What is MIME type "application/x-c2pa-manifest-store"?

A MIME type is a string that tells browsers and other tools how to handle a particular kind of file.

application/x-c2pa-manifest-store is a MIME type that designates a container for storing digital provenance and authenticity data.
It is primarily used in files with the C2PA extension, which hold signed metadata detailing the file’s history and alterations.

This MIME type encapsulates details such as cryptographic signatures, editing footprints, and chain-of-custody records. It serves to verify that a file—often an image, video, or document—has not been improperly modified or tampered with.

Primary purpose: Securely store and verify metadata about file origin and edits.
Use cases: Authenticating digital media; tracking content provenance; ensuring data integrity in professional media workflows.
Technical role: Embeds cryptographic evidence and metadata following the guidelines of the C2PA standards.

For more details on the C2PA standard and its application in media authenticity, visit the C2PA official website.
This system helps average PC users and professionals alike trust the integrity and history of digital content.

Associated file extensions

.c2pa

Usage Examples

HTTP Header

When serving content with this MIME type, set the Content-Type header:


    Content-Type: application/x-c2pa-manifest-store

HTML

In HTML, you can specify the MIME type in various elements:


    <a href="file.dat" type="application/x-c2pa-manifest-store">Download file</a>

Server-side (Node.js)

Setting the Content-Type header in Node.js:


    const http = require('http');    
    
    http.createServer((req, res) => {    
      res.setHeader('Content-Type', 'application/x-c2pa-manifest-store');    
      res.end('Content here');    
    }).listen(3000);

Associated file extensions

.c2pa

FAQs

What is a .c2pa file and what does it contain?

A .c2pa file is a standalone manifest store containing digital provenance data. It holds cryptographic signatures, assertions about how a file was edited, and author identity information, following the C2PA standard to ensure content authenticity.

How do I configure Apache to serve .c2pa files correctly?

To ensure your Apache server sends the correct Content-Type header, add the following line to your .htaccess file or main configuration: AddType application/x-c2pa-manifest-store .c2pa.

How do I add support for this MIME type in Nginx?

You need to update your mime.types file or the types block within your server configuration. Add the entry: application/x-c2pa-manifest-store c2pa; to map the extension correctly.

Why use a standalone .c2pa file instead of embedding the data?

While C2PA data is often embedded directly into files like image/jpeg, a standalone (sidecar) file is used when the target file format does not support embedding, or when keeping the provenance data separate is required for specific cloud storage workflows.

Can I open a .c2pa file with a text editor?

Not effectively. The file typically uses a binary structure (based on JUMBF and CBOR) that is not human-readable in a standard text editor. You should use a C2PA-aware tool or the Content Credentials Verify site to inspect the data.

Do web browsers support application/x-c2pa-manifest-store natively?

No, browsers will typically download the file rather than display it. However, developers can use the C2PA JavaScript SDK to parse this MIME type client-side and display a "Content Credentials" overlay on the associated media.

Is a .c2pa file a security risk?

Generally, no. The file contains metadata, cryptographic hashes, and public certificates intended to verify integrity. It does not contain executable code, making it safe to handle, though standard caution regarding unknown files always applies.

General FAQ

What is a MIME type?

A MIME (Multipurpose Internet Mail Extensions) type is a standard that indicates the nature and format of a document, file, or assortment of bytes. MIME types are defined and standardized in IETF's RFC 6838.

MIME types are important because they help browsers and servers understand how to process a file. When a browser receives a file from a server, it uses the MIME type to determine how to display or handle the content, whether it's an image to display, a PDF to open in a viewer, or a video to play.

MIME types consist of a type and a subtype, separated by a slash (e.g., text/html, image/jpeg, application/pdf). Some MIME types also include optional parameters.

How do I find the MIME type for a file?

You can check the file extension or use a file identification tool such as file --mime-type on the command line. Many programming languages also provide libraries to detect MIME types.

Why are multiple MIME types listed for one extension?

Different applications and historical conventions may use alternative MIME identifiers for the same kind of file. Showing them all helps ensure compatibility across systems.