Fixing 403 Forbidden Errors for Image Requests in Code

Apr 2, 2024 ยท 3 min read

It can be frustrating when your application code gets a 403 error trying to retrieve an image, yet the same image URL loads fine in your web browser. This "access denied" style error typically means there is some difference in the request headers or authentication between your code and the browser.

Let's walk through some of the common causes of 403 errors for image requests in code, along with tips on how to properly structure your requests.

Ensure Proper Authorization Headers are Sent

Many image assets require authorization to access. Your browser may handle authorization transparently if you are already logged into the site in your browser session. Your application code however needs to explicitly send the expected authorization headers with the request.

Common authorization methods:

  • API Key - Many services use API keys to authorize access. Make sure to read the image service's documentation and include the expected Authorization or custom header with your API key.
  • Bearer Token - APIs often use OAuth JSON Web Tokens for authorization, sent in the Authorization: Bearer header. Your code needs to obtain and send a valid access token.
  • Basic Auth - Some services use HTTP Basic Auth, encoding username/password into the Authorization header. Encode your credentials correctly in the header.
  • Double check that any authorization headers or values expected by the image service are properly included in your code's HTTP requests.

    Use the Same User Agent as Your Browser

    The User-Agent header identifies the application making the request. Some image servers block common library user agents like Python-Requests for security reasons.

    Instead, mimic the browser's user agent in your code requests:

    import requests
    headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0"} 
    response = requests.get("", headers=headers)

    This makes your script look like a real Firefox browser to the server.

    Check for Missing Request Headers

    In addition to authorization and user agent, compare other request headers sent by your code versus directly from the browser.

    For example, some servers require the Accept or Referer header to allow image downloads. Use your browser's network inspector and your code library's logging to compare all headers sent.

    Ensure any expected headers like Accept: image/webp are copied into your code's requests.

    Handle Redirects Correctly

    If the image URL redirects to another location, ensure your code properly follows redirect responses with a subsequent GET to the new URL.

    Some code libraries do this automatically behind the scenes. But if not, explicitly handle 30x redirects and retry the image request at the redirected URL.

    Check for Rate Limiting

    If the image resource has rate limiting, your code may hit a 403 after exceeding the service's maximum requests per minute.

    Try spacing out your image downloads with brief pauses. You can also check the response headers for rate limiting details, and slow down requests if limits are hit.


    403 forbidden errors for image requests often come down to differences in headers, authorization, redirects, or rate limits compared to the browser. By mimicking the browser's requests as much as possible in your code, you can eliminate tricky 403 image issues.

    Carefully inspect the browser request details against your code using debugging tools. Match up all headers, handle redirects, and provide proper credentials or API keys in your code for seamless image downloads.

    Browse by language:

    The easiest way to do Web Scraping

    Get HTML from any page with a simple API call. We handle proxy rotation, browser identities, automatic retries, CAPTCHAs, JavaScript rendering, etc automatically for you

    Try ProxiesAPI for free

    curl ""

    <!doctype html>
        <title>Example Domain</title>
        <meta charset="utf-8" />
        <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1" />


    Don't leave just yet!

    Enter your email below to claim your free API key: