MIME Type Checker
Look up extension ↔ MIME type mappings with QA-focused upload-scenario guidance and common Content-Type mistakes.
Runs 100% client-sideOn this page4 sections
32 MIME types
HOW TO USE
- 01Enter a file extension or MIME type to look up its mapping.
- 02Read the QA checks for that type and the upload attack / edge-case scenarios listed.
- 03Use the scenarios (renamed extension, spoofed Content-Type, missing extension) to build upload test cases.
Try it
Look up .csv to confirm the Content-Type to assert is text/csvWHEN TO USE
Use when designing or debugging file-upload test cases, writing Content-Type assertions, or checking whether a server should accept a given file type. Covers the extension-to-MIME mapping, QA checks for each type, and a curated list of upload bypass/edge-case scenarios (renamed extensions, wrong Content-Type header, missing extension) to include in test plans.
WHAT BUGS THIS FINDS
Wrong Content-Type on download
Server returns application/octet-stream for a CSV download instead of text/csv — breaks browser auto-open behaviour.
Missing charset parameter
text/html and text/plain without charset=utf-8 cause encoding failures with non-ASCII content.
Extension spoofing not blocked
Upload endpoint accepts .jpg files that are actually .exe — server trusts extension over Content-Type or magic bytes.
Case-sensitive extension mismatch
Server rejects .PNG but accepts .png — file system case sensitivity causes intermittent upload failures.
QA USE CASES
Design upload acceptance tests
Confirm the MIME type your test should send, and use the scenario list to generate edge cases: wrong extension, spoofed type, uppercase extension.
Assert Content-Type response headers
Look up the correct MIME type to assert in API tests — e.g. CSV downloads should return text/csv, not application/octet-stream.
Debug a rejected upload
Find the expected MIME type for a file extension and compare against what the client actually sends in the Content-Type header.
Generate negative test cases
Use the scenario list to craft security-relevant upload tests: .exe renamed to .jpg, empty file, no Content-Type header.