Free MIME Type Lookup
Search by file extension or MIME type · get the correct Content-Type for serving any file, with notes on the security-sensitive ones.
Frequently asked
Why does serving the wrong Content-Type matter?
Browsers may sniff mislabeled content and execute what should have been inert · the classic path to stored XSS via file upload. Serve exact types and add X-Content-Type-Options: nosniff to disable guessing.
What type should user-uploaded files get?
The verified real type · never the client-supplied one · plus Content-Disposition: attachment for anything you don't intend to render, and a separate cookie-less domain for user content if you can.
Run a full security scan →