Omar G. Public Blog
Security
 Be cautious of embemding external content

Security
  Be cautious of embemding external content

Omar G.

Omar G.

(This post was last modified: 12 Feb, 2026, 5:58 am by Omar G..)


If you run a forum, social platform, or any site where people can set external avatars or media, you’ve probably considered letting them use external media sources like Imgur or Gravatar. It’s convenient, has no storage costs, and is quite simple. But there is a downside: the external (source) has absolute control of your site content and may have access to your user's private information.

Available user information:
  • IP Address: The media source can log the IP address of every person who loads the image or video. This could reveal approximate geographic location like the person country, city, or even the Internet Service Provider (ISP).
  • User Agent: The browser version and operating system which helps external sources fingerprint user devices.
  • Referrer URL: The page on your site where the media was loaded. This can expose user navigation patterns within your forum or site.

Stop trusting external media sources by default.

External media sources are a security and privacy concern. Site scripts (CMS, MyBB, etc) may only check the external media once. For example, when people set an external avatar through a URL. After this original verification, users or the source owner can change the content anytime.

The most secure and privacy-focused option is to only allow people to upload content and store it on your server. Controlling users media allows you to mitigate tracking, securing the original media content and availability. You will avoid breaking content in your site when external sources go offline, or they decide to block people (i.e: Imgur is blocked in some countries) or your server IP.

Still want to allow external sources?

If you still want to allow embedding external media content (e.g., for user convenience), you must mitigate the risks. Here are your options:
  • Proxy external media content: proxy the user media (avatars or posted images) through your server. This allows you to constantly verify the media contents and avoid tracking.
  • Hash and verify: Hash the original media content and verify it constantly to confirm that it matches the current media. If you discover the embedded media was tempered with, you may apply moderation policies for it in your site.

  • Use Content Security Policies (CSP): Restrict media to trusted sources through a content security policy, limiting the source origin pool.

For medium to large sized sites, it is possible to leverage costs by using cloud storage or Pull CDN providers. You still would have control over your files when stored in the cloud and save some bandwidth when using CDN to cache media to reduce server load.

Don’t overcomplicate it: for most sites or small communities, proxying could be too complex a setup. Specially for limited and essential user media content like profile pictures or avatars. Just let users upload their avatars and store them locally in your server while setting reasonable limits like file sizes, image dimensions, or video quality.

For other heavy media where it is not feasible to allow users to upload, like videos, consider limiting embedding to trusted sources like YouTube or Wikipedia.

Originally published on ougcNetwork

Image by Freepik
Next Oldest Next Newest
Show Threaded Mode Print Thread