Control Panel > Features > Require HTTPS for Hotlinked Images Enabling this feature will only allow hotlinking of images from secure urls (HTTPS) to be displayed inline. Hotlinked images from insecure urls (HTTP) will be presented as a clickable link.
When enabled, users editing their profile are notified, "Remote avatars must be https" and "Hotlinked signature images must be https."
The Site Permissions editor (CP) for those permissions will also display a notice if this feature is enabled.
** When you enable this feature, its recommended that you also rebuild your Posts, Signatures, and Private Messages with the Content Rebuilder, to update your older posts.