MIME Type Detector Free Online Tool 2026

Last updated March 22, 2026

Detecting MIME Type by File Extension

Upload or enter a filename and the detector maps the extension to its MIME type:

File: report.pdf
Detected MIME type: application/pdf
Category: Application
Common uses: Document viewing, printing
Associated extensions: .pdf

File: logo.png
Detected MIME type: image/png
Category: Image
Common uses: Web images, icons, screenshots
Associated extensions: .png

File: data.json
Detected MIME type: application/json
Category: Application / Data
Common uses: REST APIs, configuration files, data exchange
Associated extensions: .json

Magic Byte Detection for Unknown Extensions

A file named upload_12345 has no extension. The detector reads its magic bytes:

File: upload_12345
Magic bytes (hex): FF D8 FF E0
Detected MIME type: image/jpeg
Detection method: Magic byte signature
Note: File extension is missing — MIME type determined from binary content

JPEG files always start with FF D8 FF. This detection is reliable even when someone renames a file to hide its type. PNG files start with 89 50 4E 47, PDF files with 25 50 44 46, and ZIP files with 50 4B 03 04.

Detecting a Renamed Malicious File

An attacker uploads a file named profile-photo.jpg that is actually a PHP script:

File: profile-photo.jpg
Extension suggests: image/jpeg
Magic bytes: 3C 3F 70 68 70 (ASCII: <?php)
Detected MIME type: text/x-php
WARNING: File extension does not match content
Security risk: This file could execute server-side code if saved to a web-accessible directory

This is exactly why server-side MIME validation using magic bytes is critical for file upload systems. Never trust the extension alone.

Common Web Development MIME Types

Reference table of frequently used MIME types in web development:

• text/html — HTML documents
• text/css — CSS stylesheets
• application/javascript — JavaScript files
• application/json — JSON data
• application/xml — XML data
• image/jpeg — JPEG images
• image/png — PNG images
• image/svg+xml — SVG vector graphics
• image/webp — WebP images
• video/mp4 — MP4 video
• audio/mpeg — MP3 audio
• application/pdf — PDF documents
• application/zip — ZIP archives
• multipart/form-data — File upload form submissions
• application/x-www-form-urlencoded — Standard form submissions

Debugging a Content-Type Header Issue

A CSS file is not being applied in the browser. Check the server response:

GET /styles/main.css HTTP/1.1

HTTP/1.1 200 OK
Content-Type: text/plain

The server is sending text/plain instead of text/css. Browsers refuse to apply stylesheets served with the wrong MIME type. Use the detector to confirm the correct type, then fix your server config:

# Apache .htaccess
AddType text/css .css

# Nginx
types {
    text/css css;
}

API Content-Type Validation

A REST API endpoint receives a file upload. Validate the MIME type server-side:

// Node.js example using file-type library
import { fileTypeFromBuffer } from 'file-type';

app.post('/upload', async (req, res) => {
  const buffer = req.file.buffer;
  const type = await fileTypeFromBuffer(buffer);

  const allowed = ['image/jpeg', 'image/png', 'image/webp'];
  if (!type || !allowed.includes(type.mime)) {
    return res.status(400).json({ error: 'Invalid file type' });
  }

  // Safe to process
});

The detector helps you identify which MIME types to include in your allowlist and verify that your validation logic is working correctly.

MIME Types for API Responses

Setting the correct Content-Type in API responses ensures clients parse the data correctly:

# JSON response
Content-Type: application/json; charset=utf-8

# XML response
Content-Type: application/xml; charset=utf-8

# CSV download
Content-Type: text/csv
Content-Disposition: attachment; filename="export.csv"

# Binary file download
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="data.bin"

Use application/octet-stream as a fallback for binary files with no more specific MIME type — it tells the browser to download the file rather than try to display it.

Image Format MIME Type Detection

Detecting the format of images received from external sources:

File: banner.webp
Detected MIME type: image/webp
Magic bytes: 52 49 46 46 ... 57 45 42 50 (RIFF....WEBP)
Browser support: Chrome, Firefox, Edge, Safari 14+
Fallback needed: Yes, for older Safari versions

File: icon.svg
Detected MIME type: image/svg+xml
Detection method: Content sniffing (XML with SVG root element)
Security note: SVG files can contain embedded JavaScript — sanitize before displaying user-uploaded SVGs

Multipart Form Data MIME Type

File uploads use a special MIME type with a boundary parameter:

Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="file"; filename="photo.jpg"
Content-Type: image/jpeg

[binary file data]
------WebKitFormBoundary7MA4YWxkTrZu0gW--

The outer MIME type is multipart/form-data and each part has its own Content-Type. The detector identifies both the container format and the embedded file type.

Security Considerations by MIME Type

The detector flags these MIME types as requiring special security attention:

• text/html — Can execute scripts; never serve user-uploaded content as HTML
• application/javascript — Executes in browser; validate source before serving
• image/svg+xml — SVG can contain embedded scripts; sanitize user uploads
• application/x-httpd-php — PHP scripts; never allow upload to web-accessible directories
• application/x-sh — Shell scripts; treat as dangerous executable content

Always validate MIME types using magic byte detection on the server, not just the Content-Type header sent by the client, which can be spoofed.