Missing PayPal webhook header

Hi @jasonhouge,
Glad you reached out! I need one more piece of information that should give me some context here, your system information. You can do this by navigating to Donations > Tools > System Info (tab) and click the button to “Get System Report” and copy/paste that in your reply here.

Once I have that I’ll be able to hop in and do some digging. Let me know if you have any questions in the meantime, I’m happy to help.

Hi @stephanieliy,
Thank you for the response – below is the information you’ve requested.

### WordPress Environment ###

Home URL: https://catsanonymous.org
Site URL: https://catsanonymous.org
WP Version: 6.1.1
WP Multisite: –
WP Memory Limit: 512 MB
WP Debug Mode: –
WP Cron: ?</img>
Language: en_US
Permalink Structure: /%category%/%postname%/
Show on Front: page
Page on Front: Get Started (#341)
Page for Posts: Unset
Table Prefix Length: wp_
Table Prefix Length: 3
Table Prefix Status: Acceptable
Admin AJAX: Accessible
Registered Post Statuses: publish, future, draft, pending, private, trash, auto-draft, inherit, request-pending, request-confirmed, request-failed, request-completed, gd-closed, gd-sale-agreed, gd-under-offer, gd-sold, spam, refunded, failed, revoked, cancelled, abandoned, processing, preapproval

### Server Environment ###

Hosting Provider: DBH: localhost:3306, SRV: catsanonymous.org
TLS Connection: Connection uses TLS 1.3
TLS Connection: Probably Okay
Server Info: LiteSpeed
PHP Version: 7.4.33
PHP Post Max Size: 8 MB
PHP Time Limit: 30
PHP Max Input Vars: 1000
PHP Max Upload Size: 8 MB
cURL Version: 7.68.0, OpenSSL/1.1.1f
SUHOSIN Installed: –
Default Timezone is UTC: ?</img>
fsockopen/cURL: ?</img>
SoapClient: ?</img>
DOMDocument: ?</img>
gzip: ?</img>
GD Graphics Library: ?</img>
Multibyte String: ?</img>
Remote Post: ?</img>
Remote Get: ?</img>

### GiveWP Configuration ###

GiveWP Version: 2.23.2
GiveWP Cache: Enabled
Database Updates: All DB Updates Completed.
Database Updates: All Database Migrations Completed.
Database Tables: ?</img> wp_give_donors?</img> wp_give_donormeta?</img> wp_give_comments?</img> wp_give_commentmeta?</img> wp_give_sessions?</img> wp_give_formmeta?</img> wp_give_sequential_ordering?</img> wp_give_donationmeta?</img> wp_give_revenue?</img> wp_give_migrations?</img> wp_give_log
GiveWP Cache: Enabled
GiveWP Cache: ?</img>New Donation?</img>Donation Receipt?</img>New Offline Donation?</img>Offline Donation Instructions?</img>New User Registration?</img>User Registration Information?</img>Donation Note?</img>Email access
Upgraded From: 2.23.1
Test Mode: Disabled
Currency Code: USD
Currency Position: Before
Decimal Separator: .
Thousands Separator: ,
Success Page: https://catsanonymous.org/get-involved/support-our-mission/donor-dashboard/donation-confirmation/
Failure Page: https://catsanonymous.org/get-involved/support-our-mission/donor-dashboard/donation-failed/
Donation History Page: https://catsanonymous.org/get-involved/support-our-mission/donor-dashboard/
GiveWP Forms Slug: /donations/
Enabled Payment Gateways: PayPal Standard, PayPal Donations, Offline Donation
Default Payment Gateway: PayPal Donations
PayPal IPN Notifications: IPN received for #930 ( 7VX33146004755041 ) on 01/12/2023 at 13:39. Status VERIFIED
Donor Email Access: Enabled
Stripe Webhook Notifications: N/A

### Active GiveWP Add-ons ###


### Other Active Plugins ###

Admin Menu Editor: by Janis Elsts – 1.10.4
Akismet Anti-Spam: by Automattic – 5.0.2
Blackhole for Bad Bots: by Jeff Starr – 3.3.5
Boxzilla: by ibericode – 3.2.25
Classic Editor: by WordPress Contributors – 1.6.2
Cloudflare: by Cloudflare, Inc. – 4.11.0
Complianz - Terms and Conditions: by Really Simple Plugins – 1.1.3
Complianz | GDPR/CCPA Cookie Consent: by Really Simple Plugins – 6.3.9
Content Views: by Content Views – 2.5.0.1
Content Views Pro: by Content Views – 5.9.2.2
Core Rollback: by Andy Fragen – 1.3.2
Disable Admin Notices Individually: by Creative Motion  – 1.3.1
Disable Comments: by WPDeveloper – 2.4.3
Email Test: by SiteAlert – 1.0.2
Faster Updates: by WP Core Contributors – 0.2.1
Favicon by RealFaviconGenerator: by Philippe Bernard – 1.3.27
FluentSMTP: by FluentSMTP & WPManageNinja Team – 2.2.2
Folders: by Premio – 2.8.8
GeoDirectory: by AyeCode - WordPress Business Directory Plugins – 2.2.22
Gravity Forms: by Gravity Forms – 2.6.9
Gravity Forms Akismet Add-On: by Gravity Forms – 1.0
Gravity Forms PayPal Checkout Add-On: by Gravity Forms – 2.4
Gravity Forms reCAPTCHA Add-On: by Gravity Forms – 1.1
Gravity PDF: by Blue Liquid Designs – 6.5.3
GravityWP - Merge Tags: by GravityWP – 1.1.4
Health Check & Troubleshooting: by The www.ads-software.com community – 1.5.1
Jetpack: by Automattic – 11.7
Jetpack Without Promotions: by required – 1.1.0
La Sentinelle antispam: by Marcel Pol – 2.2.1
LightStart - Maintenance Mode, Coming Soon and Landing Page Builder: by Themeisle – 2.6.2
LiteSpeed Cache: by LiteSpeed Technologies – 5.3.2
Login Logout Menu: by WPBrigade – 1.4.0
LoginPress - Customizing the WordPress Login Screen.: by WPBrigade – 1.7.0
Optimize Database after Deleting Revisions: by CAGE Web Design | Rolf van Gelder, Eindhoven, The Netherlands – 5.0.110
Perfect Images (Media Replace ? Generate Thumbnails ? Image Sizes ? Optimize ? HighDPI): by Jordy Meow – 6.3.9
Perfecty Push Notifications: by Perfecty – 1.6.2
Posts for Page Plugin: by Simon Hibbard – 2.1
Post Tags and Categories for Pages: by curtismchale – 1.4.1
Post to Google My Business: by Koen Reus – 3.1.3
Preloader: by Alobaidi – 1.0.9
PublishPress Capabilities: by PublishPress – 2.6.1
Query Monitor: by John Blackbourn – 3.11.1
Really Simple SSL: by Really Simple Plugins – 6.1.0
Redirection: by John Godley – 5.3.6
Regenerate Thumbnails Advanced: by ShortPixel – 2.4.0
Rollback Update Failure: by WP Core Contributors – 4.0.0
Squirrly SEO (Peaks): by Squirrly – 12.1.17
Sucuri Security - Auditing, Malware Scanner and Hardening: by Sucuri Inc. – 1.8.36
Super Progressive Web Apps: by SuperPWA – 2.2.11
Tag Pages: by Bjorn Wijers  – 1.0.2
The GDPR Framework: by Data443 – 2.0.4
We’re Open!: by Noah Hearle, Design Extreme – 1.44
Wordfence Assistant: by Wordfence – 1.0.9
Wordfence Security: by Wordfence – 7.8.2
WPS Hide Login: by WPServeur, NicolasKulka, wpformation – 1.9.6

