Content-Type
Request & response Content

Overview

Content-Type indicates the media (MIME) type of the message body. In a request it declares the format being sent; in a response it declares the format being received, so the other side interprets the data correctly.

Details

The value is `type/subtype` (`application/json`, `text/html`, `image/png`, ...) with optional semicolon parameters. Text types should include `charset=utf-8` to prevent mojibake, and `multipart/form-data` uses `boundary=` to delimit parts. For form submissions the common types are `application/x-www-form-urlencoded` (simple fields) and `multipart/form-data` (file uploads).

Server APIs parse a request body based on its Content-Type and return 415 Unsupported Media Type for a type they can't handle. An inaccurate Content-Type on a response makes browsers mishandle content — serving JSON as `text/html`, for instance, can cause rendering and security problems.

When Content-Type is missing or ambiguous, browsers may perform MIME sniffing, inspecting the body to guess a type. This creates XSS risk (e.g. an uploaded file being interpreted as script). The `X-Content-Type-Options: nosniff` response header disables sniffing to prevent this.

Syntax

Content-Type: <media-type>[; charset=<charset>][; boundary=<boundary>]

e.g. Content-Type: application/json; charset=utf-8

Directives / values

charset=<charset>Character encoding of a text body (e.g. utf-8); important for text types.
boundary=<token>Delimiter string separating parts in a multipart body.

Notes

Related headers

Related status codes

Specification