MIME Lookup
Look up MIME type from file extension, or detect from file magic bytes.
How to Use
- For extension lookup: type or paste an extension like <code>.pdf</code>, <code>.json</code>, <code>.zip</code> in the search box. The MIME type appears instantly.
- For magic-byte detection: drop any file. The first few bytes are inspected to determine the actual file type, regardless of extension.
- Some extensions have multiple registered MIME types (e.g., .json maps to both application/json and text/json) — primary listed first.
- Reverse search: type a MIME type to find common extensions for it.
- Use this for HTTP Content-Type headers, upload validation, or detecting mislabeled files.
- Everything runs locally — files dropped here are never uploaded.
Common MIME types
Frequently Asked Questions
What's a MIME type?
Multipurpose Internet Mail Extensions — a string identifying the format of a file or HTTP response, like <code>application/pdf</code> or <code>image/jpeg</code>. Originally for email attachments (RFC 2045, 1996), now used universally on the web for HTTP Content-Type headers, file uploads, and any context where the type of a binary blob matters.
Why use magic bytes instead of extension?
Extensions can lie. A file named <code>resume.pdf</code> might actually be an executable a malicious sender renamed. Magic bytes (the first few bytes of the file content) are dictated by the format itself: PDF starts with <code>%PDF-</code>, JPEG with <code>FF D8 FF</code>, ZIP with <code>50 4B 03 04</code>. Magic-byte detection is the security-relevant way to identify files for upload validation.
What is the IANA media-type registry?
The Internet Assigned Numbers Authority maintains the official list of registered MIME types at iana.org/assignments/media-types. Categories: application/, audio/, image/, video/, text/, model/, font/, multipart/, message/. Vendor-specific subtypes use the vnd. prefix (vnd.openxmlformats-officedocument.wordprocessingml.document = .docx). Custom or experimental types use the x. prefix.
Why do some files have multiple MIME types?
Either historical drift (text/javascript and application/javascript both refer to .js files; the latter is the modern standard) or genuinely different types using the same extension (.bin, .dat). The first listed is generally the primary or most appropriate.
How does the browser pick a MIME type?
When a server returns a file with no Content-Type header, browsers sniff the content (magic bytes) to guess. When uploading via a form, the browser typically reports the file's extension-derived MIME, which servers should re-validate. For security, never trust client-supplied MIME types — always check magic bytes server-side.
What about MIME type 'spoofing' attacks?
Attackers can craft files with deceptive extensions or claim a benign Content-Type to bypass naive validation. Defenses: validate magic bytes server-side, use Content-Disposition headers to force download (not inline), serve user uploads from a different domain, and use the X-Content-Type-Options: nosniff header to prevent browser sniffing of declared types.
Common Use Cases
Setting HTTP Content-Type
Find the correct MIME type to set in your nginx/Apache config or web framework when serving custom file extensions.
Upload validation
Confirm an uploaded file's actual type matches what the user claimed via extension or form.
Email attachment handling
Set the right Content-Type when generating multi-part email attachments programmatically.
API response headers
Pick the right Content-Type for downloadable file responses in REST APIs.
File-type detection in scripts
Cross-reference what magic-byte signatures look like for common formats when writing detection code.
Forensics and incident response
Identify the real type of suspicious files regardless of their reported extension or claimed MIME.
Last updated: