Developer Tools

How to Fix 403 Forbidden Error on a Website

You're trying to access a page or API and keep getting a 403 Forbidden error. The server understood your request but refuses to let you in. Here's how to fix it.

Open HTTP Status Codes 100% free. No sign-up. Works in your browser.

Quick Answer

A 403 Forbidden error means you don't have permission to access the resource. Check your login, API key permissions, file permissions, or .htaccess rules. Use the HTTP Status Codes tool at dotsapps.com for quick reference on any status code.

What Does 403 Forbidden Mean?

HTTP 403 means the server received your request and understood it, but it's refusing to give you access. Unlike 401 (which means "you're not logged in"), 403 means the server knows who you are — it just won't let you in.

Think of it like a building where you have a badge but not clearance for a specific floor. You've identified yourself, but you don't have the right permissions.

This error can happen on websites, APIs, file servers, and any HTTP-based service. The fix depends on what's causing the permission block.

Common Causes of 403 Forbidden Errors

Here are the most frequent reasons you'll see a 403:

  • Wrong file permissions: On Linux servers, files need read permission (644) and directories need execute permission (755). Wrong permissions block access.
  • .htaccess rules: Apache servers use .htaccess files to control access. A misconfigured rule can block everyone.
  • IP blocking: Some servers block specific IP addresses or countries. You might be on a blocklist.
  • Missing index file: If a directory has no index.html or index.php, and directory listing is disabled, you get 403.
  • API key scope: Your API key might not have permission for the endpoint you're calling.
  • CORS restrictions: Web browsers block cross-origin requests that the server doesn't explicitly allow.
  • WAF/firewall rules: A web application firewall might flag your request as suspicious.

How to Fix 403 on Your Own Website

If you control the server, try these fixes in order:

1. Check file permissions. Connect via SSH and run ls -la on the affected files. Files should be 644, directories should be 755. Fix with chmod.

2. Review .htaccess. Look for Deny rules or password protection directives. Comment out suspicious lines and test.

3. Check the index file. Make sure the directory has an index.html or index.php file. Or enable directory listing in your server config.

4. Review server config. In Apache, check <Directory> blocks. In Nginx, check location blocks. Make sure "Require all granted" or equivalent is set.

5. Check your CDN/firewall. Cloudflare, AWS WAF, and similar services have security rules that can trigger 403. Check their dashboards for blocked requests.

Fix 403 Errors in API Requests

For API 403 errors, the problem is usually authentication or authorization:

  • Check your API key or token. Make sure it's included in the request header. Most APIs use "Authorization: Bearer YOUR_TOKEN".
  • Verify permissions. Your key might have read-only access when you're trying to write. Check the API dashboard for key scopes.
  • Check rate limits. Some APIs return 403 instead of 429 when you hit rate limits.
  • Try a different endpoint. Some APIs restrict certain endpoints to paid plans or admin accounts.
  • Check the request method. An endpoint might allow GET but not POST. Make sure you're using the right HTTP method.

If you've checked everything and still get 403, the API provider might be blocking your IP. Contact their support with the exact request details and timestamp.

How to Do It: Step-by-Step

  1. 1

    Identify whether the 403 is on a website you own or someone else's.

  2. 2

    If it's your site, check file permissions (644 for files, 755 for directories).

  3. 3

    Review .htaccess or server config for access restrictions.

  4. 4

    For APIs, verify your auth token and permission scopes.

  5. 5

    Check firewalls, CDNs, and WAF rules that might block the request.

Try HTTP Status Codes Now →

Frequently Asked Questions

What is the difference between 403 and 401 error?

401 means you're not authenticated (not logged in). 403 means you're authenticated but don't have permission. Fix 401 by logging in. Fix 403 by getting the right permissions.

Can a VPN cause a 403 Forbidden error?

Yes. Some websites block VPN IP addresses because they're associated with suspicious traffic. Try disconnecting your VPN and accessing the site directly.

Why do I get 403 Forbidden on a website that worked before?

The site may have changed its permissions, your session may have expired, your IP may have been blocked, or a firewall rule was updated. Try clearing cookies and logging in again.

How do I fix 403 Forbidden in Chrome?

Clear your browser cache and cookies for that site. Try incognito mode. Disable browser extensions that modify requests. If it's still 403, the issue is server-side, not browser-side.

Ready to Try It?

HTTP Status Codes is free, private, and works right in your browser. No sign-up needed.

Open HTTP Status Codes

Related Tools You Might Like

link URL Encoder / Decoder code JSON Formatter source-code HTML/CSS/JS Playground

100+ Free Tools. Zero Sign-ups.

Every tool runs 100% in your browser. Your data never leaves your device.

Explore All Tools

Cloud Sync

Connected to Google Drive