Introduction

The standard MIME type for a ZIP archive is application/zip. That is the value you should normally use whether you are serving a ZIP file in an HTTP response or uploading one as the body of an HTTP request.

The important nuance is that Content-Type tells the receiver what the payload is, while headers such as Content-Disposition describe how a browser should present it. Many bugs come from mixing those roles together.

The Standard Content Type

For ZIP archives, the correct type is:

application/zip

You may also encounter application/octet-stream as a generic fallback for binary files, but if you know the payload is a ZIP archive, application/zip is the better, more specific value.

Sending a ZIP File in a Response

A typical HTTP response should look conceptually like this:

Content-Type: application/zip
Content-Disposition: attachment; filename="report.zip"

Content-Type says "this is a ZIP archive." Content-Disposition says "offer it as a downloadable attachment with this filename."

Here is a minimal Python example using Flask:

1from flask import Flask, send_file
2
3app = Flask(__name__)
4
5@app.route("/download")
6def download():
7    return send_file(
8        "report.zip",
9        mimetype="application/zip",
10        as_attachment=True,
11        download_name="report.zip",
12    )

Uploading a ZIP File in a Request

If the entire request body is the ZIP file, set the request Content-Type to application/zip.

With curl:

1curl -X POST \
2  -H "Content-Type: application/zip" \
3  --data-binary @report.zip \
4  https://example.com/upload

If the ZIP file is part of a form upload, the outer request usually becomes multipart/form-data, and the file part may still carry application/zip.

Server-Side Handling Example

A server receiving raw ZIP bytes might look like this in Node.js with Express:

1const express = require("express");
2
3const app = express();
4app.use(express.raw({ type: "application/zip", limit: "50mb" }));
5
6app.post("/upload", (req, res) => {
7  console.log(req.headers["content-type"]);
8  console.log(req.body.length);
9  res.sendStatus(204);
10});
11
12app.listen(3000);

This makes the expectation explicit and avoids guessing what kind of binary payload arrived.

Why Specificity Matters

Using the correct MIME type improves:

• client handling
• server validation
• logging clarity
• security policy enforcement

Browsers, proxies, and API gateways behave more predictably when the content type matches the actual payload. It also helps prevent poor downstream assumptions about how the body should be processed.

When application/octet-stream Is Acceptable

Use application/octet-stream when:

• you do not know the file type in advance
• the endpoint accepts arbitrary binary blobs
• the sender cannot determine the specific MIME type reliably

But if you know it is a ZIP archive, use application/zip instead of hiding that information behind a generic binary type.

Related Headers to Get Right

For downloads, Content-Length and Content-Disposition are often just as important as Content-Type. Content-Length helps the client know how much data to expect, and Content-Disposition controls whether the browser tries to display the response inline or save it as a file. Those headers do not replace the media type, but they usually belong in the same response.

Common Pitfalls

• Using Content-Disposition and forgetting to set Content-Type.
• Sending ZIP bytes as text content instead of binary content.
• Assuming the whole request should be application/zip when the actual payload is multipart/form-data.
• Using a generic MIME type even when the exact archive format is known.
• Trusting the header alone without validating that the uploaded file is really a ZIP archive.

Summary

• The standard MIME type for ZIP archives is application/zip.
• Use it for HTTP responses and for raw request bodies that contain ZIP data.
• 'Content-Disposition controls download behavior, not the media type itself.'
• 'multipart/form-data is different from a raw application/zip upload.'
• 'application/octet-stream is only a generic fallback when the exact type is unknown.'