404 on onebox URLs - trying with X.com links

Support
1

I can’t figure out for the life of me why X.com URLs don’t show the onebox anymore. I tried changing the forum’s DNS so it’s not routed through Cloudflare (yes, I waited over 6 hours after the change) and still see a 404 when trying an X.com URL.

I’m on the latest version of Discourse as well.

Any ideas?

Request URL:
https://discuss.flynumber.com/onebox?url=https%3A%2F%2Fx.com%2FFlynumbers%2Fstatus%2F2008337947335016821&refresh=true&topic_id=4887

Request Method:
GET

Status Code:
404 Not Found

Remote Address:
[2606:4700:20::681a:eda]:443

Referrer Policy:
same-origin

Response Headers:
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 9c5434f07f8af60d-TLV
content-encoding: br
content-security-policy: frame-ancestors 'self' https://www.flynumber.com;
content-type: text/plain; charset=utf-8
date: Wed, 28 Jan 2026 23:18:03 GMT
expect-ct: max-age=86400, enforce
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority: u=1,i
referrer-policy: same-origin
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=..."}]}
server: cloudflare
server-timing: cfExtPri
set-cookie: __profilin=...; path=/; secure; HttpOnly; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept
x-content-type-options: nosniff
x-discourse-route: onebox/show
x-discourse-username: FlyNumber
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: f6455426-e15c-434c-9a00-afba904aef3f
x-runtime: 0.093848
x-xss-protection: 1; mode=block

Request Headers:
:authority: discuss.flynumber.com
:method: GET
:path: /onebox?url=https%3A%2F%2Fx.com%2FFlynumbers%2Fstatus%2F2008337947335016821&refresh=true&topic_id=4887
:scheme: https
accept: text/html, */*; q=0.01
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9,fr;q=0.8,he;q=0.7
cache-control: no-cache
pragma: no-cache
referer: https://discuss.flynumber.com/t/romania-phone-number/4887/2
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36
x-csrf-token: lNzlI8YUzVM7DaP3P--JRo2Uw1PAKNHZvdrt3C0BBrF9rVDu9D2nH8MDgiwzGWakGjlHvqon7ORZyLO-s7_6oA
x-requested-with: XMLHttpRequest

Discourse:
discourse-logged-in: true
discourse-present: true