403 Forbidden vs 404 Not Found

403 denies access to an existing resource. 404 indicates path does not exist or is intentionally hidden.

Aspect403 Forbidden404 Not Found
When it happensEmitted when conditions specific to 403 forbidden occur.Emitted when conditions specific to 404 not found occur.
How to tell apartIdentify which layer emitted the code and inspect headers/logs for that layer.Confirm whether problem is auth/policy, upstream quality, overload, or timeout.
Troubleshooting first stepTrace request ID through edge and application logs.Check deploy/config changes and dependency health in same time window.
Practical noteDo not mask this response with generic handlers.Return explicit headers like Retry-After or auth challenge when relevant.

When each appears in production

Use CDN/proxy logs to find emission point, then app logs/traces to isolate root cause.

Troubleshooting workflow

Validate routing, policy, and timeout budgets in order. Fix the first failing layer before tuning client retries.

Related guides: 403 Forbidden · 404 Not Found