Cookie name	Description	Lifetime	Provider
_ce.clock_data	Store the difference in time from the server's time and the current browser.	1 day	Crazy Egg
_ce.clock_event	Prevent repeated requests to the Clock API.	1 day	Crazy Egg
_ce.irv	Store isReturning value during the session	Session	Crazy Egg
_ce.s	Track a recording visitor session unique ID, tracking host and start time	1 year	Crazy Egg
_hjSessionUser_2909345	Store a unique user identifier to track user sessions and interactions for analytics purposes.	1 year	HotJar
_hjSession_2909345	Store session data to identify and analyze individual user sessions.	1 day	HotJar
apt.uid	Store a unique user identifier for tracking and personalization.	1 year	Mageplaza
cebs	Store user preferences and settings.	Session	Mageplaza
cf_clearance	Store a token that indicates a user has passed a Cloudflare security challenge.	1 year	Cloudflare
crisp-client	The crisp-client/session cookie is used to identify and maintain a user session within the Crisp platform. It allows the live chat system to recognize returning users, maintain chat history, and ensure continuity in customer service interactions.	Session	Crisp
_ga	Store a unique client identifier (Client ID) for tracking user interactions on the	2 years	Google
_ga_7B0PZZW26Z	Store session state information for Google Analytics 4.	2 years	Google
_ga_JTRV42NV3L	Store session state information for Google Analytics 4.	2 years	Google
_ga_R3HWQ50MM4	Store a unique client identifier (Client ID) for tracking user interactions on the website.	2 years	Google
_gid	Store a unique client identifier (Client ID) for tracking user interactions on the website.	1 day	Google
_gat_UA-76130628-1	Throttle the request rate to Google Analytics servers.	1 day	Google

Cookie name	Description	Lifetime	Provider
_gcl_au	The cookie is used by Google to track and store conversions.	1 day	Google
__Secure-3PAPISID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
HSID	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.	2 years	Google
__Secure-1PSID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
SID	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.	2 years	Google
APISID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
__Secure-1PAPISID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
__Secure-3PSID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
SSID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
SAPISID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
__Secure-3PSIDTS	This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.	2 years	Google
__Secure-1PSIDTS	This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.	2 years	Google
SIDCC	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data, and protect visitor data from unauthorized access.	3 months	Google
__Secure-1PSIDCC	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	1 year	Google
__Secure-3PSIDCC	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	1 year	Google
1P_JAR	This cookie is a Google Analytics Cookie created by Google DoubleClick and used to show personalized advertisements (ads) based on previous visits to the website.	1 month	Google
NID	Show Google ads in Google services for signed-out users.	6 months	Google

Cookie name	Description	Lifetime	Provider
_dc_gtm	Manage and deploy marketing tags through Google Tag Manager.	1 year	Google
1P_JAR	Gather website statistics and track conversion rates for Google AdWords campaigns.	1 month	Google
AEC		1 month	Google
ar_debug	Debugging purposes related to augmented reality (AR) functionalities.	1 month	Doubleclick
IDE	The IDE cookie is used by Google DoubleClick to register and report the user's actions after viewing or clicking on one of the advertiser's ads with the purpose of measuring the effectiveness of an ad and to present targeted ads to the user.	1 year	Doubleclick
ad_storage	Enables storage, such as cookies (web) or device identifiers (apps), related to advertising.	1 year	Google
ad_user_data	Sets consent for sending user data to Google for online advertising purposes.	1 year	Google
ad_personalization	Sets consent for personalized advertising.	1 year	Google
analytics_storage	Enables storage, such as cookies (web) or device identifiers (apps), related to analytics, for example, visit duration.	1 year	Google

403 Forbidden Errors: Causes and Quick Solutions

Vinh Jacker | 08-30-2023

Imagine you are browsing the web and stumble upon a page you want to see. You click on the link and wait for it to load. But instead of seeing the content you expected, you see a message that says “403 Forbidden”. What does that mean? And how can you fix it?

This error can prevent you from accessing vital information or resources. It can also affect your website’s search engine ranking and reputation, making addressing this error as soon as possible essential.

This article will help you identify and resolve the root cause of errors that can ensure your website’s security, accessibility, and user-friendliness.

What Does 403 Forbidden Error Mean?

The HTTP status code 403 forbidden error indicates that the server understood the client’s request but refuses to authorize or fulfill it. In other words, the server acknowledges the client’s request but denies access to the requested resource.

