Enabling webp in Wordpress, mod_headers not installed?

Hi, i’m trying to enable webp support in Wordpress through the Webp Express plugin.

I encounter this error message:

`It seems your server setup does not support headers in *.htaccess*. You should either fix this (install *mod_headers*) *or* deactivate the "Enable direct redirection to existing converted images?" option. Otherwise the *Vary:Accept* header will not be added and this can result in problems for users behind proxy servers (ie used in larger companies)`

Should I have enabled this during installation or what’s the best way to enable it?
Isn’t it installed by default for security reasons?

This is my setup:
Proxy Server: nginx
Web Server: apache2
Backend Server: php-fpm

Thanks in advance!

Just install mod_headers.

The reason for not loading certain apache mods is that the team thinks that not enough users would need it and the panel should be as lean as possible.

1 Like

a2enmod headers

1 Like

Thank you @jlguerrero and @eris!

I enabled module headers with a2enmod headers after that I restarted apache2 and rebooted the server. Than I checked with sudo a2enmod headers with positive output: Module headers already enabled

Do I need to do something else? The error message isn’t gone yet.

I used Smush pro plugin for both compression and easy webp delivery configuration. Few lines in htaccess , removing webp from nginx, bulk compression and it indeed took around 20% from the images.

Thanks @badmarsh, yes there are other options although I need headers and rewrite for more stuff…

@jlguerrero and @eris It seems that “mod_rewrite” and “mod_headers” : could not be determined although they are loaded.

- .htaccess files enabled?: yes
- mod_rewrite working?: could not be determined
- mod_headers loaded?: yes
- mod_headers working (header set): no
- passing variables from .htaccess to PHP script through environment variable working?: yes
- Can run php test file in plugins/webp-express/wod/ ?: yes
- Can run php test file in plugins/webp-express/wod2/ ?: yes
- Directives for granting access like its done in wod/.htaccess allowed?: yes

The full system report of Webp Express:

System info:
- PHP version: 8.0.15
- OS: Linux
- Server software: Apache/2.4.52 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1f
- Document Root status: Available and its "realpath" is available too. Can be used for structuring cache dir.
- Document Root: /home/client-username/web/client-website.nl/public_html
- Document Root: Available and its "realpath" is available too. Can be used for structuring cache dir.
- Apache module "mod_rewrite" enabled?: could not be determined
- Apache module "mod_headers" enabled?: could not be determined
Wordpress info:
- Version: 5.9
- Multisite?: no
- Is wp-content moved?: no
- Is uploads moved out of wp-content?: no
- Is plugins moved out of wp-content?: no

Image roots (absolute paths)
uploads: /home/client-username/web/client-website.nl/public_html/wp-content/uploads
themes: /home/client-username/web/client-website.nl/public_html/wp-content/themes
plugins: /home/client-username/web/client-website.nl/public_html/wp-content/plugins
wp-content: /home/client-username/web/client-website.nl/public_html/wp-content
index: /home/client-username/web/client-website.nl/public_html
Image roots (relative to document root)
uploads: wp-content/uploads
themes: wp-content/themes
plugins: wp-content/plugins
wp-content: wp-content
index: .
Image roots (URLs)
uploads: https://client-website.nl/wp-content/uploads
themes: https://client-website.nl/wp-content/themes
plugins: https://client-website.nl/wp-content/plugins
wp-content: https://client-website.nl/wp-content
index: https://client-website.nl
WebP Express configuration info:
- Destination folder: separate
- Destination extension: append
- Destination structure: image-roots
(To view all configuration, take a look at the config file, which is stored in /home/client-username/web/client-website.nl/public_html/wp-content/webp-express/config/config.json)
Live tests of .htaccess capabilities / system configuration:
Unless noted otherwise, the tests are run in wp-content/webp-express/htaccess-capability-tester.
WebPExpress currently treats the results as they neccessarily applies to all scopes (upload, themes, etc),
but note that a server might be configured to have mod_rewrite disallowed in some folders and allowed in others.
- .htaccess files enabled?: yes
- mod_rewrite working?: could not be determined
- mod_headers loaded?: yes
- mod_headers working (header set): no
- passing variables from .htaccess to PHP script through environment variable working?: yes
- Can run php test file in plugins/webp-express/wod/ ?: yes
- Can run php test file in plugins/webp-express/wod2/ ?: yes
- Directives for granting access like its done in wod/.htaccess allowed?: yes
.htaccess files that WebP Express have placed rules in the following files:
- /home/client-username/web/client-website.nl/public_html/wp-content/uploads/.htaccess
- /home/client-username/web/client-website.nl/public_html/wp-content/themes/.htaccess
- /home/client-username/web/client-website.nl/public_html/wp-content/webp-express/webp-images/.htaccess```

I think I needed to install mod_headers a mod_expires


RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/wp-content/smush-webp/disable_smush_webp !-f
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{DOCUMENT_ROOT}/wp-content/smush-webp/$1.webp -f
RewriteRule wp-content/uploads/(.*.(?:png|jpe?g))$ wp-content/smush-webp/$1.webp [NC,T=image/webp]

Header append Vary Accept env=WEBP_image AddType image/webp .webp ```

Smush Pro documentation

Thanks @badmarsh. I’m not sure how your code applies if I don’t want to use smush pro…

This is my .htaccess file:

# WPP Cache load start

<IfModule mod_headers.c>
Header append Vary: Accept-Encoding

<IfModule mod_mime.c>
AddType text/html .html_gz .html_mobile_gz .html_amp_gz .html_mobile_amp_gz
AddEncoding gzip .html_gz .html_mobile_gz .html_amp_gz .html_mobile_amp_gz
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.html_gz$ no-gzip
SetEnvIfNoCase Request_URI \.html_amp_gz$ no-gzip
SetEnvIfNoCase Request_URI \.html_mobile_gz$ no-gzip
SetEnvIfNoCase Request_URI \.html_mobile_amp_gz$ no-gzip

