← All Status Codes
403
Forbidden
⚠️ Client Error High Risk

📖 What Is HTTP 403?

The server understood the request but refuses to authorize it. Unlike 401, authentication will not help — the user simply does not have permission.

🛡️ Security Implications

Access control enforcement point. Ensure 403 is returned consistently for all unauthorized access attempts. Avoid information leakage in error messages.

🔍 Common Causes

Insufficient permissions, IP blocklist, WAF rule triggered, directory listing disabled, file permission issues, geographic restriction.

🔧 How to Fix

Check user permissions and roles. Review WAF rules for false positives. Verify file permissions on the server (644 for files, 755 for directories).

🖥️ How to Check

curl -I -o /dev/null -w "%{http_code}" https://example.com

🔗 Related Client Error Codes

400
Bad Request
401
Unauthorized
404
Not Found
405
Method Not Allowed
406
Not Acceptable
407
Proxy Auth Required
408
Request Timeout
409
Conflict
📚 Learn Web Security — Free Course