403 Forbidden: What Does This Status Code Mean?

Thou shalt not pass! This is essentially the message a user is given when a server has communicated with a browser via a 403 forbidden status code, that the user cannot view the URL they tried to load. 

403 Forbidden

A 403 forbidden is certainly harsher than a 404 not found status code. After all, it is effectively telling the user that no further action can be taken on this page, and they should go elsewhere to continue. It also doesn’t specify the reason, just the instruction. 

But due to the complex nature of websites, sometimes a 403 forbidden is necessary. This is especially the case when you want to protect information on certain pages from prying eyes. 

Here is an overview of the 403 forbidden status code to tell you more. 

4xx Status Codes

4xx status codes are known as ‘client errors’. The term client refers to the browser such as Chrome or Firefox. 

These are the most common 4xx status codes you’re likely to come across: 

  • 400 bad request
  • 401 unauthorized
  • 402 payment required
  • 403 forbidden
  • 404 not found

What Causes 403 Forbidden?

With a 403 forbidden, the server knows who you are but is preventing you from continuing. A good example would be if you try to access a page that you don’t have the right permission to view, such as a contributor trying to get into the admin section of a website. The server is essentially acting as a gatekeeper, who has checked your credentials but knows you don’t have permission to continue.

A 403 forbidden status code can be frustrating for the user, but it is an excellent way of managing who has access to what to content on a website. This is especially the case if the website contains private information or even information which the user needs to be subscribed to in order to view. 

Without a 403 forbidden, anyone could view any aspect of your website’s content, which could pose a security issue.

How Can I Fix 403 Forbidden?

That all depends on why you are being shown the 403 forbidden. For example, did you type the URL in incorrectly? Or, do you genuinely want to access the page, but haven’t been given the right permission?

403 forbidden errors usually require user intervention to solve. On a basic level, this could involve requesting admin features from the site owner if applicable. Sometimes, an update of WordPress plugins or a change of password is required. 

If a 403 forbidden status code appears on a website that you don’t personally have access to, then the only way to fix it would be to contact the website owner. It could be a server issue they are not aware of. 

Alternatively, an old trick that’s the call centre equivalent of ‘have you tried turning it on and off again?’ would be to try a different browser. Ensure your computer (and browser) is up to date also, as sometimes outdated plugins can cause client errors.

Remember, some 403 forbidden status codes are also a legitimate response because you aren’t supposed to have access to that content. So, you can only ‘fix’ a 403 forbidden status code if it’s a genuine error. 

403 Forbidden Cloudflare

Cloudflare is a CDN (content delivery network). In essence, a CDN is a method of replicating your website and distributing it across the globe. This means when someone goes to load your website from the other side of the world, the page load time isn’t hindered as a result. 

Even Cloudflare is prone to the odd 403 forbidden message. As well as the reasons we have listed above, Cloudflare state the error could be due to a lack of an SSL certificate. Or, a temporary problem as you migrate from a free to a paid Cloudflare account. 

If you are a customer, be sure to contact Cloudflare directly if you’ve investigated the above causes but haven’t been able to fix the issue. Or, if the website you are trying to load is giving you a Cloudflare error, contact its customer support. 

Conclusion

When a 403 forbidden status code appears on your website, it will prevent a user from continuing. Sometimes, this is needed for security reasons. However, it pays to check your pages aren’t displaying this error unintentionally, as it will affect user experience. 

Steve Paine