← All reference

MIME Types (Content-Type) Reference

File extensions mapped to their correct MIME types — documents, images, audio, video, fonts, archives and code — with a live filter and the Content-Type mistakes that actually break things.

A MIME type (media type) tells the receiver what a byte stream is so it can be parsed, rendered or executed correctly. On the web it travels in the Content-Type header, and getting it wrong has real consequences: browsers refuse to run module scripts served as text/plain, ignore stylesheets with the wrong type, won't render fonts, and APIs reject request bodies they can't identify. This table lists the correct type for the extensions you'll actually serve.

Text & documents

ExtensionMIME typeNotes
.html .htmtext/htmlServe with charset=utf-8
.csstext/cssBrowsers ignore stylesheets with any other type in strict mode
.txttext/plain
.mdtext/markdownRFC 7763; many servers still send text/plain
.csvtext/csvRFC 4180
.pdfapplication/pdf
.rtfapplication/rtf
.docapplication/mswordLegacy Word 97–2003
.docxapplication/vnd.openxmlformats-officedocument.wordprocessingml.documentModern Word
.xlsapplication/vnd.ms-excelLegacy Excel
.xlsxapplication/vnd.openxmlformats-officedocument.spreadsheetml.sheetModern Excel
.pptapplication/vnd.ms-powerpointLegacy PowerPoint
.pptxapplication/vnd.openxmlformats-officedocument.presentationml.presentationModern PowerPoint
.odtapplication/vnd.oasis.opendocument.textOpenDocument text
.odsapplication/vnd.oasis.opendocument.spreadsheetOpenDocument spreadsheet
.odpapplication/vnd.oasis.opendocument.presentationOpenDocument presentation
.epubapplication/epub+zip
.icstext/calendariCalendar events
.vcftext/vcardContact cards
.xmlapplication/xmlRFC 7303; text/xml is an accepted alias
.xhtmlapplication/xhtml+xml

Images

ExtensionMIME typeNotes
.pngimage/png
.jpg .jpegimage/jpegAlways jpeg in the type, even for .jpg
.gifimage/gif
.webpimage/webp
.avifimage/avif
.svgimage/svg+xmlWrong type = broken <img>; can carry scripts, mind your CSP
.icoimage/vnd.microsoft.iconIANA-registered; image/x-icon is the common de-facto alias
.bmpimage/bmp
.tif .tiffimage/tiff
.heicimage/heiciPhone photos; limited browser support
.heifimage/heif

Audio

ExtensionMIME typeNotes
.mp3audio/mpegNot "audio/mp3"
.wavaudio/wavDe-facto standard; audio/x-wav also seen
.ogg .ogaaudio/oggOgg container with Vorbis or Opus inside
.opusaudio/oggOpus in Ogg; raw codec type is audio/opus
.m4aaudio/mp4AAC in an MP4 container
.aacaudio/aacRaw AAC (ADTS)
.flacaudio/flac
.webaaudio/webmAudio-only WebM
.mid .midiaudio/midi

Video

ExtensionMIME typeNotes
.mp4video/mp4The safest choice for web video
.webmvideo/webmVP9/AV1 + Opus
.ogvvideo/ogg
.movvideo/quicktimeQuickTime; patchy support outside Safari
.mkvvideo/x-matroskaUnregistered but universal for Matroska
.avivideo/x-msvideo
.wmvvideo/x-ms-wmv
.mpeg .mpgvideo/mpeg
.3gpvideo/3gppOld mobile video
.m3u8application/vnd.apple.mpegurlHLS playlist
.tsvideo/mp2tMPEG transport stream — HLS segments (not TypeScript!)

Fonts

ExtensionMIME typeNotes
.woff2font/woff2The modern web font format — RFC 8081
.wofffont/woff
.ttffont/ttf
.otffont/otf
.eotapplication/vnd.ms-fontobjectLegacy IE only — drop it

Archives & packages

ExtensionMIME typeNotes
.zipapplication/zip
.gzapplication/gzipRFC 6713; also for .tar.gz / .tgz
.tarapplication/x-tar
.bz2application/x-bzip2
.xzapplication/x-xz
.zstapplication/zstdRFC 8878
.7zapplication/x-7z-compressed
.rarapplication/vnd.rar
.jarapplication/java-archive
.apkapplication/vnd.android.package-archiveAndroid package
.debapplication/vnd.debian.binary-packageDebian/Ubuntu package
.rpmapplication/x-rpmRed Hat package (unregistered but conventional)
.dmgapplication/x-apple-diskimagemacOS disk image
.isoapplication/x-iso9660-imageOptical disc image
.exe .msiapplication/octet-streamOr application/x-msdownload; both trigger a download
.bin (any binary)application/octet-streamThe generic "just bytes" fallback

