How to Fix HTTP Status Code: Error 406 (Not Acceptable)

Updated on Feb 2, 2022

Web browsers make a request for information from the server whenever one visits your website. If the Web server detects that the data it wants to return is not acceptable to the client, it returns a header containing the 406 error code. In practice, this error is very rarely used compared to the “404-Page not found” but it refrains you from accessing a site. You need to learn about its cause and the solution. In this tutorial, you're going to learn about what might cause the 406 Not Acceptable error, along with a handful of tips for diagnosing and debugging within your own application.

Table of Contents:

What is the 406 Error?

The 406 Not Acceptable is an HTTP response status code. When user agents (web browsers) make a request for information from the server, they send an Accept header, which tells the server the specific formats in which the browser can accept data. If the server is unable to send data in any of the formats requested in the Accept header, the result would be a 406 Not Acceptable error.

404 Error Not Acceptable

There are more than 50 status codes, representing the complicated relationship between client, web application, web server, and sometimes even multiple third-party web services. That said, it’s not easy to determine what’s causing a specific status code, at least not without some proper diagnostics and troubleshooting. 

Server-side or Client-side?

All HTTP response status codes in the 4xx category are considered client error responses. The category contrasts with 5xx classification errors, such as the 504 Gateway Timeout Error, which are considered server error responses. However, the appearance of a 4xx error does not necessarily mean the issue is on the client-side, where the “client” is the web browser or device being used to access the application. If you’re trying to diagnose an issue within your own application, you can immediately ignore most client-side code and components, such as HTML, CSS, client-side JavaScript, etc. This doesn’t apply only to websites, either. There are many smartphone apps that implement a modern-looking user interface. Those are actually powered by a normal web app behind the scenes that is simply hidden from the user.

On the other hand, the root cause of a 406 Not Acceptable error could be the server. There are known cases where the server is misconfigured and handling requests improperly, which can result in 406 code responses and other problematic traffic routing issues.

Begin with a Thorough Backup

As always, it’s best to play it safe from the start. Create a full backup of your website or application, database, as well as all other components. Doing that is crucial, especially if you are about to perform a certain task (fix, change, update) for the first time. It’s always a good idea to create a full copy and stick it on a secondary server (your personal computer) if you have one. You can use it as an environment to test all potential fixes for the issue, without risking the security of your live application.

Furthermore, you can implement the staging environment via cPanel’s Softaculous

Client-side Causes of 406 Not Acceptable

The 406 Not Acceptable is a client error response. That’s why it’s best to start with the troubleshooting of any potential client-side problems which might be causing the error.

Debug Common Platforms

In case you are running some of the common software packages and getting the 406 Not Acceptable, you should look into the stability of your platform(s). The most commonly used Content Management Systems (CMSs) such as WordPress or Joomla!, are considered to be well-tested out of the box. However, there is never a guarantee that once you start making changes (installing plugins, themes, extensions, etc.) everything will go perfectly. It’s not too hard to cause an unforeseen issue, which may result in a 406 Not Acceptable.

There are some helpful tips that might help you pinpoint the issue and resolve it.

Rollback Recent Updates

If you have recently updated your CMS, and then started getting the 406 Not Acceptable, you should consider rolling back to the previous version. When it comes to WordPress, we have a thorough guide on How to Downgrade WordPress. For assistance with other CMS downgrades, just Google “how to downgrade” and put the name of your platform at the end. Keep in mind that some platforms don’t offer downgrade capabilities. If that’s the case, you should know that such platforms consider themselves to be stable and as bug-free as possible. 

Similar to the platform itself, you might have recently updated some modules or extensions, which may also lead to the 406 error. Reverting to older versions of those extensions may also resolve your issue. If not, you can try to deactivate or uninstall them. 

Uninstall Plugins, Extensions, or Modules

Depending on the CMS you are using for your application, the exact names of plugins, extensions, or modules, could be different. However, every system has components of that type and they serve the same purpose everywhere. Such tools are used for improving the capabilities and features of the platform beyond what it’s normally capable of out of the box. 

However, keep in mind that those extensions could potentially take full control of the system and start making all types of changes (to the PHP code, HTML, CSS, JavaScript, or database). In such cases, it’s best if you uninstall the most recent additions to your extensions list.

Check for Unexpected Database Changes

Note that even if you uninstall an extension through the CMS dashboard, you are not guaranteed that changes made by the extension will be fully reverted. This is especially true for many WordPress extensions, which are given permissions within the application, including full access rights to the database. Unless the extension author explicitly codes such things in, there are scenarios where an extension may modify database records that don’t “belong” to the extension itself but are instead created and managed by other extensions (or even the base CMS itself). 

In those scenarios, the extension may not know how to revert alterations to database records, so it will ignore such things during uninstallation. Diagnosing such problems can be tricky, but I’ve personally encountered such scenarios multiple times, so your best course of action, assuming you’re reasonably convinced an extension is a likely culprit for the 406 Not Acceptable, is to open the database and manually look through tables and records that were likely modified by the extension.

Most importantly, you should not be afraid to Google your issue. Try searching for specific terms related to your issue, such as the name of your application’s CMS, along with the 406 Not Acceptable. Chances are, you are going to find someone who has experienced the same issue.

Server-side Causes of Error 406 - Not Acceptable

If you are experiencing the error 406 Not Acceptable, you have most likely triggered a security rule, and thus your request got blocked. At FastComet, we make sure to optimize our security rules in order to minimize the chance of false-positive blocks. However, you might end up with the 406 error due to one of the following reasons:

  • The page you are attempting to request contains renders about the hosting environment (e.g., Kernel version). That’s one of the common issues with apps that have Server Information sections in their admin panels or directly render the output of the phpinfo() function.
  • The request or the response body is too large. This often happens when your page is attempting to reply with a body that’s larger than the maximum allowed on the server. The limit is set high enough to process almost any “healthy” page, and thus it’s not common to run into 406 Not Acceptable because of the page size.
  • The requested page includes known malware or phishing content like a PayPal scam.
  • The request is matching any of the security rules we have set, and thus the request is being blocked.

How To Prevent Error 406 Not Acceptable

To prevent the 406 error from happening mod_security can be turned off. Additionally, you may just disable specific ModSecurity rules, as well as disable ModSecurity for each domain individually. Turning mod_security off is a 3-step process. All you have to do is:

  • Log into your cPanel;
  • Find ModSecurity and click on it:

Find ModSecurity in cPanel

  • Once you’re in, just click on Disable:

Click on Disable ModSecurity

You may not be able to enable or disable mod_security in your cPanel on VPS or Dedicated CPU Servers. To disable mod_security in accounts that do not have that option in cPanel, you would need to use CLI via SSH.

However, the best thing to do here is to contact our technical support by opening a new ticket. They will assist you as quickly as possible, making sure everything is done properly. Additionally, you can ask for the mod_security to be turned off only for specific domains.

We hope you find this article useful. Discover more about FastCloud - the top-rated Hosting Solutions for personal and small business websites in four consecutive years by the HostAdvice Community!

SSD Cloud Hosting

  • Free Domain Transfer
  • 24/7 Technical Support
  • Fast SSD Storage
  • Hack-free Protection
  • Free Script Installation
  • Free Website Transfer
  • Free Cloudflare CDN
  • Immediate Activation
View More