IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. HTTP Status Codes
  3. 403

4xx Client Error

403Forbidden

The client is authenticated (or authentication would not help) but is not permitted to access the resource. The server may omit the reason to avoid disclosure.

Security relevance

Inconsistent 403 vs 404 responses can enable resource enumeration; forced browsing that returns 200 instead of 403 indicates broken access control.

Related 4xx codes

400Bad Request401Unauthorized402Payment Required404Not Found405Method Not Allowed406Not Acceptable
← All status codes·Vulnerability knowledge graph
Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub