2006-04-11 22:22 UTC Content-Type is dead
Browsers and other user agents largely ignore the HTTP Content-Type header, relying on undefined sniffing heuristics to determine what the content of a page really is.
- RSS feeds are always sniffed, regardless of their MIME type, because, to quote a Safari engineer, "none of them have the right mime type".
- The target of
imgelements is almost always assumed to be an image, regardless of the declared type. - IE in particular is well known for ignoring the
Content-Typeheader, despite this having been the source of security bugs in the past. - Browsers have been forced to implement heuristics to handle
text/plainfiles as binary because video files are widely served with the wrong MIME types.
Unfortunately, we're now at a stage where browsers are continuously having to reverse-engineer each other to determine why they are handling content differently. A browser can't afford to render any less content than a browser with more market share, because otherwise users won't switch, and the new browser will not be adopted.
I think it may be time to retire the Content-Type header, putting to sleep the myth that it is in any way authoritative, and instead have well-defined content-sniffing rules for Web content.
I have some tests that look at the state of MIME type sniffing, if you need convincing that the state of Content-Type on the Web is a lost cause.