406 Not Acceptable Error

There are many errors that you may see as you visit different websites across the web. One of the more common ones is 406 Not Acceptable. HTTP error code 406, also known as “Not Acceptable,” is a client error response code that indicates that the server cannot produce a response matching the list of acceptable values defined in the request’s headers. This error typically occurs when the server cannot provide content that satisfies the criteria specified by the client in the Accept header.

This article explains what HTTP error code 406 is, what causes it, and how to correct it if it happens on your site.

What is HTTP Error Code 406?

406 Not Acceptable Error

Web browsers make a request for information from the server. When this happens, it sends an Accept header. This tells the server in what formats the browser can accept the data. If the server cannot send data in a format requested in the Accept header, the server sends the 406 Not Acceptable error.

The error can also be generated by the mod_security module. mod_security, a type of firewall program that runs on Apache web server, scans for violations of the rules it has set. If an action occurs that violates one of these rules, the server will throw a 406 error.

What Caused The 406 Error on my Site?

In regards to a site on your hosting account, the cause of the 406 error is usually due to a mod_security rule on the server. mod_security is a security module in the Apache web server that is enabled by default on all hosting accounts. If a site, page, or function violates one of these rules, server may send the 406 Not Acceptable error.

How to Fix the 406 Not Acceptable Error

Review the Error Message

When you encounter an HTTP error code 406, the server usually includes a response message with more information about the error. Start by reading this message to understand the specific issue.

Check the Request Headers

The HTTP 406 error is related to the Accept header in the client’s request. This header specifies the media types (content types) that the client can accept as a response. The server checks this header to determine if it can provide content that matches the client’s preferences. Ensure that the Accept header is correctly set in your request.

Example Accept header for accepting JSON:

Accept: application/json

Example Accept header for accepting both JSON and XML:

Accept: application/json, application/xml

Verify Content Negotiation

Content negotiation is the process where the server selects the appropriate response format based on the client’s preferences. If you’re encountering a 406 error, it’s possible that the server cannot produce content in the requested format. Check if the server supports the media types specified in your Accept header.

Use Wildcards or More Generic Types

If the server supports multiple media types, but you’re still getting a 406 error, you can use wildcards or more generic types in the Accept header. For example, you can use */* to indicate that you accept any media type:

Accept: */*

Check the Server Configuration

Ensure that the server is properly configured to handle content negotiation and can produce responses in the requested formats. Sometimes, server misconfigurations can lead to 406 errors.

Test Different Accept Headers

Experiment with different Accept header values in your request to see if the server can provide content in any of the specified formats. This can help you identify which specific media type is causing the issue.

Contact the Server Administrator or API Provider

If you’ve exhausted all troubleshooting options and still encounter the HTTP 406 error, it may be a server-side issue. Contact the administrator of the server or the API provider and provide them with the details of your request and the error message you received. They may be able to assist in resolving the problem.

Consider Handling 406 Errors Gracefully

If you’re developing a client application, it’s essential to handle 406 errors gracefully. You can create error-handling routines that notify users or log the error details for further investigation.

How to Prevent 406 Errors

To prevent 406 errors, you can turn off mod_security on your server. There are a few ways to do this:

Modsec Manager in cPanel

Note! You may not have the option to enable or disable mod_security in your cPanel on VPS or Dedicated Servers. To disable mod_security on accounts that don’t have the option in cPanel, you will need to use command line via SSH or contact tech support to disable/enable it for you.

Alternatively, if you only need certain select rules disabled instead of having it turned off for an entire domain, you can use the ticket portal in AMP to submit a ticket.

35 thoughts on “406 Not Acceptable Error

  1. Yes foe me this article works for me i disable mode of security on my cpanel then everything is working but i was warn that my domain might be vulnerable for attack.. thanks

    1. Hi Sunday – sorry for the issues with your security. Yes, if security errors are occurring then you may be vulnerable to some type of intrusion or attack. My recommendation would be to contact our live technical support team to review the errors that you’re seeing. You need to provide a copy of the error and details relating to it.

  2. whenever I open my bluehost wordpress website wp_login.php it shows

    Not acceptable

    An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

    I am not getting how to fix it….

    Please help me. I don’t want to turn off the Mod_Security

    1. You’ll need to talk to Bluehost. They may be able to disable the rule that is triggering the error without turning off Mod_sec alltogether.

  3. Thanks to this article! I’ve been resetting my website because of the 406 error (tsk! just a waste of time, it’s been a week on why I kept on receiving such error.

    Until chada!

    Thank you so much for this helpful information, it solves my issues and Yes! it was because of the mod_security, already called the host provider and told them to disable the mod_security and it solves!

    kudos guys!

  4. Hi ,

    When I am enter Manzoor the trainer website it is showing me an 406 Error Not Acceptable. Please solve my issue ASAP.

