Correct `Content-Type` header (`content-type`)

content-type warns against not serving resources with the
Content-Type HTTP response header with a value containing
the appropriate media type and charset for the response.

Why is this important?

Even though browsers sometimes [ignore][server configs] the value of
the Content-Type header and try to [sniff the content][mime sniffing
spec] (see also: [X-Content-Type-Options hint][x content type options]),
it’s indicated to always send the appropriate media type and
charset for the response as, among other:

* the media type defines both the data format and how that data is intended
to be processed by browsers

* not sending the appropriate charset, where appropriate, may
[prevent things from being rendered correctly][incorrect rendering]
thus creating a bad user experience (see also:
[meta-charset-utf-8 hint][meta charset hint])

* javascript resources served with the wrong media type [may be blocked][blocked
resources]

What does the hint check?

The hint checks if responses include the Content-Type HTTP response
header and its value contains the appropriate media type and charset
for the response.

$3

This hint recommends using a Content-Type of text/javascript for
JavaScript resources as [noted in the HTML standard][html js mime].
However this hint also allows application/javascript because that
value was previously recommended by the IETF in [RFC 4329][rfc 4329].
RFC 4329 has [an active draft proposed][ietf js mime draft] to also
recommend text/javascript in the future.

See the section
Can the hint be configured below for an
example of how to require a specific Content-Type value for
JavaScript resources if desired.

$3

Content-Type response header is not sent:

``text HTTP/... 200 OK

...`

Content-Type response header is sent with an invalid value:

`text HTTP/... 200 OK

... Content-Type: invalid`

`text HTTP/... 200 OK

... Content-Type: text/html;;;`

Content-Type response header is sent with the wrong media type:

For /example.png

`text HTTP/... 200 OK

... Content-Type: font/woff2`

Content-Type response header is sent with an unofficial media type:

For /example.js

`text HTTP/... 200 OK

... Content-Type: application/x-javascript; charset=utf-8`

Content-Type response header is sent without the charsetparameter for response that should have it:

For /example.html

`text HTTP/... 200 OK

... Content-Type: text/html`

`$3`

For /example.png

`text HTTP/... 200 OK

... Content-Type: image/png`

For /example.js

`text HTTP/... 200 OK

... Content-Type: text/javascript; charset=utf-8`

`How to configure the server to pass this hint`

How to configure Apache

By default Apache [maps certain filename extensions to specific media types][mime.types file], but depending on the Apache version that is used, some mappings may be outdated or missing.

Fortunately, Apache provides a way to overwrite and add to the existing media types mappings using the [AddTypedirective][addtype]. For example, to configure Apache to serve.webmanifestfiles with theapplication/manifest+json media type, the following can be used:

`apache AddType application/manifest+json webmanifest`

The same goes for mapping certain filename extensions to specific charsets, which can be done using the [AddDefaultCharset][adddefaultcharset] and [AddCharset][addcharset] directives.

If you don't want to start from scratch, below is a generic starter snippet that contains the necessary mappings to ensure that commonly used file types are served with the appropriateContent-Typeresponse header, and thus, make your web site/app pass this hint.

`apache

`Serve resources with the proper media types (f.k.a. MIME types).`


https://www.iana.org/assignments/media-types/media-types.xhtml
  # Data interchange
    # 2.2.x+
    AddType text/xml                                    xml
    # 2.2.x - 2.4.x
    AddType application/json                            json
    AddType application/rss+xml                         rss
    # 2.4.x+
    AddType application/json                            map
  # JavaScript
    # 2.2.x+
    # See: https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages.
    AddType text/javascript                             js mjs

  # Manifest files
    # 2.2.x+
    AddType application/manifest+json                   webmanifest
    AddType text/cache-manifest                         appcache

  # Media files
    # 2.2.x - 2.4.x
    AddType audio/mp4                                   f4a f4b m4a
    AddType audio/ogg                                   oga ogg spx
    AddType video/mp4                                   mp4 mp4v mpg4
    AddType video/ogg                                   ogv
    AddType video/webm                                  webm
    AddType video/x-flv                                 flv
    # 2.2.x+
    AddType image/svg+xml                               svgz
    AddType image/x-icon                                cur
    # 2.4.x+
    AddType image/webp                                  webp

  # Web fonts
    # 2.2.x - 2.4.x
    AddType application/vnd.ms-fontobject               eot
    # 2.2.x+
    AddType font/woff                                   woff
    AddType font/woff2                                  woff2
    AddType font/ttf                                    ttf
    AddType font/collection                             ttc
    AddType font/otf                                    otf

  # Other
    # 2.2.x+
    AddType text/vtt                                    vtt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

`Serve all resources labeled as` text/html `or` text/plain

`with the media type` charset `parameter set to` utf-8`.`


#
https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset
AddDefaultCharset utf-8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

`Serve the following file types with the media type` charset

`parameter set to` utf-8`.`


#
https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset

AddCharset utf-8 .appcache \ .atom \ .css \ .js \ .json \ .manifest \ .map \ .mjs \ .rdf \ .rss \ .vtt \ .webmanifest \ .xml`

Note that:

* The above snippet works with Apache v2.2.0+, but you need to have [mod_mime][mod_mime] [enabled][how to enable apache modules] in order for it to take effect.

