ZeroTool Workbench

MIME Type Lookup

Free browser-based MIME type lookup. Find the Content-Type for any file extension, reverse-search by MIME, and detect file type by magic bytes — 100% client-side, no upload.

100% Client-Side Your data never leaves your browser Free · No Sign-Up

Related Tools

HTTP Status Codes Searchable reference for all HTTP status codes (1xx–5xx) with descriptions and use cases. URL Parser Parse any URL into its components: protocol, host, port, path, query parameters, and hash. Instant browser-native parsing. File Hash Checker Compute SHA-256, SHA-1, SHA-384, SHA-512, and MD5 checksums of any local file in your browser. No upload — verify download integrity privately and compare against an expected hash. JWT Decoder Decode and inspect JWT header, payload, and signature. Highlights expiry status and timestamp claims. HMAC Generator Generate HMAC signatures using SHA-256, SHA-384, or SHA-512. Hex and Base64 output. Runs entirely in your browser. cURL to Code Converter Convert cURL commands to Python, JavaScript, Go, PHP, and Node.js code instantly.

How to use

  1. Type an extension (with or without the leading dot), a MIME type, or any keyword into the search box. The list updates as you type.
  2. Use the category chips to scope the result list to application, image, audio, video, text, font, multipart, message, or model types.
  3. Click Copy on any result to put the Content-Type string on your clipboard, ready to paste into a header or API request.
  4. Switch to the Sniff file tab and drop a local file to see its detected MIME, likely extensions, the first 16 bytes in hex, and what the browser would have reported. Nothing is uploaded.

What MIME types actually are

A MIME type — formally a media type — is a two-part identifier that tells software how to interpret a sequence of bytes. The top-level type names a coarse family (image, audio, video, text, application, multipart, message, model, font), the subtype names the specific format (image/png, application/pdf, text/csv). The full grammar is defined in RFC 6838 and registered with IANA. Web servers send them in the Content-Type header, browsers use them to pick a renderer, and APIs use them to negotiate request bodies.

How the magic-bytes sniffer works

Every binary format starts with a recognizable fingerprint — a fixed sequence of bytes the parser uses to confirm the file is what its extension claims. PNG begins with 89 50 4E 47 0D 0A 1A 0A, JPEG with FF D8 FF, PDF with %PDF, ZIP with 50 4B 03 04. The tool slices the first 64 bytes of your file through File.slice(), hands them to FileReader, and walks about thirty signatures looking for the first match. Some signatures live at non-zero offsets: MP4 looks for ftyp at byte 4, the tar format checks the ustar magic at byte 257.

Why this matters for upload validation

Trusting the file extension or the browser-reported MIME alone is a classic upload vulnerability. A user can rename shell.php to image.png and the browser will gladly report image/png as the type. A byte-level sniff on the server is the only reliable defense, and this tool exists so you can rehearse the same check locally before writing the server code. Compare the three columns the Sniff tab shows — detected MIME, likely extensions, browser File.type — and you will see in seconds which inputs would slip past a naive validator.

Container formats and the ZIP problem

Modern productivity formats are containers built on top of older formats. A .docx is a ZIP archive of XML, a .xlsx is the same with different XML inside, .pptx, .epub, .apk, and .jar all share the ZIP magic bytes. When the sniffer reports application/zip, the tool calls this out — to recover the inner format you need to read the central directory entries inside the archive. The Detected MIME stays accurate at the byte level; the application-level type takes one more step.

Common use cases

  • Setting the right Content-Type for S3 / Cloudflare R2 uploads so browsers do not download files instead of displaying them.
  • Picking the correct Accept values when calling third-party APIs.
  • Debugging why a CDN serves a .webp with the wrong type and blocks AVIF negotiation.
  • Auditing user uploads in the browser before the file leaves the page, as a cheap first filter.
  • Confirming what extension a downloaded blob really is when the server forgot to set Content-Disposition.

Limits by design

This tool is a lookup table and a magic-bytes sniffer. It is not a virus scanner, not a permission gate, and not a parser for the inner structure of container formats. Pure text formats with no fixed header — CSV, JSON, plain text, source code — are reported via the browser’s File.type when no binary signature matches. For text-content sniffing beyond what the extension implies, use a server-side library tuned to your domain.

FAQ

Where does the MIME database come from?

The catalog is a curated snapshot of the IANA Media Types registry combined with the RFC 6838 top-level types. It is baked into the page at build time, so lookups work fully offline and do not call any external API. Roughly 240 entries cover application, image, audio, video, text, font, multipart, message, and model types.

Does the file sniffer upload my file?

No. The sniffer uses the browser File API to read only the first 64 bytes of the file you drop. The page never sends the bytes anywhere — the entire detection pipeline is JavaScript running on your machine. You can disconnect from the network and the tool will still work.

Why does the sniffer disagree with the file extension?

Many real-world formats are containers in disguise. A docx, xlsx, pptx, EPUB, or JAR is structurally a ZIP archive, so its magic bytes say application/zip. The page surfaces both the byte-level type and the extension's nominal type so you can validate uploads server-side without trusting client-side claims.

What about formats with no fixed binary header?

CSV, JSON, SQL, source code, and other plain-text formats have no reliable header. When no signature matches, the tool falls back to the browser's File.type — which the operating system derives from the extension — and clearly labels the fallback so you do not mistake it for a magic-bytes detection.

Can I use the search panel as a Content-Type header reference?

Yes. The value shown next to each result is exactly what you put in HTTP Content-Type, Accept, or Content-Disposition headers, as well as S3 metadata, fetch() options, and similar API surfaces. The extension column is provided for convenience and is not part of the header value.