Apologies for not replying sooner. I brought this to the developer, it’s still being worked on. Seems that it is not a simple fix.
Short technical explanation:
The preview images in the Onebox were previously hosted by the site being oneboxed. So, for example, the image in theguardian oneboxes was actually on theguardian’s servers, not Discourse. This was a problem sometimes, however, because these images could be served over http, not https, causing a browser warning about mixed content. So we started to download the images and store them locally to prevent this. Some sites don’t like this happening, and have measures to block this. There’s internal discussion about what to do in this case.