What are sample files used for?

Sample files are used by developers, testers, and designers to test file upload functionality, validate parsers, prototype applications, and verify format support. They provide well-formed examples of real file formats without sensitive data.

Are the sample files free to download?

Yes, all sample files on File Examples are completely free to download. No registration, no limits, and no hidden fees. You can use them for testing, development, and educational purposes.

What file formats are available?

File Examples offers 1000+ sample files in 700+ formats across 50 categories including documents, images, audio, video, code, scripting, AI/ML, blockchain, gaming, firmware, security, science, IoT, DevOps, medical, accessibility, automation, education, legal, API, localization, and many more.

Can I use these files for testing my application?

Absolutely. All files are well-formed, valid examples designed specifically for testing. They contain proper headers, metadata, and realistic content structures — ideal for automated testing, CI/CD pipelines, and development workflows.

How do I download a sample file?

Browse categories or search for a specific format, click on the file you need, and hit the Download button. The file downloads instantly — no signup or email required.

Various.jpg · Invalid

Wrong MIME Type File — Extension Mismatch

Download a file that has a .jpg extension but actually contains HTML content. This simulates a common attack vector and data handling error where file extensions don't match the actual content. Use it to test MIME type detection, file upload security validation, content-type sniffing, and server-side file type verification.

Download Invalid File

What Is Broken

The file is named with a .jpg extension and may be served with an image/jpeg Content-Type header, but its actual content is HTML markup. The magic bytes do not match any image format signature.

Broken Example

<!-- This file is saved as .jpg but contains HTML -->
<html>
<body>
<h1>This is not an image</h1>
<script>alert('MIME type mismatch!')</script>
</body>
</html>

Why It Matters

Extension/content mismatches are a security risk. Attackers upload HTML or SVG files disguised as images to trigger XSS attacks via MIME sniffing. Proper content-type validation based on magic bytes (not just extension) is essential for upload security.

Expected Parser / Validator Behavior

Servers should validate file content against the claimed type using magic byte detection. Browsers with X-Content-Type-Options: nosniff should refuse to render HTML served as image/jpeg. Upload handlers should reject mismatched files.

Related Invalid Files

File Extension Mismatch Examples Zero Byte File Corrupt Zip File

Related Validators & Tools

Mime Type Detector Checksum Generator

Valid Sample Files

Sample Jpg File 10kb

Frequently Asked Questions

Why is this a security risk?

If a server serves this file as image/jpeg without X-Content-Type-Options: nosniff, some browsers may MIME-sniff the HTML content and execute the embedded script, enabling XSS attacks.

How should uploads validate file types?

Check magic bytes (file signatures), not just extensions. Use libraries like file-type (Node.js) or python-magic to detect actual content type regardless of the filename.