Every time your browser downloads a file, displays an image, plays a video, or renders a webpage, it relies on MIME types to know how to handle the content. MIME (Multipurpose Internet Mail Extensions) types are standardized identifiers that describe the nature and format of a file. Despite their name referencing email, MIME types are foundational to the entire web — without them, browsers would have no way to distinguish an HTML page from a JPEG image or a JSON file.
What Is a MIME Type?
A MIME type consists of two parts separated by a slash: the type and the subtype. For example, text/html identifies an HTML document, image/jpeg identifies a JPEG image, and application/json identifies JSON data. The type indicates the general category (text, image, audio, video, application, multipart, or message), while the subtype specifies the exact format within that category.
MIME types were originally defined in RFC 2045 for email attachments but were adopted by HTTP as the standard way to identify resource types. When a server sends a response, it includes a Content-Type header with the MIME type, telling the browser how to process the response body.
Common MIME Types for Web Development
Text Types
text/html— HTML documents (webpages)text/css— CSS stylesheetstext/javascript— JavaScript files (note:application/javascriptis also valid)text/plain— Plain text filestext/csv— Comma-separated valuestext/xml— XML documents
Image Types
image/jpeg— JPEG photographsimage/png— PNG images (lossless, supports transparency)image/gif— GIF images (supports animation)image/webp— WebP images (modern, efficient format)image/svg+xml— SVG vector graphicsimage/avif— AVIF images (next-gen, highly efficient)
Application Types
application/json— JSON dataapplication/pdf— PDF documentsapplication/zip— ZIP archivesapplication/octet-stream— Binary data (generic, triggers download)application/x-www-form-urlencoded— Form submission encodingmultipart/form-data— File upload encoding
How Browsers Use MIME Types
When a browser receives a response from a server, it checks the Content-Type header to determine how to handle the content. If the type is text/html, it renders the content as a webpage. If it's application/pdf, it opens the built-in PDF viewer. If it's application/octet-stream, it prompts the user to download the file.
MIME type mismatches are a common source of issues. If a server sends an HTML file with Content-Type: text/plain, the browser will display the raw HTML source code instead of rendering it. If a JavaScript file is served with the wrong MIME type, some browsers will refuse to execute it for security reasons. This is called MIME type sniffing, and modern browsers are increasingly strict about enforcing correct types.
MIME Type Sniffing and Security
MIME sniffing is the practice where browsers try to guess the correct MIME type when the server-provided type seems wrong. While this can be helpful, it creates security vulnerabilities. An attacker could upload a malicious HTML file disguised as an image; if the browser sniffs the real type and renders it as HTML, it executes the attacker's script. The X-Content-Type-Options: nosniff header tells browsers not to sniff and to strictly follow the declared MIME type.
Configuring MIME Types on a Server
Most web servers come with pre-configured MIME type mappings. Nginx uses the mime.types file, Apache uses TypesConfig, and most cloud platforms handle this automatically. However, when you add custom file types or serve files from a new framework, you may need to add MIME type mappings manually. RiseTop's tools are all configured with correct MIME types for optimal performance and security.