The difference between HTTP status code 402 and 403

402 Payment Required

When we deal with the World Wide Web and the communication between servers and clients, we come across various status codes that describe the state of an HTTP request. Two of these status codes that often cause confusion are the HTTP status code 402 and the 403. In this article, we would like to take a closer look at the differences between these two codes and explain their meanings.

HTTP status code 402: Payment Required

The HTTP status code 402, also known as "Payment Required", was introduced to indicate a specific situation - namely, when a payment is required to access the requested resource. This status code was defined back in 1999 as part of the HTTP/1.1 standard.

The 402 status code is often used on websites that have subscription services or payment barriers. When a user attempts to access a protected resource but has not yet made a payment or their subscription has expired, the server may return the 402 status code. This status code is used to prompt the user to make a payment in order to continue access. Practically, this means that the user must make the required payment to receive the requested services or content.

HTTP status code 403: Access denied

Contrast this with HTTP status code 403, which means "Access denied". This status code is used to indicate that the server has received the client's request but explicitly denies access to the requested resource.

The 403 status code was also introduced in 1999 and is an integral part of the HTTP/1.1 standard. It is applied in various scenarios, such as when the server denies the client's authorization to access a particular resource, or when the request is associated with insufficient access rights.

Unlike status code 402, which focuses on the payment request, status code 403 signals an explicit denial of access, regardless of payments. This can be for a variety of reasons, such as insufficient authentication, lack of authorization, or the server classifies the request as invalid or suspicious.

What distinguishes HTTP status code 402 from 403?

The main differences between status codes 402 and 403 lie in their meaning and usage. While status code 402 indicates a required payment and asks the user to make it, status code 403 explicitly indicates that access to the resource is denied, regardless of payments.

Another difference lies in their historical background. Status code 402 was specifically designed to indicate a request for payment and is therefore reserved for payment scenarios. In contrast, the 403 status code has a broader meaning and is used in various contexts where access is denied.


In summary, both HTTP status code 402 and 403 are important tools to control the communication process between servers and clients. While the 402 status code prompts the user to make a payment to allow access, the 403 status code signals explicit denial of access. By clearly communicating the status, these status codes provide important information about the state of the request and enable effective interaction between client and server.

Published: 2023-07-19 10:55:10

Status code:

More blog articles:

Protection against attacks through the xmlrpc.php file in WordPress

Section 1: What is the xmlrpc.php file and where is it foundThe xmlrpc.php file is an important component in WordPress, one of the world's leading content management systems (CMS) for creating and ...

Caching and HTTP status codes: Optimizing web performance through intelligent caching

Web performance and the resulting user experience are central aspects for the success of any website. One significant factor that affects this performance is HTTP status codes, especially in the co...

What is an HTTP request - An in-depth look

HTTP, or the Hypertext Transfer Protocol, is the backbone of the internet. It's the standard mechanism through which web browsers request data from web servers and receive this data. But what exact...


Tony Brüser is an enthusiastic web developer with a penchant for HTTP status codes.