### Inactive Plugins ###

Better Search Replace: by WP Engine – 1.4.2

### Active MU Plugins ###

Health Check Troubleshooting Mode: by  – 1.7.2

### Theme ###

Name: Neve
Version: 3.4.10
Author URL: https://themeisle.com
Child Theme: No – If you're modifying GiveWP on a parent theme you didn't build personally, then we recommend using a child theme. See: How to Create a Child Theme

Hi @jasonhouge,
Thanks for sending along that system information, it was helpful. When I view your donation form using the inspect tool, I see some async/deferred scripts, and that usually points us to caching. 

The fix can be a bit technical, so I’ll include as much detail as possible here, but you may need to reach out to your web developer or web support person to implement the recommendations I’ll be talking about below.

If you’re not familiar with caching, it’s a method of saving server resources by storing copies of a page or site, so that the next visitor’s visit doesn’t trigger a call to the server at all, they just get the copy that was saved. Basically instead of the site needing to recreate the page from scratch, it sends up a copy which allows it to load faster.

We put together this deep dive into what caching is and how it can cause problems: https://givewp.com/documentation/resources/caching/

Caching works really well for speeding up sites, but when a saved copy of the site has sensitive information in it (like donor info) it’s important that GiveWP not share that with the next visitor. If GiveWP is not convinced that the browser requesting the data is the correct one, it defaults to not showing the data.

Caching is handled differently on various sites and web hosts. This could mean a caching plugin, or caching could be in a security solution. Hosting providers also have settings for caching at the server level, and they can help make adjustments for you there. Most caching solutions have a setting or section for excluding specific URLs or parts of URLs (called “slugs”) from caching. At the very least, you should exclude the following slugs from caching:

/donations/
/donation-confirmation/
/donor-dashboard/
*any page with a donation form on it

Also, the following query strings (if your caching solution has a setting for them):
give-embed=donor-dashboard
giveDonationFormInIframe=1

Your host or the caching plugin/solution you are using can help with that. Some of them may require what's called a "wildcard" like /donations/* to capture all subdirectories under the /donations/ folder.

Some folks prefer to customize the URLs to their site pages, so you may find that your URLs don’t have the slugs mentioned above, even though they contain the same content. In cases like those, we recommend whitelisting the page, not just the slug, that way the pages with those essential pieces of information are still excluded from caching. This is especially important for URLs of pages with donation forms on them.

One helpful tip: Check in with your hosting provider. Most hosts have caching at the server level, and they will be able to adjust this for you. You can also temporarily disable caching on the site to confirm that the uncached site isn’t showing the problem.

While fine-tuning cache falls outside the scope of the support we’re able to provide, your success with online donations is our number one priority, and we’re happy to provide any tips.

I know this was quite a bit of information to share. If you have any questions about this let me know, I’m happy to help. Keep me posted how things go once you've implemented those caching exclusions. If you are still having trouble with PayPal, I'll hop back in for a closer look.

Hi @stephanieliy Thanks for looking deeper into this.
In my initial post above, you’ll see under “Steps Taken” I have already done what you’ve just mentioned about caching.

To be clear, I am the tech support from my client’s hosting provider and before writing, I had already excluded the above URIs, query strings and associated web pages from the cache and this had no impact on the issue.

In your reply you said “When I view the donation form using the inspect tool, I see some async/deferred scripts, and that usually points us to caching”

So what else might be the issue, if not the caching, and what will resolve the issue with the “Missing Paypal webhook header” error spamming the logs or the top PayPal button on the credit card form not work?

Thank you very much for your time,
Jason

• This reply was modified 1 year, 10 months ago by Jason Houge.

Hi @jasonhouge,
Implementing caching exclusions often means needing to do a bit of tweaking to get them just right. We typically start with addressing caching solutions, but often need to look into security solutions and at the server level to get things squared away. When I view your donation form, I no longer see an error for the missing header, so we are moving in the right direction, we just need to dig a little bit more. If you are still seeing that error, let me know.

