haha sorry, you’re right - it did prompt me to investigate further.
It looks like the onebox’er sends a HEAD request, which would explain it not working on my site, as I only support GET and POST. Doing a HEAD results in a 501 Not Implemented. When did this change?
Was quite involved. The fix wasn’t as simple as to try HTTP GET, but it also involved supporting cookies on redirects which our more secure redirector did not do. Both are supported now.