πŸ”’ SEO Vault

Shopify "Blocked due to access forbidden (403)" in Search Console: Why Googlebot Can't Crawl Your Store and How to Fix It

Google Search Console's "Blocked due to access forbidden (403)" status (Pages > Not indexed) means Googlebot requested a URL and your server returned HTTP 403 Forbidden, so Google could not crawl or index the page. On Shopify the usual causes are storefront password protection still enabled (Online Store > Preferences), a bot-protection or firewall app (or Cloudflare in front of a custom domain) blocking Googlebot, a Markets or geolocation rule serving 403 to the crawler, or app/account URLs that return 403 by design. When 403 hits pages you want indexed, they drop out of search. Shopify password protection and most security apps toggle access globally and Shopify does not snapshot which URLs were reachable, so once a setting or app blocks the crawler there is no native record of the previously indexable state to restore.

If you didn't already have a backup, those old values are gone β€” Shopify keeps no history.

The steps below recover what you can. To make the next time a 1-click undo instead of hours of CSV work: a daily snapshot of every SEO field. Free to monitor, no card β€” and SEO Vault only reads your store unless you click restore.

Protect my SEO free β€” never lose it again β†’

Step by step

  1. Stop and diagnose: open the 403 report in GSC, pick a URL, run URL Inspection > Test Live URL and read the response. Confirm in Online Store > Preferences that password protection is OFF for a launched store, then check Settings > Markets / geolocation and any installed firewall, bot-blocker, or age-gate app that could 403 Googlebot. If you use a custom domain via Cloudflare, review its WAF and Bot Fight Mode rules.
  2. Recover crawl access: turn off password protection if the store is live, whitelist Googlebot in any bot-protection app or Cloudflare WAF (verify it via reverse DNS to googlebot.com per Google's guidance), and remove or scope any app rule returning 403 to crawlers. Re-test with URL Inspection until the page returns a 200 response.
  3. Re-index and verify SEO via GSC: once URLs return 200, click Validate Fix on the 403 report and Request Indexing for priority pages, then re-submit your sitemap. Because a block can coincide with SEO field edits you won't notice for weeks, diff a current Products/Collections export against a prior export or a Wayback Machine snapshot to confirm titles, descriptions and alt-text survived and restore anything missing.
  4. Reduce blast radius with daily snapshots: a 403 incident can deindex pages and mask field changes for weeks. A dated, last-known-good daily copy of every product and collection's SEO fields, plus bulk-change alerts that surface the app or setting behind the disruption, turns recovery into one click instead of guesswork. SEO Vault keeps exactly that daily history.

Source: Google Search Console Help β€” Page Indexing report ("Blocked due to access forbidden (403)") and "Verifying Googlebot," support.google.com/webmasters/answer/7440203

Related fixes

Never lose your SEO to an app again

SEO Vault keeps a daily snapshot of every SEO field on your store β€” meta titles, descriptions, alt-text, tags, handles (products AND collections) β€” and emails you the moment something changes in bulk, with the likely app responsible. One click restores yesterday's state, just the SEO fields. Free to monitor and get alerted; $14/mo for 1-click restore.

Protect my SEO β€” free β†’
βœ“ Free forever to monitorβœ“ No credit cardβœ“ Read-only β€” never edits your store unless you restoreβœ“ Installs in 1 click