DEV Community

Cover image for Media types (MIME types) in HTTP explained
Archit Sharma
Archit Sharma

Posted on

Media types (MIME types) in HTTP explained

#http #beginners #webdev #security

Media types (formerly known as a MIME types) is a standard way to describe the type and format of data being sent or received over the Internet.
MIME types are defined and standardized in IETF's RFC 6838.
MIME (Multipurpose Internet Mail Extensions) it was originally defined for email attachments but later adopted by HTTP and many other protocols.

Example, when a web server sends a response:

HTTP/1.1 200 OK
Content-Type: text/html

<html>
  <h1>Hello, World!</h1>
</html>
Enter fullscreen mode Exit fullscreen mode

The header Content-Type: text/html tells the browser that the body contains HTML, so it should render it as a web page.

MIME Type in browser console

Structure of a Media Type

A MIME/Media type consists of just two parts: a type and a subtype, separated by a slash (/)

type/subtype
Enter fullscreen mode Exit fullscreen mode

The type is the general data category (e.g., video or text), while the subtype is the specific format within that category (e.g., html or plain for the text MIME type).

For a complete list of all official MIME types, see the IANA (Internet Assigned Numbers Authority) Media Types registry.

Optional parameters

Sometimes, a media type includes optional parameter after a semicolon (;)
Syntax:

type/subtype;parameter=value
Enter fullscreen mode Exit fullscreen mode

For example: text/plain;charset=UTF-8

MIME types are traditionally written in lowercase, but they are case-insensitive. However, their parameter values can be case-sensitive.

MIME types are divided into two major classes based on the structure of their content:

1. Discrete types

Discrete types represent a single file, such as a single text or music file, or a single video. It's commonly used in HTTP bodies for typical web content (HTML, JSON, images, etc.). For example:

  • text/plain - plain text
  • image/jpeg - a JPEG image
  • application/json - a JSON document
  • video/mp4 - an MP4 video file

For text documents without a specific subtype, text/plain is used. For any unrecognized binary file, application/octet-stream is used.

2. Multipart types

Multipart types represent a collection of multiple discrete parts, each with its own headers and MIME type, combined in a single body.
For example:

  • multipart/form-data - used in HTML forms (like file uploads)
  • multipart/mixed - contains different types of content together
  • multipart/alternative - multiple representations of the same content (like HTML + plain text emails)

MIME sniffing

MIME sniffing is the process by which a web browser tries to determine the actual content type of a resource by inspecting its bytes
If a MIME type is missing or seems incorrect, browsers may perform MIME sniffing.

Since MIME sniffing is implemented differently in each browser and can be triggered under various circumstances, it introduces security risks. A malicious file could be misinterpreted as a safe, executable type. To mitigate this, servers can explicitly prevent sniffing by using the X-Content-Type-Options header.

Top comments (0)