1. HTTP (Hypertext Transfer Protocol)

  1. HTTP Status Codes

  1. 403 Forbidden
    1. Writing responses (servers)
    2. Reading responses (clients)
    3. Overview table
    4. See also

403 Forbidden

The 403 (Forbidden) HTTP status code indicates the server refuses to authorize the request. The requested operation is likely not possible, and there is no option to gain authorization.

By contrast, 401 (Unauthorized) provides a WWW-Authenticate header so that the user may authenticate and gain authorization.

Writing responses (servers)

Use 403 (Forbidden) when the request is not possible to fill, or if access is temporarially restricted. Use cases seem to be limited. If the particular method is not permitted on the resource, then 405 (Method Not Allowed) is more descriptive. For example, if modifying the resource is not permitted, then a PUT request should return 405 Method Not Allowed instead.

Reading responses (clients)

403 (Forbidden) errors cannot be retried; the user will have to seek other means to accomplish their task.

Overview table

Name
403
Message
403 Forbidden
Description
The server refuses to authorize the request.
Specification
RFC 7231: HTTP Semantics and Content ยง6.5.3. 403 Forbidden

See also