HTTP - Content Type Header

About

The Content-Type is header that specify the mime type of the body of:

The requested mime type of a request is specified by the accept header

Example

Resources MIME type
HTML text/html
JSON text/json
XML text/xml

See the MIME page for more.

Management

Set

This header can be set as all headers. See header set

Example with an html meta

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>

Sniffing

When the Content-Type is not specified, a user agent such as browser may obtain it through sniffing.

Many web servers supply incorrect Content-Type header fields with their HTTP responses. In order to be compatible with these servers, user agents consider the content of HTTP responses as well as the content-Type header fields when determining the effective media type of the response.

Configuration to prevent sniffing with the X-Content-Type-Options header

X-Content-Type-Options: nosniff

The specification document describes an algorithm for determining the effective media type of HTTP responses that balances security and compatibility considerations.

See also mime detection


Powered by ComboStrap