diff --git a/rfcs/0004-insecure-http/README.md b/rfcs/0004-insecure-http/README.md
index bcf9782a0f..b9964b505c 100644
--- a/rfcs/0004-insecure-http/README.md
+++ b/rfcs/0004-insecure-http/README.md
@@ -111,9 +111,17 @@ for the required commands, which will be used for specifying the value of `.spec
 > Note: This flag should not be confused with `--insecure-skip-tls-verify` which is meant to skip TLS verification
 > when using an HTTPS connection.
 
+### Proxy
+
+The flag shall also be applicable to all possible proxy configurations. If HTTP requests are blocked, then specifying
+the `HTTP_PROXY` environment variable to the controller, will lead to an error being logged and emitted as an event
+along with the environment variable being ignored by the controller.
+Similarly, if a proxy is specified using the object's API, such as `.spec.proxy` in `Provider` and the proxy URL has
+`http` as its scheme, the controller will raise an error.
+
 ### Precedence & Validity
 
-Objects with `.spec.insecure` as `true ` will only be allowed if HTTP connections are allowed at the controller level.
+Objects with `.spec.insecure` as `true` will only be allowed if HTTP connections are allowed at the controller level.
 Similarly, an object can have `.spec.insecure` as `true` only if the Saas/Cloud provider allows HTTP connections.
 For example, using a `Bucket` with its `.spec.provider` set to `azure` would be invalid since Azure doesn't allow
 HTTP connections.