Option to only proxy non-HTTPS images


Well-known member
GDPR requires us to provide detailed information about every website/service with which we share personal of the visitor, including its IP address.
If images are embedded from 3rd party servers it is technically unavoidable that those 3rd party servers do get the visitor IP; they might also get user agent, referrer, etc.
In order to be compliant, we would have to list every external server that is used to embed images - this is impossible.
So the options are to a) turn off external images or b) proxy all external images.
As always: IANAL, I am just repeating what we've been given as legal advice.