JWT
application/jwt
A signed token as a payload: three base64url segments joined by dots — header, claims, signature. The type applies when a JWT travels alone as an HTTP body or is nested inside another token; inside an Authorization: Bearer header no media type is involved, which is where most JWTs actually live. The trap is trusting the token's own header: alg none and algorithm-confusion attacks are why verifiers must pin the expected algorithm instead of obeying whatever the token claims.
Defined by RFC 7519 · IANA registration. Registry facts from the IANA media-types registry via mime-db.