403 Forbidden HTTP Status Code


HTTP status code 403 is an indication that the server understood the request, but it refuses to authorize it. This status code is usually used when authentication is required and has failed or has not yet been provided. It's also commonly employed when the server understands the client's request, but the server refuses to fulfill it due to permissions or access controls.

In simpler terms, when you encounter a 403 error, it means that the server you're trying to access recognizes who you are, but it's denying you access to the resource you're trying to reach. This might happen because you don't have the necessary permissions or credentials to view the page or resource.

The 403 status code can be further categorized into subcodes to provide more specific information about why access is forbidden. For example:

  • 403 Forbidden: This is the standard 403 error, indicating that the server understood the request but is refusing to fulfill it.
  • 403.1 - Execute access forbidden: The request was for a resource that requires execution rights to it, but those rights have not been granted.
  • 403.2 - Read access forbidden: The server is denying access to the requested resource because it does not have the appropriate permissions.
  • 403.3 - Write access forbidden: Similar to the above, but specifically related to write permissions.
  • 403.4 - SSL required: The server requires a secure SSL connection before granting access to the resource.
  • 403.5 - SSL 128 required: The server requires a secure SSL connection with 128-bit encryption before granting access to the resource.
  • 403.6 - IP address rejected: The request was made from an IP address that the server has been configured to block.
  • 403.7 - Client certificate required: The server requires a client certificate to access the resource.
  • 403.8 - Site access denied: The server has denied access to the requested website or directory.

These are just some examples of subcodes that can accompany the 403 status code to provide more specific information about the reason for the denial of access.


403 Forbidden

Common Causes

A HTTP status code 403 indicates that the server understands the request but refuses to authorize it. This can happen for several reasons:

  1. Incorrect File Permissions: This is a common cause where the server does not have the permissions to read the file or execute a script related to the request.

  2. Invalid IP Address: The server might be set up to block requests from certain IP addresses or ranges. If your IP is not allowed, you'll receive a 403 error.

  3. Incorrect Directory Indexes: If the server is configured to deny directory listings and a directory without an index file is requested, it might return a 403 error.

  4. URL Filtering: Some websites use security filters that can mistakenly identify a legitimate request as malicious, resulting in a 403 error.

  5. Erroneous .htaccess Configuration: Misconfigurations in the .htaccess file can lead to 403 errors. This file controls access to certain parts of the website based on defined rules.

  6. SSL Certificate Error: If a website requires a valid SSL certificate for access and your request doesn't comply with this requirement, it could lead to a 403 error.

  7. Geolocation Restrictions: Some content is restricted to certain geographic regions. If you're outside these regions, you might encounter a 403 error.

  8. Resource or Content Removal or Unavailability: If the requested content has been removed from the site or is no longer available for other reasons, the server might return a 403 error instead of a 404, depending on how it's configured.

  9. Server-Side Scripts Execution Limits: If executing a server-side script exceeds the server's predefined resource usage limits, a 403 error may be returned.

  10. Failed CSRF Token Verification: For sites implementing CSRF protection, failing to submit a valid CSRF token with a form can result in a 403 error.

  11. VPN or Proxy Issues: Some websites block traffic coming from certain VPNs or proxies. If you're using one, this might be why you're seeing a 403 error.

Resolving a 403 error involves identifying the exact cause and addressing it directly, whether by adjusting file permissions, modifying server configuration, or ensuring that the request complies with the server's security policies.

Browser Support

The following table will show you the current browser support for the 403 Forbidden HTTP status code.

Edge Chrome Firefox Opera Safari
Tablets / Mobile
Chrome Firefox Opera Safari Samsung Webview

Last updated by CSSPortal on: 1st April 2024