  5. This worked: Whitelisting my IP address in the Modsec Manager.

    To find the Modsec Manager I followed the steps in this article, then I clicked the “submit” button next to my IP address and it was added to the Whitelist. Now I can access the site again.


    Not Acceptable

    An appropriate representation of the requested resource /erp/index.php could not be found on this server.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


    i have the above error.,, 

     how to recover

    1. Hello Siva,

      Are you sure that file exist on the server? Have you checked your error log for any lines regarding this file? Do you have anything in the .htaccess in the /erp directory?

      Best Regards,
      TJ Edens

    1. Hello Roberto,

      Have you tried disabling the mod_sec within the cPanel using the mod_sec manager?

      Kindest Regards,
      Scott M

    1. Hello Daniel,

      Have you checked with your hosting company to see if you are running against a mod_sec rule? You will want to provide instructions on how to hit the error so they can duplicate and then check their logs to find the specific rule it is running up against.

      Kindest Regards,
      Scott M

  7. I suppose I can tell all my clients to drop your hosting service and go to one that is not using mod_security2, which is now causing quite a few problems with various CMS programs (WordPress, Drupal, and various others). Maybe they should choose a web host who wants to help the customer instead of actively not trying to help them with their problems. Mod_security2 is wreaking hell and all you can say is “sorry, we can’t help you. You’re on a shared hosting account.” I know for a fact there is a way to disable this for each domain, even with a shared hosting account. All you have to do is look at the procedures available online by Googling “disable mod_security2 for a domain.”

  8. I found that if I used the words “drop” and “from” in a text I want to enter into the database the server throws a 406 error. For instance, the phrase “I had to drop him from the class roster” threw a 406 error, when I tried to add that text. However, if I changed it to “I had to remove him from the class roster” it went through just fine. The mod_security rules involved can sometimes be a little onerous.

    1. Show a way to disable mod_security2 for specific domains, or at least show how to disable some of the onerous rules that are causing the problems.

    2. Unfortunately, it is only possible to disable mode_security across the cPanel account within a shared hosting environment. If you are on a VPS or dedicated server, we can indeed disable specific rules for you and make more custom changes.

  9. I didn’t change anything on the arduino code, I didn’t even restarted since this starting ocurring.

    Why is it now showing 406 and not before?

    1. Hello Leandro,

      If you have already disabled the mod_security and still get the 406, you will want to contact our Live Support so they can find the specific cause of your error.

      Kindest Regards,
      Scott M

  10. Hi There,

    I am receiving a 406 when trying to access a php from an arduino. 

    It has been working from days until ‘2014-07-08 19:20:00 UTC’.

    I am able to access from a computer and cell phone, but not from the arduino, I always get a 406.

    I have already disabled mod_security.

    What else could I do?


    1. This is most likely caused by the user agent that is being sent from the Arduino. My best advice would be to change the user agent so that it appears as it if were a normal desktop user.

  11. Hi im using an iphone 4. Receiving server code 406 while trying to access anything that need internet how do i fix this please

    1. Hello Robert,

      I’m sorry to hear that you’re having problems with a Mod security error. In general, the 406 error is occurring because something is trying to be accessed that the server is not allowing. As per the article above, you can disable the Mod-security, but it’s not typically recommended. You state that you’re having the problem accessing “anything that need internet”. That’s a very general statement. You will need to help narrow down the problem. Have you tried to access your website through a computer (not the iPhone)? Also, WHAT are you trying to access? You have not provided any website information, so it makes it very difficult for us to try to help you. Can you provide us any specific information such as your website or any error messages? This would help us to isolate the problem and troubleshoot the matter for you.

      Arnel C.

  12. The same thing happened to me to and around the same date.  I don’t want to disable mod sec because it may open my site up to any more potential problems.

    1. Any insecure code on your site can indeed flag mod_security. If you do not want to disable mod_security, you will need to locate the problematic code and adjust it accordingly. For more information on what may be flagging mod_security, you may review your Apache error logs from within cPanel for any related errors.

    1. I do see that your ticket is still open with a higher tier of support. They will be getting back to you as soon as possible. Thank you for your patience.

  13. Everyting was fine in the code untill 9th March. I disabled Mod_Sec but the issue was not resolved. Please check ticket id 1744538 .

    1. Unfortunately, I am unable to provide any account-specific information via this public message board. If you have an open ticket with support, I recommend waiting for a response from our technical support team.

  14. I’m facing this error on one of my website > <a href=”https://www.coupontray.com/”>Coupontray</a> . I have submitted the issue to support team but it is still not resolved.

    1. As stated in the article, this is caused by issues within your code that are flagging mod_security as insecure. You could either resolve the insecurity within your code, or turn mod_security off. Of course, fixing the issue is the best solution as turning mod_security off could open that potentially insecure page up to malicious attacks on your site.

Was this article helpful? Join the conversation!

Leap into Savings
Leap Ahead with Limited Time Deals