HTTPError.net

The fastest way to diagnose, understand, and fix any HTTP status code

403 Forbidden

Fault: Client
TL;DR

Server understood the request but refuses to authorize it.

The client does not have access rights to the content.

What This Error Means

The client does not have access rights to the content.

Server understood the request but refuses to authorize it.

Common Causes

How to Fix It (For Visitors)

How to Fix It (For Developers/Admins)

Code Examples

Here's how to return a 403 status code in various programming languages:

Python (Flask)

from flask import Flask, jsonify

app = Flask(__name__)

@app.route('/endpoint')
def endpoint():
    return jsonify({"message": "Forbidden"}), 403

Node.js (Express)

const express = require('express');
const app = express();

app.get('/endpoint', (req, res) => {
    res.status(403).json({ message: 'Forbidden' });
});

PHP

<?php
http_response_code(403);
header('Content-Type: application/json');
echo json_encode(['message' => 'Forbidden']);
?>

Go

package main

import (
    "encoding/json"
    "net/http"
)

func handler(w http.ResponseWriter, r *http.Request) {
    w.Header().Set("Content-Type", "application/json")
    w.WriteHeader(403)
    json.NewEncoder(w).Encode(map[string]string{
        "message": "Forbidden",
    })
}

Java (Spring Boot)

@GetMapping("/endpoint")
public ResponseEntity<Map<String, String>> endpoint() {
    Map<String, String> response = new HashMap<>();
    response.put("message", "Forbidden");
    return ResponseEntity.status(403).body(response);
}

Ruby (Sinatra)

get '/endpoint' do
    status 403
    json message: 'Forbidden'
end

Browser Compatibility

Browser Support Notes
Chrome✓ Full SupportAll versions
Firefox✓ Full SupportAll versions
Safari✓ Full SupportAll versions
Edge✓ Full SupportAll versions

Official Specification

This status code is defined in RFC 7231 Section 6.5.3.

View on IANA HTTP Status Code Registry →

Related Status Codes