A 403 means the server understood your request but refused it. It's not always your fault — WAFs, geo-blocks, IP bans, and misconfigured permissions all cause 403s. Paste the URL below and get the real cause.
| Cause | Who it affects | Fix |
|---|---|---|
| WAF / Firewall block | Your IP or user agent triggered a rule | Try mobile data to confirm; check WAF logs |
| Geo-restriction | Site blocked in your country/region | VPN to another region to verify |
| IP ban | Your specific IP is blocked | Check with hosting; restart router for new IP |
| Bot detection | Server rejects non-browser requests | Use Browser vs Bot compare above |
| File permissions | Server-side 644/755 wrong on files/dirs | Set files to 644, directories to 755 |
| Missing index file | Directory listing disabled, no index.php/html | Add an index file or enable directory listing |
| Hotlink protection | Direct access to images/files blocked | Access via the page, not the direct URL |
| Auth required | Resource requires login or API key | Differs from 401 — credentials won't help here |
You're not logged in or your credentials are wrong. Logging in might fix it. The server is saying "prove who you are."
The server knows who you are (or doesn't care) and has decided you're not allowed regardless. Logging in will not fix a true 403.
Many Cloudflare / AWS WAF blocks return 403 with an HTML challenge page. The giveaway: check for a CF-RAY response header. LinkAutopsy detects this automatically.
Switch to mobile data (4G/5G). If it works, your IP or ISP is blocked — not the URL itself.
Use the comparison button above. If Googlebot gets a 200 but your browser gets a 403, it's a bot-detection rule blocking real users — a serious misconfiguration.
LinkAutopsy shows all response headers. A CF-RAY header = Cloudflare. X-Cache: MISS = CDN miss. These tell you where in the stack the block is happening.
Paste your LinkAutopsy report URL in the support ticket. It gives hosting support the exact HTTP status, headers, DNS, SSL, and a screenshot — everything they need without back-and-forth.
Not usually. Most 403s are configuration issues — wrong permissions, an overzealous WAF rule, or an IP block. A hack would more typically cause a 500 or serve unexpected content.
A browser extension (VPN, ad-blocker, privacy tool) is likely modifying your request headers in a way that triggers a WAF rule. Disable extensions one by one to find the culprit.
Only partially. You can try a VPN, different browser, or mobile data. If the site is intentionally blocking you, there's no technical fix — contact the site owner.