Error 406 unacceptable

A 406 "Not Acceptable" error means the server understood your request but the response it would generate is not acceptable according to the request headers. On shared hosting, this error is almost always caused by ModSecurity (the web application firewall) blocking a request it considers suspicious.

01. What Causes a 406 Error

The HTTP 406 status code technically means "Not Acceptable" in terms of content negotiation (the client asked for a content type the server cannot provide). However, on web hosting servers with ModSecurity enabled, the 406 code is commonly returned when the firewall blocks a request.

Common triggers:

• Form submissions - Posting content that contains HTML tags, JavaScript, SQL-like syntax, or other patterns that look like an attack to the firewall
• URL parameters - Query strings that contain characters or patterns matching injection rules
• WordPress editor - Saving posts or pages with HTML, shortcodes, or embedded code
• File uploads - Uploading files with names or content that trigger a rule

02. ModSecurity False Positives

ModSecurity protects your website from SQL injection, cross-site scripting (XSS), and other attacks by inspecting incoming requests. Sometimes, legitimate content triggers a rule. For example, if you are writing a blog post about SQL and include example SQL code, ModSecurity might flag it as an actual SQL injection attempt.

This is a false positive. The content is legitimate, but the firewall cannot tell the difference between example code in a blog post and an actual attack.

03. .htaccess Causes

Less commonly, a 406 error can be caused by content negotiation rules in your .htaccess file. If you have rules that use Options +MultiViews or custom AddType directives, they can cause the server to reject requests for content types it cannot serve.

Try temporarily renaming your .htaccess file to test. If the 406 goes away, the issue is in your .htaccess.

04. How to Fix It

For ModSecurity blocks (most common)

Open a support ticket and include:

• The exact URL where the error occurs
• What you were doing (submitting a form, saving a post, uploading a file)
• The approximate time the error happened

We will check the ModSecurity audit log, identify the rule that triggered, and add an exception for your account if it is a false positive.

For .htaccess issues

1. Rename .htaccess temporarily to .htaccess.bak using File Manager
2. Test your site - If the 406 is gone, the issue is in .htaccess
3. Review the file for MultiViews, AddType, or other content negotiation directives
4. Remove or fix the problematic directive
5. Rename the file back to .htaccess

See Complete Guide to .htaccess for more on .htaccess troubleshooting.

Quick Recap

1. 406 errors on shared hosting are usually ModSecurity - Not content negotiation
2. Common triggers - Form submissions with HTML, code examples, SQL-like content
3. Open a support ticket - We can add exceptions for false positives
4. Check .htaccess - MultiViews or AddType directives can also cause it
5. Include the URL and time when reporting so we can find the exact rule

Error troubleshooting guide · Last updated March 2026 · Browse all Error articles