What you would be "validating" is whether the user has the mime type correctly set up on their box, not anything about the file. If they have .pdf defined as application-x/Princess Di, that's what their browser will send. But your server will in turn send whatever settings it has when the same file is subsequently requested from the server. What needs to be accomplished by looking at the file's mime type at this point? -----Original Message----- From: On Behalf Of Randal Rust Sent: Wednesday, March 28, 2007 9:05 AM I am trying to do form uploads, and one of the things I do is validate that the MIME type is correct. When I upload either an XLS or PDF, the MIME type is coming back as applications/octet-stream, instead of application/msexcel or application/pdf.