text/css and text/javascript — Serving Web Assets Correctly
Ensure CSS and JavaScript files are served with the correct text/css and text/javascript MIME types to avoid rendering and security issues.
Detailed Explanation
Serving CSS and JavaScript
Modern browsers are strict about MIME types for stylesheets and scripts. Serving them with the wrong type can cause silent failures.
text/css
Content-Type: text/css; charset=utf-8
Browsers refuse to apply a stylesheet if the response Content-Type is not text/css. This is a security measure called MIME type checking (enforced when X-Content-Type-Options: nosniff is set).
text/javascript
Content-Type: text/javascript; charset=utf-8
RFC 9239 (2022) established text/javascript as the single official type for JavaScript. The following legacy types still work but are deprecated:
| Legacy Type | Status |
|---|---|
application/javascript |
Deprecated (RFC 9239) |
application/x-javascript |
Non-standard |
text/ecmascript |
Deprecated |
application/ecmascript |
Deprecated |
Module Scripts
ES modules loaded with <script type="module"> still use text/javascript as their Content-Type. The type="module" attribute is an HTML attribute, not a MIME type.
Common Server Misconfigurations
| Problem | Symptom |
|---|---|
CSS served as text/plain |
Styles not applied |
JS served as application/octet-stream |
Script blocked |
| Missing charset | Encoding issues with non-ASCII |
Nginx Configuration
types {
text/css css;
text/javascript js mjs;
}
TypeScript Files
TypeScript (.ts) files are transpiled to JavaScript before serving. They should never be served directly to browsers. For development servers, application/typescript is sometimes used but has no official IANA registration.
Use Case
Verify that your web server, CDN, or build tool serves CSS as text/css and JavaScript as text/javascript. Incorrect MIME types are a common cause of 'styles not loading' and 'script blocked' issues, especially when X-Content-Type-Options: nosniff is enabled.