Validation and moderation

When uploading files to your project, you can validate the types of files you want to accept, and apply various checks after (e.g., virus checking).

Maximum file size

You can set the maximum file size accepted by API up to 5TB (5242880 MB).

The size of the uploaded file is limited by project settings. Configure your validation options in the Validation section.

MIME type filtering

MIME type filtering allows you to control which types of files can be uploaded to your project. By default, all file types are allowed, but you can customize this by selecting specific MIME types to allow or block.

Available categories include:

Audio
Documents
Fonts
Images
Video
Other (includes additional file types not covered in the main categories)

You can also select all file types at once or fine-tune your selection by choosing specific formats within each category.

Uploadcare determines the MIME type of an uploaded file based on its content, not the file extension or the Content-Type header sent by the client.

If the detected content type does not match the file extension, for example a JPEG file uploaded as file.mp4, the file is evaluated against its detected content type. If that type is not in your allowed list, the upload is rejected with a 400 error: Uploading of these file types is not allowed.

Content detection may not always be exact. In some cases, files can be identified as application/octet-stream, which may cause files to be rejected unexpectedly.

By default, MIME type filtering is disabled. To enable it:

Go to the MIME type filtering section in your project settings.
Select the file types you want to allow or block.
Save changes to apply the settings.

MIME type filtering is only available on paid plans.

Search engine indexing

Restrict search engines to analyze and index content in your project for global search: image and text. Setup search engine indexing behavior for each of your projects.

Signed webhooks

Control who and when can call your webhook endpoint (URL). Without verification, anyone can spoof a request sent to the webhook URL. The solution is to sign each webhook payload with a secret.

EXIF Metadata removal

You can remove metadata from images during the upload process. To enable EXIF Metadata removal for your project, activate the toggle in the Dashboard → Uploading.

All newly uploaded images will be stripped of EXIF metadata, ensuring enhanced privacy and security.
It doesn’t affect images that have already been uploaded before enabling the setting.
Billing: Each uploaded image is counted as 1 processing operation.

SVG validation

Uploadcare’s automatic SVG file verification feature protects against potential security vulnerabilities. SVG files containing JavaScript code can pose a significant risk. If JavaScript is found inside the SVG file, it will be rejected from uploading.

By default, this feature is disabled.

You can enable SVG validation for your project in the Dashboard. Once this feature is enabled, all newly uploaded files will be validated.

This option is available on paid plans.

Frontend file validation

Our new File Uploader is easily set up to:

Limit file size
Restrict to images only
File input accepts attribute value

Similar validation settings in our jQuery File Uploader:

Limit file size
Restrict file type
Image dimensions
Image orientation
File input accept attribute value