Onebox error code of 403

I did some further testing, none of them solve this bug.

Testing 1. Restore the backup* which before the bug occur. Reboot system then got a 502 error
PS: VPS disk image backup on 4/27, not discourse backup zip file

The new backup file can restore and reboot without problem, only old backup failed. It’s wierd. Theoretically the old backup should work fine as the other backup.

Testing 2. Clone the VPS disk image backup to a new VPS, followed the steps below to setup a new domain. The new site works fine, but this bug still exist. It should be due to rebuilt will load new discourse image which is the same.

Testing 3. Follow the steps of web page below to see why 403.

The image here show the difference of onebox between meta(above) and my site(below).

Testing urls for udemy and amazon. It seems one in 403 and one in 503.

< HTTP/2 403
< date: Fri, 07 May 2021 10:18:28 GMT
< content-type: text/plain; charset=UTF-8
< content-length: 16
< x-frame-options: SAMEORIGIN
< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< expires: Thu, 01 Jan 1970 00:00:01 GMT
< set-cookie: __cfduid=dbbbf721820c12aac03e8116c362147d51620382708; expires=Sun, 06-Jun-21 10:18:28 GMT; path=/; domain=.udemy.com; HttpOnly; SameSite=Lax
< cf-request-id: 09e7ef0b3c00000b939211d000000001
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< set-cookie: __cf_bm=f83cbaa075085ed2ae624e9bcfa5badf394f7ddd-1620382708-1800-Af1qbDD41LzYLWJX0XR39JAeFnjBdEmvhZO/0YloMwnBR8urb60m7+bcte18X+L59RfHKhzWeGPELN02cuiV9RA=; path=/; expires=Fri, 07-May-21 10:48:28 GMT; domain=.udemy.com; HttpOnly; Secure; SameSite=None
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 64b9b4585d9b0b93-NRT
<
{ [16 bytes data]
100    16  100    16    0     0    290      0 --:--:-- --:--:-- --:--:--   296
* Connection #0 to host www.udemy.com left intact

< HTTP/2 503
< server: Server
< date: Fri, 07 May 2021 10:25:04 GMT
< content-type: text/html
< strict-transport-security: max-age=47474747; includeSubDomains; preload
< x-amz-rid: P43ZS4CBG7V92Z7W4VSC
< vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
< last-modified: Wed, 30 Sep 2020 23:54:00 GMT
< etag: "a6f-5b0909d09d600"
< accept-ranges: bytes
< content-length: 2671
<
{ [1139 bytes data]
100  2671  100  2671    0     0  11871      0 --:--:-- --:--:-- --:--:-- 11871
* Connection #0 to host www.amazon.com left intact