Ahh, this is a oneboxing issue then and I don’t think there is an easy fix.
For example if you go to: Amazon.com
You’ll notice that it redirects to you HTTP, so I would say that site-wide HTTPS is not possible with Amazon at the moment. Which means the oneboxing code wouldn’t be able to pull in the HTTPS data from Amazon when your page loads.
One work-around is to use the method here:
https://meta.discourse.org/t/dont-load-http-images-when-using-https/27530/4
That thread references a feature request to store the images locally instead of pulling them “in real time” from the oneboxed site: