What Is an Appropriate Content-Type Header for JavaScript Files

What is an appropriate content-type header for JavaScript files?

According to the IANA Registered MIME media type list, JS has two registered MIME types; the obsolete text/javascript and the now official application/javascript.

Thus, use application/javascript.

Difference between application/x-javascript and text/javascript content types

text/javascript is obsolete, and application/x-javascript was experimental (hence the x- prefix) for a transitional period until application/javascript could be standardised.

You should use application/javascript. This is documented in the RFC.

As far a browsers are concerned, there is no difference (at least in HTTP headers). This was just a change so that the text/* and application/* MIME type groups had a consistent meaning where possible. (text/* MIME types are intended for human readable content, JavaScript is not designed to directly convey meaning to humans).

Note that using application/javascript in the type attribute of a script element will cause the script to be ignored (as being in an unknown language) in some older browsers. Either continue to use text/javascript there or omit the attribute entirely (which is permitted in HTML 5).

This isn't a problem in HTTP headers as browsers universally (as far as I'm aware) either ignore the HTTP content-type of scripts entirely, or are modern enough to recognise application/javascript.

What 'Content-Type' header to use when serving gzipped files?

Compressed content in the response is indicated in the Content-Encoding. The Content-Type should remain the same, that is, it should reflect the underlying media type that is compressed.

Content-Type: application/javascript
Content-Encoding: gzip

See sections 14.11 Content-Encoding and 3.5 Content Codings of RFC 2616 for more information.

What content-type's execute javascript in the browser?

I don't know of a full list, and it may well be that no such list exists publicly. You may have to find out for yourself. (Although I don't think anything speaks against setting up a test page with a number of iframes, and asking the SO community to provide data with their respective browsers. It's been done before.)

In Internet Explorer, this one should definitely be on the list:

• application/hta for Hypertext Applications

Candidates that I would test for (because it's conceivable a careless programmer might activate them for HTML parsing) include:

• application/form-data
• text/xhtml+xml (used to be proposed in 2000, no idea what happened to that)

However, I tested those with both Chrome 9 and the latest Firefox, and they reject everything except text/html. Firefox shows them as downloadable resources instead, which I think eliminates them from your equation as any JS therein will be executed in the local context rather than the URL's. (IE is executing everything including text/plain for me, but I think that is a header mixup with my server.)

If you want to go for hard-core sure for the Open Source browsers, check their source code or ask on their mailing lists/forums. I have a feeling the good ones have text/html hard-coded.

Edit: Arrgh! Firefox, Chrome and IE parse HTML, and execute scripts, regardless of content type - I successfully managed to set Content-type: text/poppycock - when the resource's extension is .htm or .html. That means that you have to test not only for MIME types, but for file extensions (which should not play any role in HTTP) as well. Didn't know that - this was probably introduced to fix the output of broken web servers. Stuff like this is why I don't work in IT security :)

All tests made on Windows 7.

When serving JavaScript files, is it better to use the application/javascript or application/x-javascript

According to the IETF's ECMAScript Media Types Updates as of 22 February 2021, the RFC-4329 is obsolete.

Therefore:

• text/javascript is a recommended standard (both by IETF and by MDN)
• application/x-javascript was experimental while deciding to move to…
• application/javascript is obsolete

JavaScript: Set Content-Type header on Response Object

I figured it out right after posting:

new Response(
    "response body here...",
    {
        status: 200,
        headers: new Headers({
            "content-type": "text/html;charset=UTF-8",
        }),
    },
)

You need to use the Headers constructor and set it under the "headers" key, then you can set whatever response headers you want.

Set Content-Type header to multipart?

I guess it's too late to answer this but in case someone came across with the same problem.

The error in your code is here:

data: {
    'files': file
}

Your form data object already has the information of the field your backend is expecting so, you need to change that line for:

data: file

If you've created the FormData object manually you'll probably have something like this:

var fd = new FormData();
fd.append("files", $scope.file);

Which JSON content type do I use?

For JSON text:

application/json

The MIME media type for JSON text is application/json. The default encoding is UTF-8. ^{(Source: RFC 4627)}

For JSONP (runnable JavaScript) with callback:

application/javascript

Here are some blog posts that were mentioned in the relevant comments:

• Why you shouldn't use text/html for JSON
• Internet Explorer sometimes has issues with application/json
• A rather complete list of Mimetypes and what to use them for
• The official mime type list at IANA from @gnrfan's answer below

---

Related Topics