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} Mobile [NC]
RewriteCond %{HTTP_USER_AGENT} Android [NC]
RewriteCond %{HTTP_USER_AGENT} Kindle [NC]
RewriteCond %{HTTP_USER_AGENT} BlackBerry [NC]
RewriteCond %{HTTP_USER_AGENT} Opera\sMini [NC]
RewriteCond %{HTTP_USER_AGENT} Opera\sMobi [NC]
RewriteRule .* - [E=WPP_MOBILE_EXT:_mobile]
RewriteCond %{REQUEST_URI} /amp/$ [NC]
RewriteRule .* - [E=WPP_AMP_EXT:_amp]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=WPP_GZIP_EXT:_gz]
RewriteCond %{QUERY_STRING} =""
RewriteCond %{REQUEST_URI} !^(/wp-json/(.*))$ [NC]
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]

RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/wpp-cache/%{HTTP_HOST}%{REQUEST_URI}/index.html%{ENV:WPP_MOBILE_EXT}%{ENV:WPP_AMP_EXT}%{ENV:WPP_GZIP_EXT}" -f
RewriteRule .* "/wp-content/cache/wpp-cache/%{HTTP_HOST}%{REQUEST_URI}/index.html%{ENV:WPP_MOBILE_EXT}%{ENV:WPP_AMP_EXT}%{ENV:WPP_GZIP_EXT}" [L]

# WPP Cache load end

# BEGIN WordPress
# De richtlijnen (regels) tussen "BEGIN WordPress" en "END WordPress" worden
# dynamisch gegenereerd en zouden alleen aangepast mogen worden via WordPress filters.
# Alle wijzigingen aan de richtlijnen tussen deze markeringen worden overschreven.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

# WPP Expire start

<IfModule mod_headers.c>
Header unset ETag

FileETag None

<IfModule mod_setenvif.c>

<IfModule mod_headers.c>
<FilesMatch "\.(cur|gif|png|jpe?g|svgz?|ico|webp|css|js)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS

<IfModule mod_headers.c>
Header append Vary: Accept-Encoding


<FilesMatch "\.(eot|otf|tt[cf]|woff2?)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"

<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault                                      "access plus 1 month"
ExpiresByType text/css                              "access plus 1 year"
ExpiresByType application/atom+xml                  "access plus 1 hour"
ExpiresByType application/rdf+xml                   "access plus 1 hour"
ExpiresByType application/rss+xml                   "access plus 1 hour"
ExpiresByType application/json                      "access plus 0 seconds"
ExpiresByType application/ld+json                   "access plus 0 seconds"
ExpiresByType application/schema+json               "access plus 0 seconds"
ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
ExpiresByType application/xml                       "access plus 0 seconds"
ExpiresByType text/xml                              "access plus 0 seconds"
ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
ExpiresByType image/x-icon                          "access plus 1 week"
ExpiresByType text/html                             "access plus 0 seconds"
ExpiresByType application/javascript                "access plus 1 year"
ExpiresByType application/x-javascript              "access plus 1 year"
ExpiresByType text/javascript                       "access plus 1 year"
ExpiresByType application/manifest+json             "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
ExpiresByType text/cache-manifest                   "access plus 0 seconds"
ExpiresByType audio/ogg                             "access plus 1 month"
ExpiresByType image/bmp                             "access plus 1 month"
ExpiresByType image/gif                             "access plus 1 month"
ExpiresByType image/jpeg                            "access plus 1 month"
ExpiresByType image/png                             "access plus 1 month"
ExpiresByType image/svg+xml                         "access plus 1 month"
ExpiresByType image/webp                            "access plus 1 month"
ExpiresByType video/mp4                             "access plus 1 month"
ExpiresByType video/ogg                             "access plus 1 month"
ExpiresByType video/webm                            "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
ExpiresByType font/eot                              "access plus 1 month"
ExpiresByType font/opentype                         "access plus 1 month"
ExpiresByType application/x-font-ttf                "access plus 1 month"
ExpiresByType application/font-woff                 "access plus 1 month"
ExpiresByType application/x-font-woff               "access plus 1 month"
ExpiresByType font/woff                             "access plus 1 month"
ExpiresByType application/font-woff2                "access plus 1 month"
ExpiresByType text/x-cross-domain-policy            "access plus 1 week"

# WPP Expire end

# WPP GZIP start

<IfModule mod_deflate.c>

SetOutputFilter DEFLATE

<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary

<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css

AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/manifest+json
AddOutputFilterByType DEFLATE application/schema+json
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/rdf+xml
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE x-web-app-manifest+json

AddOutputFilterByType DEFLATE font/collection
AddOutputFilterByType DEFLATE font/eot
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf

AddOutputFilterByType DEFLATE image/bmp
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/vnd.microsoft.icon
AddOutputFilterByType DEFLATE image/x-icon

<IfModule mod_mime.c>
AddEncoding gzip              svgz

# WPP GZIP end

These are my modules:

sudo apachectl -t -D DUMP_MODULES
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using host.MYDOMAIN.com. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 fcgid_module (shared)
 filter_module (shared)
 headers_module (shared)
 status_module (shared)
 mime_module (shared)
 mpm_event_module (shared)
 negotiation_module (shared)
 proxy_module (shared)
 proxy_fcgi_module (shared)
 remoteip_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 rpaf_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 suexec_module (shared)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.