How to Fix HTTP Error 406 Not Acceptable

by

The HTTP 406 Not Acceptable error is a relatively rare but important issue that web developers and administrators may encounter. Understanding what causes this error and how to resolve it is crucial to maintaining a smooth user experience and preserving SEO integrity. This guide provides a comprehensive overview of the HTTP 406 error, its underlying causes, and the most effective solutions to fix it.

What is HTTP Error 406 Not Acceptable?

The HTTP 406 Not Acceptable error occurs when the web server cannot generate a response that meets the criteria defined in the client’s Accept headers. These headers specify the media types—such as text/html, application/json, or image/jpeg—that the client can process. If the server is unable to return a response that satisfies any of these formats, it will return a 406 status code.

In essence, the error communicates that the content available on the server is not acceptable to the client’s browser or application, based on the negotiation set in the HTTP request.

Common Causes of HTTP 406

Several factors can trigger a 406 error. Below are the most common:

  • Improperly configured MIME types – If the server does not offer the content type requested by the client, the request might fail with a 406.
  • Content negotiation failure – When the Accept headers are overly strict or don’t match the types provided by the server.
  • Security rules or mod_security – Installed firewall rules or modules like mod_security may reject specific request headers as a security precaution.
  • Outdated or misconfigured browsers and crawlers – Sometimes, the client making the request might send malformed or outdated headers.

How to Fix HTTP Error 406

Resolving a 406 error involves identifying the underlying problem and implementing corrective measures. The solution path depends on whether you are a user, a site owner, or a server administrator. Below is a breakdown of actions based on perspective.

For End Users

If you’re a site visitor suddenly encountering this error, here are a few simple remedies:

  1. Refresh the Page: This may sometimes resolve temporary glitches.
  2. Clear Browser Cache: Outdated cookies or cached headers might lead to compatibility issues.
  3. Try a Different Browser: Rule out browser-specific Accept headers that are too restrictive.

If the error persists, it is advisable to reach out to the website administrator with a screenshot and a description of what led up to the issue.

For Website Owners and Developers

If you’re managing the site or API that’s returning the error, follow these thorough steps to troubleshoot and resolve the issue:

1. Examine the Accept Header

Inspect the request headers being sent to your server. You can use tools like Postman, cURL, or browser development consoles for this. Look specifically at the Accept header. For example:

GET /api/data HTTP/1.1
Host: example.com
Accept: application/xml

Determine whether your server is capable of returning content in the specified format.

2. Check the Server Configuration

Depending on your web server software (e.g., Apache, Nginx), misconfigurations in your virtual hosts or .htaccess files may lead to improper responses. For Apache users, ensure that your MIME types are properly declared and that content negotiation modules are enabled:

AddType application/json .json
AddType text/html .html

In Nginx, you might need to customize the default_type or use types blocks to set acceptable MIME types.

3. Disable or Adjust mod_security Rules

If your server uses mod_security—an Apache module that acts as a Web Application Firewall (WAF)—certain patterns in headers or payloads might be falsely flagged as malicious, triggering a 406 error. Temporarily disabling mod_security or updating its rules could resolve the issue.

To disable mod_security for a specific directory you can modify your .htaccess like this:


  SecFilterEngine Off
  SecFilterScanPOST Off

Note: It is not recommended to leave mod_security disabled permanently. Re-enable it after identifying and whitelisting the specific rule set that causes the 406.

4. Implement Content Negotiation Manually

Manually handle content negotiation within your backend code, particularly useful in APIs. Here’s a simple example with PHP:

$accept = $_SERVER['HTTP_ACCEPT'];
if (strpos($accept, 'application/json') !== false) {
  header('Content-Type: application/json');
  echo json_encode($data);
} elseif (strpos($accept, 'text/html') !== false) {
  header('Content-Type: text/html');
  echo "<p>This is HTML</p>";
} else {
  header('HTTP/1.1 406 Not Acceptable');
}

This approach gives developers finer control over how content is returned based on client headers.

Monitoring and Logging

Keep track of server access and error logs. These logs contain vital clues on the request headers and URI segments involved. For Apache, you can typically find logs in:

/var/log/apache2/access.log
/var/log/apache2/error.log

For Nginx:

/var/log/nginx/access.log
/var/log/nginx/error.log

By monitoring logs, you’ll capture real-time events and better understand how and why certain requests are rejected.

Preventing Future Occurrences

Once the issue is resolved, take steps to avoid recurrence. Here are some best practices:

  • Set Default Fallback Content: Configure your server or backend app to fall back to a default content type (e.g., text/html) if none of the requested types match.
  • Avoid Overly Specific Accept Headers: Limit your clients from sending overly strict Accept headers, especially when developing mobile or API clients.
  • Regularly Update Server Rules: Ensure your WAF and content rules are up to date and properly tuned for your traffic patterns.
  • Implement Graceful Error Handling: Show user-friendly error pages and report diagnostic information to your backend to assist with troubleshooting.

Conclusion

The HTTP 406 Not Acceptable error can be frustrating both for users and developers, but it’s often an indicator of miscommunication between client and server—particularly regarding content types. By carefully examining your request headers, server configuration, and security rules, you can swiftly identify and fix the problem. Whether you’re managing a website, web application, or API, implementing robust content negotiation handling and monitoring systems will go a long way in preventing this error from disturbing user experience again.

Proactive server management and client request optimization are your best defenses against HTTP 406 errors.