403 Forbidden

Status

403 Forbidden

What is a 403 Forbidden HTTP response?

A 403 Forbidden HTTP response status code is used when a server understands the request but does not authorise it.

A 403 is similar to a 401 Unauthorized response, except in that there is no possibility to reauthenticate with a 403.

What type of HTTP status is a 410?

A 403 is in the 4xx class of HTTP status codes which are client error based.

Is a 403 Forbidden bad for SEO?

A 403 can be bad for SEO. If your site is responding to requests from Googlebot's desktop or mobile bot with a 403 forbidden HTTP response this could lead to the resource not being indexed.

If Googlebot or another bot is getting a 403 then you should troubleshoot why this is happening and resolve it urgently.

How to fix a 403 error?

If your site is responding with a 403 Forbidden this could be due to a firewall or WAF issue.

Check you are not blocking Googlebot or bots in general, and consider contacting your web host if you are using shared hosting.

If you are a user and a site you are visiting is responding with a 403 - check you are assessing the correct resource or have the right credentials. Or consider coming back at another date.

Specification

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).

If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.

An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).

RFC

RFC 7231 6.5.3

Created: Last updated:

chevron-down