It's not required, but recommended to utilize a caching class in your XenForo config.
Note: Cost is $75 (or free for premium members, which costs $25).
This addon will serve images embedded with BBCode from your domain through a proxy mechanism (it does not store third party images as attachments).
All Images Types
XenForo 1.3 has an image proxy built in, but it only supports PNG, GIF and JPG images. This supports all image types.
Block Cookie Stuffing
Since images are served through your servers and cookies are not relayed, malicious cookie stuffing images are a non-issue.
Eliminate Security Warnings
If your site is running on HTTPS, users won't get warnings about the webpage containing insecure content.
Eliminate Malware Warnings
If you don't proxy images through your own domain and you have a thread that includes an image from a domain flagged for malware, your page requires content from that domain to render itself, so YOUR users will be shown a prompt like this when trying to visit that thread:
Compare To Moving Third Party Images Into Attachments
The attachment system is permissions based, so it requires the user's session to be initialized in order to check those permissions (this means every image displayed requires multiple queries). The attachment system also forces users to reload it every time it's viewed (because of how it logs an attachment view counter).
The Image Proxy does not create user sessions and needs zero queries to display an image. It also forces a browser cache of 1 year. This means that if the user sees the same image within 12 months and hasn't flushed their browser cache, their browser won't even make an HTTP request to check if the image has been updated (long story short is it makes for a faster user experience for your users).
If you have a domain you used to serve static, cookieless content, you can set the Image Proxy URL Prefix under your Performance Options to utilize that.
Encrypted Image URLs
If your PHP installation has the mcrypt extensions installed, the actual image URLs are encrypted to make it impossible for other sites to maliciously utilize your image proxy.
If your installation uses a caching mechanism (for example memcached), it will be used to store images for 1 hour. This means that your server does not need to go out and retrieve images as often as they are viewed. Also utilizes CloudFlare caching when available.