Code & data

ExtensionMIME typeNotes
.js .mjstext/javascriptRFC 9239 re-blessed text/javascript; application/javascript still works
.jsonapplication/jsonNever "text/json" — see mistakes below
.jsonldapplication/ld+jsonJSON-LD structured data
.ndjson .jsonlapplication/x-ndjsonNewline-delimited JSON streams
.mapapplication/jsonSource maps are plain JSON
.yaml .ymlapplication/yamlRegistered by RFC 9512 (2024); older servers send text/yaml
.tomlapplication/toml
.wasmapplication/wasmRequired exactly — streaming compilation fails on anything else
.webmanifestapplication/manifest+jsonPWA manifest
.rssapplication/rss+xml
.atomapplication/atom+xml
.shapplication/x-shOften served as text/plain to display instead of download
.pytext/x-pythonUnregistered convention
.sqlapplication/sqlRFC 6922
(form posts)application/x-www-form-urlencodedDefault HTML form encoding
(file uploads)multipart/form-dataForms with files; parts carry their own types
(SSE streams)text/event-streamServer-Sent Events

Structure of a MIME type

A media type is type/subtype, optionally followed by parameters: text/html; charset=utf-8. The top-level types you'll meet are text, image, audio, video, font, application (anything that doesn't fit elsewhere) and the composite multipart and message. Subtypes carry structure hints via suffixes — +json, +xml, +zip — so a parser that knows JSON can handle application/ld+json without knowing JSON-LD. Prefixes signal registration trees: vnd. for vendor types (like the Office formats above) and the legacy x- for unregistered types that stuck around.

The charset parameter

For text/* types, charset tells the receiver how bytes map to characters: Content-Type: text/html; charset=utf-8. Omit it and clients guess — historically defaulting to Latin-1, which is where "é" instead of "é" comes from. Always send charset=utf-8 on HTML, CSS, plain text and CSV. JSON doesn't need it: application/json is defined as UTF-8 (RFC 8259), and the parameter has no meaning there — though sending it is harmless.

Multipart types

multipart/* types bundle several bodies into one message, separated by a boundary string declared in the header: Content-Type: multipart/form-data; boundary=----abc123. Each part has its own headers, including its own Content-Type. multipart/form-data is how browsers upload files; multipart/mixed and multipart/alternative structure email (attachments; plain-text + HTML versions); multipart/byteranges answers multi-range requests. When using fetch with a FormData body, don't set Content-Type yourself — the browser must generate the boundary, and a hand-written header without it breaks parsing.

application/octet-stream — the fallback

application/octet-stream means "arbitrary bytes, no promises" — the correct type when you genuinely don't know what a file is. Browsers respond by downloading instead of rendering, which also makes it a deliberate choice for forcing downloads (usually paired with Content-Disposition: attachment). But it's a bug when it leaks onto known types: images won't display inline, PDFs download instead of opening, and WebAssembly won't compile. If your server sends octet-stream for a known extension, its MIME map needs an entry.

Common Content-Type mistakes

MistakeWhy it bitesFix
text/jsonNot a registered type; strict parsers and frameworks reject or mishandle itapplication/json
Missing charset on text/htmlClients guess the encoding — mojibake for any non-ASCII contenttext/html; charset=utf-8
application/font-woff2Never registered; the font tree replaced itfont/woff2
ES modules as text/plainBrowsers enforce strict MIME checking for <script type="module"> — the script silently refuses to runtext/javascript
SVG as text/xml or octet-stream<img src="x.svg"> shows nothingimage/svg+xml
.wasm as octet-streamWebAssembly.instantiateStreaming() throwsapplication/wasm
JSON POST without Content-TypeFrameworks won't parse the body — req.body is empty or the API returns 415application/json
Manually setting multipart boundaryHand-written multipart/form-data header lacks the real boundary; server can't split partsLet the client library set it
Trusting Content-Type on uploadsThe header is attacker-controlled — a PHP shell can claim to be image/pngValidate content server-side (magic bytes)

Related: send X-Content-Type-Options: nosniff so browsers never second-guess your declared types — without it, MIME sniffing can turn a mislabeled upload into executed script.

About this reference

Types marked with RFCs are IANA-registered; a few entries (.mkv, .rpm, .py) are unregistered de-facto conventions, noted as such. When registered and de-facto names differ (like .ico), both are listed. Filtering runs entirely in your browser.

Related tools on this site: inspect what a server actually sends with the HTTP header analyzer, build requests with the right Content-Type using curl-to-code, and test endpoints live with the API tester.