MIME types vs file extensions — why we have both

Extensions are a filename convention; MIME types are the declaration sent over the wire. When they disagree, browsers and mail clients get fooled — and so do security tools.

By FileHint editorial teamSupervised by Netwiz LLCUpdated 2026-04-22Editorial policy

One-line answer

Extension (.pdf) — the tail of a filename. The OS uses it to decide which app to launch.
MIME (application/pdf) — a declaration sent in HTTP or email: "the bytes that follow are this kind of content".

Why both exist

Users can rename extensions freely. Attackers exploit that to disguise .exe as .jpg or vice versa.
MIME is set by servers and mail clients, letting the receiver decide how to render or handle the bytes.

What happens when they disagree

A browser expects a PDF, receives an EXE, and downloads a malware payload instead of previewing.
An uploaded image served with Content-Type: text/html becomes an XSS vector.

Server-side defences

Validate both extension and MIME during upload.
Sniff the first bytes with something like the File Signature Checker before serving.
Set X-Content-Type-Options: nosniff to stop browsers from guessing types.

Related

File Signature Checker

Related extensions

References

IANA Media Types Registry