(registered 2014-05-14, updated 2014-05-14, updated 2020-07-14) Name: Anne van Kesteren Email: annevk&annevk.nl Media type name: application Media subtype name: x-www-form-urlencoded Required parameters: No parameters Optional parameters: No parameters Encoding considerations: 7bit Security considerations: In isolation, an application/x-www-form-urlencoded payload poses no security risks. However, as this type is usually used as part of a form submission, all the risks that apply to HTML forms need to be considered in the context of this type. These risks fall into multiple categories that pertain to the same-origin policy and cross-origin reach of HTML forms, general HTML application threats (https://html.spec.whatwg.org/#writing-secure-applications-with-html), and not relying on client-side validation for anything other than user feedback (https://html.spec.whatwg.org/#security-forms). Interoperability considerations: Rules for generating and processing application/x-www-form-urlencoded payloads are defined in the URL Standard. Published specification: https://url.spec.whatwg.org/#application/x-www-form-urlencoded Applications which use this media: Web browsers and servers. Fragment identifier considerations: Fragment identifiers have no meaning with the application/x-www-form-urlencoded type. Restrictions on usage: This type is only intended to be used to describe HTML form submission payloads. Provisional registration? (standards tree only): No. Additional information: 1. Deprecated alias names for this type: Not applicable 2. Magic number(s): There is no reliable mechanism for recognising such payloads 3. File extension(s): Not applicable 4. Macintosh file type code: Not applicable 5. Object Identifiers: Not applicable General Comments: Person to contact for further information: 1. Name: Anne van Kesteren 2. Email: annevk&annevk.nl Intended usage: Common It is the default web form submission format and therefore in widespread usage. Author/Change controller: WHATWG