For example, when you upload a PNG image to a website, the browser adds 'Content-Type: image/png' to the request header. When you send a JSON string, the browser will add 'Content-Type: application/json', for XML strings it will add 'Content-Type: application/xml', etc.
Below is an example of an HTTP request to send a JSON string to the server. The 'Content-Type: application/json' header tells the server that the request body contains a JSON string.
When the server returns a JSON string, it indicates the data type with 'Content-Type: application/json' header.
The Content-Type header has been added since HTTP 1.0. Setting this header is critical for both the request and the response and allows the client to control the way the server interprets the request. Properly used Content-Type headers help to avoid Content-Type Sniffing (or MIME Sniffing) attacks.
Syntax
The Content-Type header has a set of parameters that differs for the different types. Most parameters are applied only to certain content-types.
- Content-Type: text/html; charset=utf-8
- Content-Type: multipart/form-data; boundary=data_separator
Directives
- Media-type: Multipurpose Internet Mail Extensions (MIME) type of the data.
- Charset: character encoding in which the data will be received. The default charset is ISO-8859-1.
- Boundary: required for multipart entities and is used to enclose the boundaries of the message parts.
Content-Type Header Examples
Application
- application/json
- application/xml
- application/zip
- application/javascript
- application/x-www-form-urlencoded
- application/octet-stream
Image
- image/png
- image/jpeg
- image/svg+xml
- image/x-icon
- image/gif
Text
- text/html
- text/css
- text/plain
Multipart
- multipart/form-data
- multipart/mixed
Audio
- audio/mpeg
Video
- video/mp4
- video/mpeg