On a further note. If UAs (which are among the more prevalent applications
out there being used) intentionally disable declaring mime-types for some
classes of content, so that it can't be pasted into applications that might
not be equipped to handle those mimetypes, application programmers (such as
adobe, gimp etc.) will do something else:
- The first 4 bytes of a PNG: \89PNG
- Bytes 9 trough 13 of a JPEG: JFIF
- etc.
Every notable non text format in common use today contains "magic" headers
that make it easy to identify what a file is without having the mimetype or
file extension.
Omission of metadata information is
- not going to address your "security concern" since applications do
routinely read in random bytes and figure out what they are
- it's not going to make applications behave any more securely (or
reliably) as it'll promote even more of them to resort to guessing because
information is omitted