Understood – many thanks for your response!
Just for info, I’m currently using this bodged version of your code to solve my problem:
public function process_external( $url ) {
// This is entirely at the user's risk. The $url is set by the user
// phpcs:ignore
// WAS: echo wp_remote_fopen( $url );
$x = wp_remote_get( $url );
header("Content-Type: ".wp_remote_retrieve_header($x, 'Content-Type'), true, 200);
echo wp_remote_retrieve_body($x);
}
