MIME Type Checker
Detect the true MIME type of any file by examining its first 512 bytes against 50+ known magic-byte signatures. Catches renamed files, content-spoofing attacks and broken upload pipelines. Reports extension mismatch. 100% offline.
What is the MIME Type Checker?
MIME Type Checker reads the first 512 bytes of a file you pick (no upload — stays in your browser) and matches them against a curated table of 50+ magic-byte signatures: images (JPEG, PNG, GIF, WebP, AVIF, HEIC, BMP, TIFF, ICO, SVG), documents (PDF, ZIP, RAR, 7z, GZIP, TAR, BZIP2, XZ), audio (MP3, WAV, OGG, FLAC, AAC, MIDI), video (MP4, WebM, MKV, AVI, MOV), fonts (WOFF, WOFF2, TTF, OTF), executables (ELF, PE, Mach-O), and source-text formats (XML, HTML). Some signatures use secondary patterns at specific offsets — WebP needs `RIFF` at byte 0 AND `WEBP` at byte 8; AVI needs `RIFF` + `AVI ` at byte 8. The result shows the hex dump and printable-ASCII view of the first 32 bytes, all matching signatures (longest pattern wins), and an extension-mismatch warning when the file's real content doesn't match its `.ext`.
How to use it
- Click 'Pick a file' or drop a file onto the box.
- Read the detected MIME at the top of the report.
- Check the magic-byte matches — longer patterns are higher confidence.
- Watch for the extension-mismatch warning if you suspect a renamed file.
Benefits
- 50+ magic-byte signatures across images, documents, audio, video, fonts and executables.
- Some signatures include a secondary pattern at a specific offset (RIFF-based formats).
- Hex dump + printable-ASCII view of the first 32 bytes for manual inspection.
- Extension-mismatch warning when a file's content doesn't match its filename extension.
- Reads only the first 512 bytes — nothing is uploaded, nothing is fully buffered.
- Drag-and-drop or file picker — works on any platform.
- Reports both the browser's claimed MIME and the detected one.
- Runs 100% in your browser — Toollyz has no server.
Frequently asked questions
How is this different from the browser's reported MIME?
The browser reports the MIME based on the filename extension — easily spoofable. We look at the actual bytes, which are much harder to fake without breaking the file. When the two disagree, something's off.
What's a 'magic byte'?
A short sequence at a known offset that identifies a file format. PNG always starts with the 8 bytes 89 50 4E 47 0D 0A 1A 0A. PDF starts with %PDF. ZIP starts with PK followed by 03 04. By checking these you can identify the format without trusting the filename.
Why are PNG / PDF / JPG so reliable?
Their magic bytes are unique within the first 4-8 bytes and have been stable for decades. They're effectively impossible to confuse with other formats.
Why does WebP need two patterns?
WebP is a RIFF container — `RIFF` at byte 0 + 4-byte length + `WEBP` at byte 8. Same with WAV (RIFF + WAVE) and AVI (RIFF + AVI ). We check both patterns to avoid false matches with other RIFF formats.
What about ZIP-based formats (DOCX, XLSX, JAR, APK)?
We detect them as 'application/zip' because they all start with the same PK header. To distinguish a DOCX from a JAR you'd need to inspect the inner directory structure — out of scope for this tool.
What's the 'extension mismatch' warning?
We compare the file's real content type to its filename extension. If you uploaded `payload.jpg` but the bytes say it's actually a `.exe` (PE magic 'MZ'), that's a security red flag.
Can it detect plain text?
We don't have a 'text/plain' signature — plain text has no magic bytes, just printable characters. If we don't match any signature, you can assume plain text or an unknown format.
What about HEIC photos?
HEIC files have `ftyp` followed by `heic` at offset 8. We detect them, but most browsers can't display them — only Safari and iOS Photos. You'll see the MIME but no preview.
Does it work on huge files?
Yes — we only read the first 512 bytes, regardless of file size. A 10 GB file detects as fast as a 1 KB file.
Is anything uploaded?
No. The File API reads bytes from your local disk into browser memory. Toollyz has no server.
Why 50+ signatures and not more?
These cover the formats users encounter day-to-day. Add edge cases like DDS or PSD to the GitHub repo if you need them.
Related tools
See all developer toolsEXIF Data Remover
Strip EXIF/IPTC/ICC from JPEG losslessly + PNG/WebP via re-encode.
Secure File Shredder
Overwrite a file's bytes with crypto-random data before download.
File Metadata Viewer
Pick a file — name, size, MIME sniff, dimensions, duration, SHA-256, hex dump.
Hash Generator
MD5 + SHA-1/256/384/512 of text or file, with HMAC support.