Each Web Application in SharePoint 2010 and 2013 has an AllowedInlineDownloadedMimeTypes property within which a list of trusted file (MIME) types exists. Firstly, there is no “untrusted” list, only a “trusted” list. It is safe to assume that if a MIME type is not included in this list, it is untrusted by default and is subject to the “X-Download-Options: noopen” HTTP Response header. The most common example of this is PDF documents, MIME type “application/pdf”.
In the SharePoint 2010 Management Shell, you can easily find out which types are trusted out of the box by executing the following PowerShell snippet: