Explain Codes LogoExplain Codes Logo

Valid content-type for XML, HTML and XHTML documents

html
mime-types
http-headers
content-type
Anton ShumikhinbyAnton Shumikhin·Jan 8, 2025
TLDR

Use text/html for HTML documents, application/xml for XML files, and application/xhtml+xml or text/html for XHTML depending on browser compatibility.

<!-- HTML - Simplicity is the ultimate sophistication -->
Content-Type: text/html

<!-- XML - Wields structured data like a boss -->
Content-Type: application/xml

<!-- XHTML - HTML's strict yet stylish sibling -->
Content-Type: application/xhtml+xml

Decoding MIME types

Mime types: The basics

Content-Type is a vital HTTP header defining the type of the data. Three major types exist:

  • HTML (HyperText Markup Language) is served with text/html.
  • XHTML (eXtensible HyperText Markup Language) can use either application/xhtml+xml for modern applications or text/html for fallback.
  • XML (eXtensible Markup Language) usually takes application/xml. Lesser-used subtype is text/xml.

Unraveling MIME types with +xml

Note that MIME types ending in +xml indicate XML-related formats. Whether you come across a customized application/custom+xml or a registered image/svg+xml, understand them as XML subtypes.

Choosing the correct content type

HTML, XHTML, XML: What's in the content-type?

Browsers understand Content-Type, which influences rendering:

  • HTML: With text/html, browsers interpret HTML tags and narrate the web story.
  • XML: For application/xml, the browser swaps to a parsing model, presenting raw XML if styled else displaying a tree view.
  • XHTML: For application/xhtml+xml, non-adherence to markup rules may lead to non-rendering, insisting on enhanced XML rules.

Breaching legacy compatibility

Older systems might not support recent formats:

  • Old-school browsing: Deescalate to text/html when serving XHTML for compatibility.
  • Content diplomacy: Use HTTP headers to select the best content type hinging on the client-side potential.

Nitty-gritty about edge cases

Deal with specific scenarios:

  • Encodings: Always append character encoding, such as UTF-8, to circumvent display issues. For instance, Content-Type: text/html; charset=UTF-8.
  • MIME sniffing risks: Explicit content-type safeguard against MIME-Type sniffing vulnerabilities.

Best practices and common pitfalls

The dark side of improper MIME types

Serving inconsistent Content-Type headers triggers:

  • Security risks: Browsers may mistakenly interpret resources leading to execution of malicious scripts (XSS).
  • Old routine: Incorrect Content-Type fires older HTML rendering modes in browsers that could mar the user experience.

Ensuring smooth content-type delivery

For uninterrupted resource handling:

  • Test before delivery: Validate your document and ascertain that the served MIME type aligns with its content.
  • Leverage tools: W3C's validator and other tools can test document types saving time.
  • HTTP header checks: Developer tools on modern browsers can inspect HTTP headers to confirm if Content-Type is dispatched correctly.
explain-codes / Html / Valid content-type for XML, HTML and XHTML documents
Linked

Is it possible to insert HTML content in an XML document?

Why don't self-closing script elements work?

Do we need type="text/css" for in HTML5

Which is better: `` or ``

Limit file format when using ``?

Interface/enum listing standard mime-type constants

Do you need to close meta and link tags in HTML?

Decoding MIME typesChoosing the correct content typeBest practices and common pitfalls
Linked

Is it possible to insert HTML content in an XML document?

Why don't self-closing script elements work?

Do we need type="text/css" for in HTML5

Which is better: `` or ``

Limit file format when using ``?

Interface/enum listing standard mime-type constants

Do you need to close meta and link tags in HTML?