Bug Description
The Image Prioritizer module in the Performance Lab plugin can generate extremely large HTTP Link: rel=preload; as=image response headers on uncached pages (e.g. when users are logged in).
When pages contain responsive images (srcset, sizes) with long or non-ASCII filenames (e.g. UTF-8 / URL-encoded filenames), the resulting response headers may exceed common reverse-proxy limits (such as Nginx proxy buffer limits).
When this occurs, Nginx logs:
upstream sent too big header while reading response header from upstream
And Apache may log:
AH01068: Got bogus version
This results in intermittent HTTP 502 Bad Gateway errors for logged-in users.
Full Response Headers (example with UTF-8 / URL-encoded filename)
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 17 Dec 2025 13:48:35 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://www.example.com/wp-content/uploads/2025/12/favicon.png>; rel="preload"; fetchpriority="high"; as="image"; imagesrcset="https://www.example.com/wp-content/uploads/2025/12/favicon.png 1024w, https://www.example.com/wp-content/uploads/2025/12/favicon-300x300.png 300w, https://www.example.com/wp-content/uploads/2025/12/favicon-150x150.png 150w, https://www.example.com/wp-content/uploads/2025/12/favicon-768x768.png 768w"; imagesizes="(width <= 480px) 48px, (600px < width <= 782px) 48px, (782px < width) 48px, (max-width: 48px) 100vw, 48px"; media="screen and (600px < width <= 782px)", <https://www.example.com/wp-content/uploads/2025/12/%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B8%AA%E0%B8%96%E0%B8%B2%E0%B8%9B%E0%B8%99%E0%B8%B2%E0%B8%AA%E0%B8%A1%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%88%E0%B8%9E%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9A%E0%B8%A3%E0%B8%A1%E0%B9%80%E0%B8%98%E0%B8%AD-%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9F%E0%B9%89%E0%B8%B2%E0%B8%81_Page_2.png>; rel="preload"; fetchpriority="high"; as="image"; imagesrcset="https://www.example.com/wp-content/uploads/2025/12/%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B8%AA%E0%B8%96%E0%B8%B2%E0%B8%9B%E0%B8%99%E0%B8%B2%E0%B8%AA%E0%B8%A1%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%88%E0%B8%9E%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9A%E0%B8%A3%E0%B8%A1%E0%B9%80%E0%B8%98%E0%B8%AD-%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9F%E0%B9%89%E0%B8%B2%E0%B8%81_Page_2.png 1654w, https://www.example.com/wp-content/uploads/2025/12/%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B8%AA%E0%B8%96%E0%B8%B2%E0%B8%9B%E0%B8%99%E0%B8%B2%E0%B8%AA%E0%B8%A1%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%88%E0%B8%9E%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9A%E0%B8%A3%E0%B8%A1%E0%B9%80%E0%B8%98%E0%B8%AD-%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9F%E0%B9%89%E0%B8%B2%E0%B8%81_Page_2-212x300.png 212w, https://www.example.com/wp-content/uploads/2025/12/%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B8%AA%E0%B8%96%E0%B8%B2%E0%B8%9B%E0%B8%99%E0%B8%B2%E0%B8%AA%E0%B8%A1%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%88%E0%B8%9E%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9A%E0%B8%A3%E0%B8%A1%E0%B9%80%E0%B8%98%E0%B8%AD-%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9F%E0%B9%89%E0%B8%B2%E0%B8%81_Page_2-724x1024.png 724w, https://www.example.com/wp-content/uploads/2025/12/%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B8%AA%E0%B8%96%E0%B8%B2%E0%B8%9B%E0%B8%99%E0%B8%B2%E0%B8%AA%E0%B8%A1%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%88%E0%B8%9E%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9A%E0%B8%A3%E0%B8%A1%E0%B9%80%E0%B8%98%E0%B8%AD-%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9F%E0%B9%89%E0%B8%B2%E0%B8%81_Page_2-768x1086.png 768w, https://www.example.com/wp-content/uploads/2025/12/%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B8%AA%E0%B8%96%E0%B8%B2%E0%B8%9B%E0%B8%99%E0%B8%B2%E0%B8%AA%E0%B8%A1%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%88%E0%B8%9E%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9A%E0%B8%A3%E0%B8%A1%E0%B9%80%E0%B8%98%E0%B8%AD-%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9F%E0%B9%89%E0%B8%B2%E0%B8%81_Page_2-1086x1536.png 1086w, https://www.example.com/wp-content/uploads/2025/12/%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B8%AA%E0%B8%96%E0%B8%B2%E0%B8%9B%E0%B8%99%E0%B8%B2%E0%B8%AA%E0%B8%A1%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%88%E0%B8%9E%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9A%E0%B8%A3%E0%B8%A1%E0%B9%80%E0%B8%98%E0%B8%AD-%E0%B9%80%E0%B8%88%E0%B9%89%E0%B8%B2%E0%B8%9F%E0%B9%89%E0%B8%B2%E0%B8%81_Page_2-1448x2048.png 1448w"; imagesizes="(width <= 480px) 150px, (600px < width <= 782px) 331px, (782px < width) 542px, (max-width: 1654px) 100vw, 1654px"; media="screen and (782px < width)"
server: nginx
server-timing: wp-before-template;dur=160.05
wpo-cache-message: WordPress login cookies were detected
wpo-cache-status: not cached
x-cache-status: BYPASS
Additional Link: rel=preload headers for other images were present in the same response, further increasing total header size.
Steps to reproduce
- Install WordPress on a server using Nginx as a reverse proxy (for example, the default Plesk setup).
- Install and activate the Performance Lab plugin.
- Enable the Image Prioritizer module.
- Create or visit a page containing large images with
srcset (default WordPress behavior).
- Use image filenames that are long or contain non-ASCII characters.
- Log in as an administrator.
- Visit the page while logged in.
- In some cases, observe a 502 Bad Gateway error and the Nginx log entry:
upstream sent too big header.
Screenshots
No screenshots are available because the behavior appears to be intermittent and was no longer reproducible at the time of reporting.
Additional Context
- PHP Version: 8.1
- OS: Linux
- Web Server: Nginx (reverse proxy) + Apache
- Browser: Chrome
- Plugin Version: Performance Lab 4.0.0 & Image Prioritizer 1.0.0-beta2
- Device: Desktop
- When the issue occurred, response headers contained very large
Link preload entries including full srcset and sizes attributes.
- Increasing Nginx proxy buffer sizes mitigated the issue, indicating that the failure was related to excessive response header size.
- The behavior appears to be conditional and may depend on viewport size, page content, or prioritization heuristics.
- Disabling the Image Prioritizer module immediately resolved the issue.
Bug Description
The Image Prioritizer module in the Performance Lab plugin can generate extremely large HTTP
Link: rel=preload; as=imageresponse headers on uncached pages (e.g. when users are logged in).When pages contain responsive images (
srcset,sizes) with long or non-ASCII filenames (e.g. UTF-8 / URL-encoded filenames), the resulting response headers may exceed common reverse-proxy limits (such as Nginx proxy buffer limits).When this occurs, Nginx logs:
upstream sent too big header while reading response header from upstreamAnd Apache may log:
AH01068: Got bogus versionThis results in intermittent HTTP 502 Bad Gateway errors for logged-in users.
Full Response Headers (example with UTF-8 / URL-encoded filename)
Additional
Link: rel=preloadheaders for other images were present in the same response, further increasing total header size.Steps to reproduce
srcset(default WordPress behavior).upstream sent too big header.Screenshots
No screenshots are available because the behavior appears to be intermittent and was no longer reproducible at the time of reporting.
Additional Context
Linkpreload entries including fullsrcsetandsizesattributes.