How It Works

MIME types (also called media types) are standardized identifiers like text/html, application/json, or image/webp. They appear most often in HTTP headers such as Content-Type, but they also show up in email attachments, multipart form uploads, and messaging systems that need to label binary payloads. The MIME type tells a consumer what to do: render it, download it, parse it as JSON, or treat it as an opaque stream.

File extensions are a human-friendly convention that helps operating systems and users guess what a file is. Extensions matter for search, UX, and default app associations, but they are not authoritative. A malicious or mistaken file can be named invoice.pdf while actually being a script, a ZIP archive, or random bytes. That is why robust systems use more than one signal.

This checker focuses on the “mapping layer”: given an extension, what MIME types are typically associated with it across common server configurations and libraries? And given a MIME type, what extensions are most often used when saving files? The tool uses a curated list of widely used mappings for everyday web formats (HTML, CSS, JS), documents (PDF, Office files), data (JSON, CSV), media (audio/video), and archives (ZIP, TAR, GZIP). It then builds a reverse index so the same dataset supports both directions.

If you provide a declared MIME type (for example, what a browser sent in a multipart upload, or what a server returned in a response header), the checker compares it to the expected MIME list for each extension. A match means the declared value is among the known options. A mismatch means the declared value is not typical for that extension and is worth investigating.

Quick steps

• Choose a mode: check by filename/extension or look up by MIME type.
• Paste input lines: one filename, extension, or MIME type per line.
• Optional validation: add a declared MIME type to detect mismatches quickly.
• Review the report: copy or download the output for sharing and record keeping.

What the tool does not do

• No file sniffing: it does not inspect file bytes or magic numbers. It is a mapping and validation helper.
• No environment assumptions: it does not depend on your server’s installed MIME map, which can vary by OS and configuration.
• No risky guesses: when a format is ambiguous, it reports multiple common MIME types instead of pretending there is only one.

Key Features

Extension → MIME lookup

Enter photo.jpg, .svg, or json and get the expected MIME type(s). This is useful for building allowlists, configuring object storage metadata, or debugging why a browser refuses to render a resource inline. For example, if your CSS file is served with text/plain, some browsers will not apply it as a stylesheet, and strict security headers may block it entirely.

MIME → extensions lookup

Paste MIME types such as application/json, text/csv, or video/mp4 and retrieve common extensions. This helps when an API returns a MIME type and you need to name a downloaded file correctly, when your application generates files dynamically, or when you are creating a support playbook for customers.

Mismatch detection with declared MIME

If a client claims Content-Type: application/pdf but the filename ends with .jpg, you want to know. The checker highlights match versus mismatch so you can fix headers, rename files, or harden upload validation. Mismatches also explain “why did my download open in the wrong app?” issues: the extension suggests one thing, while the header suggests another.

Batch-friendly, line-preserving output

Work in bulk: paste a list from logs, storage listings, or support tickets. The output keeps each original line, the normalized value the tool extracted, and the best-known mapping. This makes it easy to reconcile results with the original source, even when filenames include multiple dots, query-like suffixes, or mixed casing.

Config-ready reporting

The result is plain text and structured for copy/paste into documentation. Use it to create a concise allowlist for upload endpoints, to validate the values you set in Content-Type headers, or to check the mappings you plan to add to a web server, CDN, or object storage metadata rule.

Copy and download output

One click copies the full report to the clipboard, and another downloads it as a plain text file. This is ideal for audits, bug reports, and change requests where you need an artifact. The downloaded file is intentionally simple so it can be attached to issues, pasted into chat, or stored alongside release notes.

Use Cases

• Upload validation: ensure user uploads match allowed types and reduce spoofing risk in forms and APIs.
• API troubleshooting: verify that Content-Type headers align with the files being sent, especially in multipart uploads.
• CDN/object storage metadata: set correct MIME types so browsers cache and render assets properly (CSS, JS, fonts, images).
• Download naming: choose a sensible file extension when you only know the MIME type from an upstream service.
• Email/attachment handling: map attachment names to expected media types for scanners, previews, and policy checks.
• Documentation: generate accurate lists of supported formats for product docs and onboarding guides.
• Security reviews: build allowlists/denylists that consider both extension and MIME, not just one field.

In short, anytime you have a filename on one side and a Content-Type on the other, this checker helps you align them—preventing broken previews, incorrect downloads, and avoidable security gaps. It is also helpful for teams that maintain multiple environments (local, staging, production) where MIME maps can drift over time, producing hard-to-reproduce behavior.

Common symptoms of mismatched types include: browsers downloading files instead of displaying them; fonts failing to load due to incorrect types; JSON endpoints being treated as plain text; CORS or security middleware blocking responses when types do not match expectations; and file previews in SaaS apps showing “unsupported format” even though the underlying data is fine. A quick mapping check can save hours of trial and error.

Optimization Tips

Validate with more than one signal

Extensions and MIME types are helpful hints, but they can be wrong or malicious. For uploads, pair this tool’s mapping with server-side “magic number” detection (file signature sniffing), size limits, and content scanning. Treat client-provided MIME types as untrusted input. If you handle images, consider verifying decodeability rather than trusting headers or names.

Prefer canonical MIME types

Some formats have historical variants (for example, JavaScript can appear as application/javascript or text/javascript; XML can show up as application/xml or text/xml). Pick a canonical value for storage and HTTP responses, then accept known alternates when validating incoming requests. Consistency reduces surprises in browsers, proxies, and downstream services.

Use “nosniff” intentionally

Modern security best practices often include X-Content-Type-Options: nosniff, which tells browsers not to guess a type. With nosniff enabled, incorrect MIME types break rendering more often—especially for scripts and stylesheets. That is a feature, not a bug: it forces correct configuration. Use this tool to verify your asset types before enabling stricter security headers.

Keep your allowlists focused

A broad allowlist increases risk. Use your product requirements to choose the smallest set of extensions and MIME types that still meets user needs. If you only support images, do not allow archives or executables—even if they can technically be served. When you do allow archives, be explicit about which ones and consider scanning contents server-side.

Document the decision

When you pick canonical types and supported extensions, write the decision down. Add the mapping to your codebase, server config, and runbooks. The output from this checker can serve as a quick, human-readable appendix that explains what you accept and why, which reduces churn when new team members join.

FAQ