Content-TypeContent-Type indicates the media (MIME) type of the message body. In a request it declares the format being sent; in a response it declares the format being received, so the other side interprets the data correctly.
The value is `type/subtype` (`application/json`, `text/html`, `image/png`, ...) with optional semicolon parameters. Text types should include `charset=utf-8` to prevent mojibake, and `multipart/form-data` uses `boundary=` to delimit parts. For form submissions the common types are `application/x-www-form-urlencoded` (simple fields) and `multipart/form-data` (file uploads).
Server APIs parse a request body based on its Content-Type and return 415 Unsupported Media Type for a type they can't handle. An inaccurate Content-Type on a response makes browsers mishandle content — serving JSON as `text/html`, for instance, can cause rendering and security problems.
When Content-Type is missing or ambiguous, browsers may perform MIME sniffing, inspecting the body to guess a type. This creates XSS risk (e.g. an uploaded file being interpreted as script). The `X-Content-Type-Options: nosniff` response header disables sniffing to prevent this.
Content-Type: <media-type>[; charset=<charset>][; boundary=<boundary>]e.g. Content-Type: application/json; charset=utf-8
charset=<charset> | Character encoding of a text body (e.g. utf-8); important for text types. |
boundary=<token> | Delimiter string separating parts in a multipart body. |