Admin Home > Options > Messages has the option to proxy images - which I turned on after converting my Xenforo install to HSTS. Because, as the current comments say,
However - the proxy isn't really needed if images are already served through HTTPS, is it? Shouldn't there be an option to not use the proxy if images are already secure?
Proxying of images is especially important if you are running your site through SSL (HTTPS).