* If you have access to the [main Apache configuration file][main apache conf file] (usually calledhttpd.conf), you should add the logic in, for example, a [][apache directory] section in that file. This is usually the recommended way as [using.htaccess files slows down][htaccess is slow] Apache!

If you don't have access to the main configuration file (quite common with hosting services), add the snippets in a.htaccessfile in the root of the web site/app.

For the complete set of configurations, not just for this rule, see the [Apache server configuration related documentation][apache config].

How to configure IIS
By default IIS [maps certain filename extensions to specific media
types][mime.types iis], but depending on the IIS version that is
used, some mappings may be outdated or missing.

Fortunately, IIS provides a way to overwrite and add to the existing media types mappings using the [element under ][mimeMap]. For example, to configure IIS to serve.webmanifestfiles with theapplication/manifest+json media type, the following can be used:

`xml`

The same elementcan be used to specify the charset. Continuing with the example above, if we want to useutf-8 it should be as follows:

`xml`

Note: the removeelement is used to make sure we don't use IIS defaults for the given extension.

`xml

Note that:

* The above snippet works with IIS 7+. * You should use the above snippet in theweb.configof your application.

For the complete set of configurations, not just for this rule, see the [IIS server configuration related documentation][iis config].

`Can the hint be configured?`

You can overwrite the defaults by specifying custom values for theContent-Typeheader and the regular expressions that match the URLs for which those values should be required.

E.g. The following hint configuration will make webhintrequire that all resources requested from a URL that matches the regular expression.*\.js be served with a Content-Typeheader with the value ofapplication/javascript; charset=utf-8.

In the [.hintrc][hintrc] file:

`json { "connector": {...}, "formatters": [...], "hints": { "content-type": ["error", { ".*\\.js": "application/javascript; charset=utf-8" }], ... }, ... }`

Note: You can also use the [ignoredUrls][ignoring domains] property from the.hintrcfile to exclude domains you don’t control (e.g.: CDNs) from these checks.

`How to use this hint?`

This package is installed automatically by webhint:

`bash npm install hint --save-dev`

To use it, activate it via the [.hintrc][hintrc] configuration file:

`json { "connector": {...}, "formatters": [...], "hints": { "content-type": "error", ... }, "parsers": [...], ... }`

Note: The recommended way of running webhint is as a devDependency` of
your project.

Correct `Content-Type` header (`content-type`)

content-type warns against not serving resources with the
Content-Type HTTP response header with a value containing
the appropriate media type and charset for the response.

Why is this important?

* the media type defines both the data format and how that data is intended
to be processed by browsers

* javascript resources served with the wrong media type [may be blocked][blocked
resources]

What does the hint check?

The hint checks if responses include the Content-Type HTTP response
header and its value contains the appropriate media type and charset
for the response.

$3

See the section
Can the hint be configured below for an
example of how to require a specific Content-Type value for
JavaScript resources if desired.

$3

Content-Type response header is not sent:

``text HTTP/... 200 OK

...`

Content-Type response header is sent with an invalid value:

`text HTTP/... 200 OK

... Content-Type: invalid`

`text HTTP/... 200 OK

... Content-Type: text/html;;;`

Content-Type response header is sent with the wrong media type:

For /example.png

`text HTTP/... 200 OK

... Content-Type: font/woff2`

Content-Type response header is sent with an unofficial media type:

For /example.js

`text HTTP/... 200 OK

... Content-Type: application/x-javascript; charset=utf-8`

Content-Type response header is sent without the charsetparameter for response that should have it:

For /example.html

`text HTTP/... 200 OK

... Content-Type: text/html`

`$3`

For /example.png

`text HTTP/... 200 OK

... Content-Type: image/png`

For /example.js

`text HTTP/... 200 OK

... Content-Type: text/javascript; charset=utf-8`

`How to configure the server to pass this hint`

How to configure Apache

By default Apache [maps certain filename extensions to specific media types][mime.types file], but depending on the Apache version that is used, some mappings may be outdated or missing.

`apache AddType application/manifest+json webmanifest`

The same goes for mapping certain filename extensions to specific charsets, which can be done using the [AddDefaultCharset][adddefaultcharset] and [AddCharset][addcharset] directives.

`apache

`Serve resources with the proper media types (f.k.a. MIME types).`


https://www.iana.org/assignments/media-types/media-types.xhtml
  # Data interchange
    # 2.2.x+
    AddType text/xml                                    xml
    # 2.2.x - 2.4.x
    AddType application/json                            json
    AddType application/rss+xml                         rss
    # 2.4.x+
    AddType application/json                            map
  # JavaScript
    # 2.2.x+
    # See: https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages.
    AddType text/javascript                             js mjs

  # Manifest files
    # 2.2.x+
    AddType application/manifest+json                   webmanifest
    AddType text/cache-manifest                         appcache

  # Media files
    # 2.2.x - 2.4.x
    AddType audio/mp4                                   f4a f4b m4a
    AddType audio/ogg                                   oga ogg spx
    AddType video/mp4                                   mp4 mp4v mpg4
    AddType video/ogg                                   ogv
    AddType video/webm                                  webm
    AddType video/x-flv                                 flv
    # 2.2.x+
    AddType image/svg+xml                               svgz
    AddType image/x-icon                                cur
    # 2.4.x+
    AddType image/webp                                  webp

  # Web fonts
    # 2.2.x - 2.4.x
    AddType application/vnd.ms-fontobject               eot
    # 2.2.x+
    AddType font/woff                                   woff
    AddType font/woff2                                  woff2
    AddType font/ttf                                    ttf
    AddType font/collection                             ttc
    AddType font/otf                                    otf

  # Other
    # 2.2.x+
    AddType text/vtt                                    vtt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

`Serve all resources labeled as` text/html `or` text/plain

`with the media type` charset `parameter set to` utf-8`.`


#
https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset
AddDefaultCharset utf-8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

`Serve the following file types with the media type` charset

`parameter set to` utf-8`.`


#
https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset

AddCharset utf-8 .appcache \ .atom \ .css \ .js \ .json \ .manifest \ .map \ .mjs \ .rdf \ .rss \ .vtt \ .webmanifest \ .xml`

Note that:

* The above snippet works with Apache v2.2.0+, but you need to have [mod_mime][mod_mime] [enabled][how to enable apache modules] in order for it to take effect.

If you don't have access to the main configuration file (quite common with hosting services), add the snippets in a.htaccessfile in the root of the web site/app.

For the complete set of configurations, not just for this rule, see the [Apache server configuration related documentation][apache config].

How to configure IIS
By default IIS [maps certain filename extensions to specific media
types][mime.types iis], but depending on the IIS version that is
used, some mappings may be outdated or missing.

`xml`

The same elementcan be used to specify the charset. Continuing with the example above, if we want to useutf-8 it should be as follows:

`xml`

Note: the removeelement is used to make sure we don't use IIS defaults for the given extension.

`xml

Note that:

* The above snippet works with IIS 7+. * You should use the above snippet in theweb.configof your application.

For the complete set of configurations, not just for this rule, see the [IIS server configuration related documentation][iis config].

`Can the hint be configured?`

You can overwrite the defaults by specifying custom values for theContent-Typeheader and the regular expressions that match the URLs for which those values should be required.

In the [.hintrc][hintrc] file:

`json { "connector": {...}, "formatters": [...], "hints": { "content-type": ["error", { ".*\\.js": "application/javascript; charset=utf-8" }], ... }, ... }`

Note: You can also use the [ignoredUrls][ignoring domains] property from the.hintrcfile to exclude domains you don’t control (e.g.: CDNs) from these checks.

`How to use this hint?`

This package is installed automatically by webhint:

`bash npm install hint --save-dev`

To use it, activate it via the [.hintrc][hintrc] configuration file:

`json { "connector": {...}, "formatters": [...], "hints": { "content-type": "error", ... }, "parsers": [...], ... }`

Note: The recommended way of running webhint is as a devDependency` of
your project.

@hint/hint-content-type

Correct Content-Type header (content-type)

Why is this important?

What does the hint check?

$3

$3

$3

How to configure the server to pass this hint

Serve resources with the proper media types (f.k.a. MIME types).

https://www.iana.org/assignments/media-types/media-types.xhtml

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Serve all resources labeled as text/html or text/plain

with the media type charset parameter set to utf-8.

https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Serve the following file types with the media type charset

parameter set to utf-8.

https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset

Can the hint be configured?

How to use this hint?

Further Reading

@hint/hint-content-type

Correct Content-Type header (content-type)

Why is this important?

What does the hint check?

$3

$3

$3

How to configure the server to pass this hint

Serve resources with the proper media types (f.k.a. MIME types).

https://www.iana.org/assignments/media-types/media-types.xhtml

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Serve all resources labeled as text/html or text/plain

with the media type charset parameter set to utf-8.

https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Serve the following file types with the media type charset

parameter set to utf-8.

https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset

Can the hint be configured?

How to use this hint?

Further Reading

Correct `Content-Type` header (`content-type`)

`$3`

`How to configure the server to pass this hint`

`Serve resources with the proper media types (f.k.a. MIME types).`

`Serve all resources labeled as` text/html `or` text/plain

`with the media type` charset `parameter set to` utf-8`.`

`Serve the following file types with the media type` charset

`parameter set to` utf-8`.`

`Can the hint be configured?`

`How to use this hint?`

Correct `Content-Type` header (`content-type`)

`$3`

`How to configure the server to pass this hint`

`Serve resources with the proper media types (f.k.a. MIME types).`

`Serve all resources labeled as` text/html `or` text/plain

`with the media type` charset `parameter set to` utf-8`.`

`Serve the following file types with the media type` charset

`parameter set to` utf-8`.`

`Can the hint be configured?`

`How to use this hint?`