This error not only affects user experience but also poses significant security risks. In fact, the impact of 403 Forbidden errors can have detrimental effects on both website visitors and their overall browsing experience

The Effect of 403 Forbidden Errors

Causes of 403 Forbidden Errors

There are a couple of reasons why 403 forbidden errors might happen:

Insufficient permissions: The most common reason is that you simply don’t have the permission to access the specific webpage. This could be because the webpage requires a login, or it could be restricted to certain users only.
Incorrect file/folder permissions: On the server side, files and folders can be configured to have specific permissions that control who can access them. If these permissions are set incorrectly, it can lead to a 403 Forbidden Error.
Misconfiguration of .htaccess file: The .htaccess file is a configuration file used on Apache web servers. If this file is configured incorrectly, it can also cause 403 Forbidden Errors.
IP blocking: In some cases, the server might be configured to block access from specific IP addresses. If your IP address is on this blocklist, you’ll encounter a 403 forbidden error.

Variations of 403 forbidden error

Like many other HTTP status codes, there are various variations of this error code that you might come across, each conveying the same core message of denied access. Some common variations include:

Forbidden: You don’t have permission to access / on this server
403 Forbidden: Access is denied
Error 403 Forbidden
403 Forbidden Error: You are not allowed to access this address
403 Forbidden nginx
HTTP Error 403 Forbidden: You do not have permission to access the document or program you requested
403 Forbidden: Access to this resource on the server is denied
You are not authorized to view this page - commonly happens on Chrome browsers (learn more in 403 Forbidden Chrome)
It appears you don’t have permission to access this page

In some cases, this error may be the result of an authentication issue rather than a permission one. If you’re unsure, it’s worth checking out the difference explained in 403 forbidden vs. 401 unauthorized

How to Fix 403 Forbidden Errors: The Quick Guide

1. Restore the page and double-check the address

Sometimes, the simplest solution is the most effective. A temporary glitch on the server side or in your browser can lead to a 403 forbidden error. Here’s what to do first:

Refresh the page: Click the refresh button in your browser or press F5 on your keyboard. This can clear any temporary issues and allow the server to process your request correctly.
Double-check the address: Typos in the URL can lead to a 403 forbidden error. Ensure you’ve entered the address accurately, paying close attention to capitalization and special characters.

If refreshing and verifying the address don’t work, move on to the next troubleshooting steps.

2. Edit file and directory permissions

If you have control over the server’s file system (applicable to website owners or administrators), incorrect file permissions might be the culprit of the 403 forbidden error.
This fix requires accessing the server’s control panel and modifying permissions for the affected files and directories.

For Windows, using the icacls command is a powerful command-line tool for managing file and folder permissions. Here’s how to do it:

Open Command Prompt in administrator mode (right-click and select “Run as administrator”).
Navigate to the directory containing the file or folder you want to reset permissions for.
You can use the cd command for this.
To reset permissions for a single file, type the following command (replacing “full path to your file” with the actual location of the file or folder)
- icacls “full path to your file” /reset
To reset permissions for a folder, including its subfolders and files, type the following command:
- icacls “full path to your folder” /reset /t /c /l In which:
- /t: Targets all subfolders and files within the folder.
- /c: Includes inheritable permissions.
- /l: Lists the new permissions after resetting.
Caution: Incorrectly modifying file permissions can break website functionality. If you’re unsure about this process, consult your hosting provider or a web developer.

3. Clear your browser cache and cookies

Your browser might be storing outdated cached data from the website, causing conflicts and lead to 403 forbidden error. Clearing your cache and cookies can resolve the issue. Here’s how to do it for popular browsers:

Chrome: Go to Settings > Privacy and security > Clear browsing data. Select “Cookies and other site data” and “Cached images and files,” then choose “All time” and click “Clear data.”
Firefox: Open the Menu (three horizontal lines) > History > Clear Recent History. Select “Cache” and “Cookies” and choose the desired time range before clicking “Clear Now.”
Safari: Go to Preferences > Privacy > Manage Website Data. Search for the problematic website and click “Remove.”

4. Disable VPN temporarily

If you are using a VPN (Virtual Private Network), it may be causing the 403 forbidden error. Temporarily disabling the VPN and accessing the website without it can help determine if the VPN is the source of the problem.

If the 403 forbidden error disappears after disabling the VPN, you may need to adjust the VPN settings or contact your VPN provider for further assistance.

5. Disable CDN temporarily

A CDN (Content Delivery Network) caches and delivers content from the closest web server to the user, improving load times and reducing bandwidth usage. However, issues with the CDN can sometimes result in a 403 Forbidden error. Temporarily disabling the CDN can help identify if it is causing the problem.

Disabling a CDN temporarily can be done through the control panel of your CDN provider. The exact steps will vary depending on the provider you use, but the general process involves:

Logging in to your CDN provider’s dashboard.
Navigating to the section that manages your CDN resources.
Finding the option to disable or pause the CDN service. This might be labeled “Disconnect,” “Disable,” or “Pause.” It could be a slider switch or a button.
Confirming the change.

Some providers might offer a “bypass” or “purge cache” option instead of disabling the entire service. This removes your content from the CDN’s edge servers, forcing users to access it directly from your origin server.

If the error is resolved after disabling the CDN, you may need to investigate the CDN settings or contact your CDN provider for assistance.

6. Delete and restore the .htaccess file

The .htaccess file is a configuration file used by web servers to control various aspects of website functionality. A corrupted or misconfigured .htaccess file can lead to a 403 Forbidden error. To fix this, you can try deleting the .htaccess file and then restoring it to its default state.

You can follow these steps:

Deleting the .htaccess File:
- If you need to delete the .htaccess file, you can do so by accessing your website dashboard using an FTP client or the file manager of your hosting account.
- Locate the .htaccess file in the file manager’s root directory, such as the public_html or www folder.
- You can rename the existing .htaccess file to something like .htaccess_old or simply delete it, although deleting it can be risky. It’s recommended that you just rename it.
Restoring the .htaccess File:
- If you have a backup of the .htaccess file, you can restore it by following these steps:
- First, locate the htaccess_backup.txt file on your computer and open it in a text editor.
- Use the text editor’s File » Save As command and make sure Save as type: is set to All Files (.).
- In the File name: box type: .htaccess (make certain to include the leading dot). Then click the Save button.

7. Troubleshoot IP or user agent restrictions

Sometimes, 403 Forbidden errors are caused by IP or user agent restrictions. This means that some IP addresses or user agents cannot access specific resources. This can be done as a security measure to prevent spam, bots, or malicious attacks. To address this issue, consider these steps:

Whitelist IP addresses: If some IP addresses are being blocked, review the server’s IP whitelist configuration and add the necessary IP addresses to allow access.
User-agent settings: If user-agent restrictions trigger the error, review the server configuration or security plugins to adjust the user-agent limits as needed.

8. Review security plugins or firewalls

Strengthen your firewall

If you have security plugins or firewalls installed on your website or server, they may sometimes interfere with legitimate access, leading to errors.

Temporarily disable or modify the settings of your security plugins or firewalls and check if the 403 Forbidden error persists.
If the error is resolved after disabling or adjusting the security measures, reconfigure them carefully to allow proper access while maintaining the necessary security.

If you are unable to fix the issue on your own, consider contacting the support team of your web hosting provider or the developers of your CMS or web application for help. Suppose you adhere to these steps and adopt the best practices.

In that case, you will achieve better results, and you can effectively troubleshoot and fix 403 Forbidden errors, ensuring users have the appropriate access and a smooth browsing experience on your website.

Conclusion

In conclusion, 403 Forbidden errors can significantly impact website visitors and user experience. Website owners and administrators must address and resolve these errors promptly to ensure a seamless browsing experience for users.

Taking action to fix 403 Forbidden errors is essential. By checking and modifying file or directory permissions, verifying and adjusting server configurations, troubleshooting IP or user agent restrictions, and addressing CORS-related problems, you can resolve these errors and provide users with the necessary access.

Table of content

Vinh Jacker

Jacker is the Chief Technology Officer (CTO) at Mageplaza, bringing over 10 years of experience in Magento, Shopify, and other eCommerce platforms. With deep technical expertise, he has led numerous successful projects, optimizing and scaling online stores for global brands. Beyond his work in eCommerce development, he is passionate about running and swimming.

Share this post:

Hyvä Theme is Now Open Source: What This Means for Magento Community - Mageplaza

Hyvä is now Open Source and free. Discover what changed, what remains commercial, how it impacts the Magento ecosystem, and how to maximize its full potential.

8 mins read | 02-12-2026

January 2026 - Mageplaza

2 mins read | 01-30-2026

December 2025 - Mageplaza

2 mins read | 12-30-2025

November 2025 - Mageplaza

2 mins read | 11-30-2025

October 2025 - Mageplaza

3 mins read | 10-30-2025

Holiday Marketing Hacks 2025 - How to Boost Sales for Magento 2 Stores? - Mageplaza

Discover the best 2025 holiday marketing strategies for Magento 2. Learn key trends, creative campaign ideas, and expert tips to increase seasonal sales.

17 mins read | 10-05-2025