security vulnerabilities. Always set the Content-Type explicitly.

What is application/octet-stream?

application/octet-stream is the generic MIME type for arbitrary binary data. Browsers typically prompt a file download when they receive this type because they don't know how to display it.

How do I check what MIME type a server is sending?

Open your browser's developer tools (F12), go to the Network tab, click on a request, and look at the Content-Type response header. You can also use curl -I https://example.com/file.json from the command line to see the headers.

What is the correct MIME type for JavaScript?

text/javascript is the official registered MIME type for JavaScript (RFC 9239). Older alternatives like application/javascript and application/x-javascript still work but are not standard.

Should I use text/xml or application/xml?

For XML data consumed by applications, use application/xml. For XML meant to be read by humans (like RSS feeds), text/xml is acceptable. In practice, both work interchangeably in modern browsers.

What is multipart/form-data used for?

multipart/form-data is used for HTML form submissions that include file uploads. The browser splits the form data into multiple parts, each with its own Content-Type and a boundary string separating them.

Can two file extensions have the same MIME type?

Yes. .jpg and .jpeg both map to image/jpeg. .htm and .html both map to text/html. The MIME type is the canonical identifier; extensions are just conventions.

How do I handle unknown file types?

Serve unknown or unrecognized files as application/octet-stream. This prompts a download in the browser and avoids any risk of the content being misinterpreted as executable code.

Use the MIME Type Lookup tool to find the correct Content-Type for any file extension.