How to Fix ‘403 Forbidden’ Error

403 Forbidden Error is yet another HTTP response status code. This one indicates that the user does not have the proper authorization to access the requested content. Typically, the web server will respond with this error when it’s able to understand the request but refuses to deliver for various reasons. The refusal might happen because the server is configured to deny that particular client request or because of improper permission configuration.

The 403 Forbidden error is not exclusive to a certain operating system and can be encountered on every platform capable of accessing the internet.

Depending on the web server you’re accessing, you might the encounter 403 Forbidden error in many different shapes and sizes. But most of the time, you’ll see it in plain text in the following variations:

  • HTTP 403
  • 403 Forbidden
  • Forbidden: You don’t have permission to access [directory] on this server
  • Forbidden
  • Error 403 – Forbidden
  • Http Error 403 – Forbidden
  • HTTP Error 403.14 – Forbidden

Note: If you’re using Internet Explorer, you might see this error wrapped in a message saying “The website declined to show this webpage”.

Sometime the website owner will customize how the 403 error looks, but those cases are rare.

Server-side or client-side?

If you follow the HTTP documentation, status codes starting with 4xx (403, 404, etc.) are considered to be client error responses. But the fact is, often times, the response code is displayed on the client-side (your web browser) even if the web server is the one that’s causing issues.

Web administrators have the power to limit the access to a certain domain or directory. They can choose to prevent anonymous users from accessing certain contents or impose geographical restrictions.

There’s no guaranteed guide that will tell you for sure if the problem is local or it comes from the web server. When dealing with this situations, the best course of action would be to perform a solid troubleshooting session with the most effective fixes. This guide is aimed at helping regular users fix the 403 Forbidden Error, not webmasters.

If you’re dealing with a 403 Forbidden Error, follow the methods below in order. If you won’t manage to make it go away, at least you’ll know for sure your device is not to blame. Let’s begin.

Method 1: Double-check the URL

I know this sounds very basic, but this is one of the most common culprits of the 403 Forbidden error. Before you do anything else, make sure the URL you’re trying to access is correct. If you’re trying to access a certain file manually by typing out the URL, make sure you specify the actual file name and extension, not just the directory.

Secured websites will not allow directory browsing, so the 403 Forbidden Error is to be expected when trying to access file directories or private pages without knowing the exact file name or it’s extension.

Method 2: Clearing related cookies

HTTP cookies are tiny pieces of data stored on your computer. They speed up various tasks performed by apps and websites by remembering useful information. Most web apps will use cookies to store the user authentication status. Next time the user accesses that web app, the cookie will inform the server of the authorization the client has.

But as with all things, cookies can become corrupted and prevent the authentication from happening as it should. To test this theory, you’ll need to delete the relevant cookies and see if the issue goes away. To point you in the right direction, we’ve put together a quick guide to removing website cookies. See the guide below for a clearer picture:

Note: We used Google Chrome since it’s the most popular PC browser. However, the steps are roughly similar across all browsers. If you can’t find the equivalent steps on your browser, search online for a specific guide.

  1. Select the action menu (three-dot) in the bottom-right corner and click on Settings.
  2. Scroll all the way down to the bottom of the page and click Advanced.
  3. Scroll down to the bottom of Privacy and security and click on Clear browsing data.
  4. Acess the drop-down menu near Clear the following items from and set it at the beginning of time. Then, check Cookies and other site data while unchecking everything else. Click on Clear Browsing data and wait for the process to complete.

Method 3: Clearing the cache

If you’re still getting the 403 Forbidden Error after deleting the relevant cookies, let’s turn our attention to the cache of your browser. Your browser cache is a storage unit used to retain local copies of various web content. It can store almost any type of data and will spare your browser from having to download the same data every time you visit a particular site.

However, it’s possible that your cached version of the site you’re visiting is conflicting with the live one. Sometimes, this will produce the 403 Forbidden Error as a result. See if that’s the case by clearing your browser’s cache and revisit the website that’s giving you trouble. Here’s a quick guide:

Note: The exact steps of clearing the cache are also browser dependent. If you’re not using Chrome, search online for steps in your browser.

  1. Select the action menu (three-dot) in the bottom-right corner and go to More Tools > Clear browsing data.
  2. Once you’re into the Clear browsing data window, set the top filter to the beginning of time.
  3. Now check the box next to Cached images and files, then uncheck everything else. Finally, click on Clear Browsing Data.

Method 3: Re-authenticate in the web app

If you already cleared the browser cookies, chances are you’ll automatically be prompted to log in again the next time you visit the site that’s displaying the error message.

When you load a web app that requires authentication, the server will send a session token to the client in order to identify it easily during future requests. But if something goes wrong and the server doesn’t recognize the session token or it sees it as invalid, you might see the 403 Forbidden Error as a result.

For most websites with a log-in system, logging out and then logging back in will force the server to create and send a new session token, which will make the 403 Forbidden Error go away.

Method 4: Disable your Extensions, Plugins or Add-ons

Extensions, modules or plugins, etc. (depending on your browser) have the ability to expand the native capabilities of your browser. But some extensions can have more control of your system than bargained for. Some of them will even attempt to make changes to the code, which most serious websites won’t allow.

If you’re experiencing the 403 Forbidden Error, it’s worth a shot to disable all extensions, modules, or whatever they’re called in your browser and reload the web page.

Conclusion

If the methods above have proved to be unsuccessful, you should consider asking the website owner if the issue is on the server-side. But if the website is working normally for other people, you should also ask if they use geo-locations criteria when granting user permissions. There have been cases where huge lists of IP addresses have been blacklisted based on location for security reasons.

Keep in mind that your ISP might also impose restrictions on certain websites to prevent you from downloading illegal stuff. Some ISPs in western and eastern Europe have automatic filters that will blacklist your IP if you’re spending too much time browsing torrent websites. In any case, you’ll only know for sure after contacting your Internet Service Provider.

ABOUT THE AUTHOR

Kevin Arrows


Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.