[robertlagrant]

Another comment picked what I think is the best option: the sender generates it, and receiver verifies it, but only on click. That way the receiver's already going to leak their IP, so WhatsApp can verify before opening up the web page.

[kevincox]

Verifies what? That the preview matches? What if it changed between the send and the click legitimately? Also what is the threat model here? If the sender controls the URL they can generate any preview that they want.