On a further note. If UAs (which are among the more prevalent applications out there being used) intentionally disable declaring mime-types for some classes of content, so that it can't be pasted into applications that might not be equipped to handle those mimetypes, application programmers (such as adobe, gimp etc.) will do something else:
- The first 4 bytes of a PNG: \89PNG - Bytes 9 trough 13 of a JPEG: JFIF - etc. Every notable non text format in common use today contains "magic" headers that make it easy to identify what a file is without having the mimetype or file extension. Omission of metadata information is - not going to address your "security concern" since applications do routinely read in random bytes and figure out what they are - it's not going to make applications behave any more securely (or reliably) as it'll promote even more of them to resort to guessing because information is omitted