Why does Claude Code get 403 Forbidden?

Claude Code uses a standard HTTP client whose TLS fingerprint is identified as non-browser by anti-bot systems like Cloudflare and Akamai. The request is blocked before any content is served.

How do I fix 403 Forbidden in Claude Code?

Install Wick: brew tap wickproject/wick && brew install wick && wick setup. Wick uses Chrome's actual network stack so anti-bot systems see a real browser fingerprint.

← Back to Wick

How to Fix 403 Forbidden in Claude Code

You're using Claude Code, and you ask it to read a webpage. API docs, a pricing page, a blog post, a news article. It tries:

Agent: I'll fetch that page for you.

Result: 403 Forbidden

Agent: I'm sorry, I wasn't able to access that page.
       The site appears to be blocking automated requests.

This happens dozens of times a day. Claude Code can write code, debug systems, manage git repos — but it can't read a webpage. Here's why, and how to fix it in 30 seconds.

Why Claude Code gets 403 errors

It's not about robots.txt. It's about TLS fingerprinting.

When Claude Code fetches a URL, it uses a standard HTTP client. Anti-bot systems like Cloudflare, Akamai, and Fastly inspect the TLS handshake — the very first message your connection sends — and compare it to known browser signatures.

Chrome's TLS handshake looks different from Go's, Python's, or Node's. The cipher suites, extensions, and their ordering create a unique fingerprint. Anti-bot systems identify non-browser clients in milliseconds, before the HTTP request even reaches the server.

That's your 403. The website never saw your request. The anti-bot layer killed it at the TLS level.

Sites that commonly block Claude Code:

The New York Times (Akamai)
Reddit (custom anti-bot)
Cloudflare-protected sites (~20% of the web)
Most news sites, financial sites, and documentation behind CDNs

The fix: Wick

Wick is a free, open-source MCP server that gives Claude Code browser-grade web access. It uses Chrome's actual network stack — the same BoringSSL, HTTP/2, and QUIC implementation that real Chrome uses. The TLS fingerprint is identical to a regular browser.

Install (30 seconds)

macOS:

brew tap wickproject/wick && brew install wick
wick setup

Linux:

curl -fsSL https://wickproject.github.io/wick/apt/install.sh | bash
wick setup

npm (any platform):

npm install -g wick-mcp
wick setup

wick setup auto-detects Claude Code and configures it. That's it.

Make Claude Code always use Wick

Add this to your project's CLAUDE.md:

When fetching web pages, always use the wick_fetch MCP tool instead of
the built-in WebFetch tool. wick_fetch bypasses anti-bot protection and
returns cleaner content. Use wick_search for web searches.

Now when Claude Code needs to read a webpage, it reaches for wick_fetch instead of its built-in fetch that gets blocked.

What Wick returns

Instead of a 403 error, your agent gets clean markdown:

Agent: I'll fetch that article using wick_fetch.

# The New York Times - Breaking News

Led by the freshman forward Cameron Boozer,
the No. 1 overall seed faces a tough test in
the NCAA tournament...

Clean, structured content your agent can actually reason about. Not raw HTML, not a wall of <div> tags — markdown with headings, links, and paragraphs.

How it works

Wick runs as a local MCP server on your machine. When Claude Code calls wick_fetch:

The request goes through Chrome's actual network stack
The TLS fingerprint matches a real Chrome browser
The request exits from your residential IP (not a datacenter)
Anti-bot systems see a normal browser visit
The HTML response is extracted into clean markdown
Claude Code gets the content

No cloud service. No proxy. No API key. Everything runs locally.

What about sites that need JavaScript?

Some sites (X/Twitter, Google Maps, financial exchanges, most SPAs) only render content via JavaScript. Wick handles these too via an optional embedded Chromium renderer (CEF) — full browser engine that runs JavaScript, handles CAPTCHAs automatically, and clears anti-bot challenges (Cloudflare "Just a moment", DataDome, etc).

Run wick install cef once to install it (~200MB, MIT-licensed, all open source). After that, wick fetch auto-detects JavaScript-required pages and escalates to the CEF renderer transparently — no flag needed. Force it explicitly with --render cef when you know the target is a JS-heavy SPA.

Quick reference

Problem	Solution
403 Forbidden	Install Wick: `brew install wick && wick setup`
Claude uses built-in fetch	Add CLAUDE.md instructions (see above)
JS-rendered pages blank	`wick install cef` for JS rendering
robots.txt blocking	`wick fetch URL --no-robots`
Need raw HTML	`wick fetch URL --format html`

Links

Install: brew tap wickproject/wick && brew install wick
Docs: getwick.dev/docs.html
GitHub: github.com/wickproject/wick
Pro: getwick.dev ($20/month for JS rendering + advanced anti-detection)

Why Your AI Agent Can't Read the Web — deep dive on TLS fingerprinting
100% Anti-Bot Success Rate — benchmark across 25 sites
Wick 0.7: Local HTTP API — use Wick from Python or any HTTP client

Wick is built by Adam Fisk, creator of Lantern — a censorship circumvention tool used by 150 million people in Iran, China, and Russia. The same techniques that bypass government censors now bypass anti-bot walls.