Because those scripts are sticking around even after the exclusions are implemented, I would recommend a couple of things:

1. Check LiteSpeed Cache (I suspect you have already done this), and Wordfence and Cloudflare, as well as any optimization solutions you may be running. Security solutions and optimizers often have settings that can be adjusted or turned off to manage these scripts.

2. Check in with the hosting provider. When exclusions aren’t resolving the entire issue, it is very possible the issue is coming from the server side of things, and the hosting provider will need to make the necessary changes.

With caching issues we often recommend working it backwards. Turning off all caching, and then re-implementing each solution to see where that sticking point is.

You asked about reasons other than the “usual” for this issue – we have a couple actually, but they very likely don’t apply here. I’ll share them in case you find them helpful:

1. A required field on the donation form that hasn’t been completed. I don’t see this when I inspect your form, but it is certainly worth a quick look.

2. The Divi theme (definitely not your issue). This theme has special settings for scripts that need to be addressed.

Keep me posted on how things go here, I’m happy to keep digging or help with any questions you have

Hi @stephanieliy
Thanks again for your follow up and for the detailed response – I suspect this entire thread will help others in time.

At this point I have excluded the following from Litespeed and Cloudflare:

URI:
/donations/
/donation-confirmation/
/donor-dashboard/
/recurring-donations/
/give/iframe-form/

and

Query:
give-embed=donor-dashboard
giveDonationFormInIframe=1

I have also disabled the Javascript minification on Cloudflare

The host, in this case, is under my entire control. I know of no other compression, optimization, minification or caching software installed on the machine.

I am still seeing “Missing PayPal webhook header” spamming the logs.

The current Error being recorded on the host side is:

2023-01-18 05:21:14.525353 [NOTICE] [90474] [*.*.*.*:HTTP2-1#catsanonymous.org] [STDERR] PHP Fatal error:  Uncaught Error: Class name must be a valid object or a string in /wp-content/plugins/give/src/Form/Templates.php:120
Stack trace:
#0 /wp-content/plugins/give/src/Form/Templates.php(104): Give\Form\Templates->getTemplateObject()
#1 /wp-content/plugins/give/src/Controller/Form.php(139): Give\Form\Templates->getTemplate()
#2 /wp-includes/class-wp-hook.php(308): Give\Controller\Form->loadDonationFormView()
#3 /wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters()
#4 /wp-includes/plugin.php(517): WP_Hook->do_action()
#5 /wp-includes/template-loader.php(13): do_action()
#6 /wp-blog-header.php(19): require_once('/***...')
#7 /index.php(17): require('/***...')
#8 {main}
  thrown in /wp-content/plugins/give/src/Form/Templates.php on line 120

Thanks again for digging so deep into this with me! I sure hope this helps others along the way ??

Hey @jasonhouge,
I’m very happy to help, that’s what I’m here for! I appreciate your patience and all the information you’ve shared, it has been very helpful.

I’ve been doing a bit of digging, and ran this past the team as well. The consensus here is that we should should?deactivate?any cache solution as well as any minification/optimization service, and then test by turning them all back on one at a time until we see that error pop up again. Based on everything you’ve shared so far from your logs and errors, the issue is pointing at caching being the culprit, so we are taking the “big hammer” approach.

If this doesn’t get you going, I’ll need a place where this is replicable so I can jump in to do some digging. Let me know how things go with this testing, and we can go from there!

Hey, Thanks @stephanieliy,
Give me a day or two to mirror this site elsewhere so we have a duplicate of the issue at hand. I’ll work with that to do everything you’ve suggested. I’ll be in touch in a day or two.

Hi @jasonhouge,
It’s been a bit since I’ve heard back, and I know you are working on some testing here. I’m marking this as resolved for now, but you can create a new ticket or reopen this one and we can pick up right where we left off!
Have a great day!