HTTP response status code 403 Forbidden is a client error that is returned by the server to indicate that the client does not have access to the requested resource, and does not offer an Authentication scheme by which access can be granted.
When the 403 Forbidden error message is received, the client does not have sufficient permissions to access the resource. This is a common error and in a very general way, tells the client that the request is not allowed. This is different from the more specific status, 401 Unauthorized, because the error will persist, even if the client re-authenticates and re-submits the HTTP request. Similarly, the more specific 405 Method Not Allowed status is used to tell the client that the resource is available, but their specific HTTP request is not permitted.
Search engines like Google will not index a URL with 403 Forbidden response status, and consequently, URLs that have been indexed in the past but are now returning this HTTP status code will be removed from the search results.
In the example, the client requests a resource and the server responds with the 403 Forbidden status to indicate that the client does not have access to this protected resource.
GET /tech-news/confidential.pdf HTTP/1.1
HTTP/1.1 403 Forbidden
Apache HttpComponents Core
The 403 Forbidden status code is a widely used and rather non-specific response to tell a client that the HTTP request is not allowed.