Hey guys, you can use the preview link as a workaround, it might be a bit slow but it should work.
This is a huge issue for me as well. Using the preview link is not a workaround because I will have my agent look at both my live shopify site and my dev (local) theme as we are working. If I do the preview link then I can’t have the agent look at my live site to easily compare
Experiencing the same problems.. hitting 403 Errors constantly - it is not solved.
Confirming this is still broken on CLI 3.94.3 (latest) — the “Solved” marker only addressed one user’s 3.87.4->3.89.0 case and does not resolve the underlying issue. Adding fresh diagnostics in case it helps the team:
Environment: Shopify CLI 3.94.3 · macOS 15.6 · Node v24.13.0 · app-heavy store (multiple storefront apps firing /search?q=handle:... salvos per render).
What’s confirmed NOT the cause (ruled out on my side): CLI re-login, recreated dev theme, cleared cookies, clean/incognito profile, multiple browsers, IPv6 off, no VPN/proxy (system route direct), residential ISP. A direct curl to the storefront from the same machine/IP returns a clean HTTP 200 — only the theme dev render/proxy path is throttled.
Verbose output — both Render API and proxy fallback 403, with a server-side bot verdict:
User-Agent: Shopify CLI; v=3.94.3
→ Rendering https://<store>.myshopify.com/?_fd=0&pb=0 ...
← 403 (request_id: null)
Render failed for / with 403 (x-request-id: null), trying proxy...
Proxy status: 403. Returning render error.
GET 403 /
GET 403 /favicon.ico
(repeats ~3–5x/sec on every render attempt)
Critically, a successful Admin GraphQL call in the same run carries:
server-timing: ... verdict_flag_enabled;desc="count=19"; ...
So the platform is actively applying a bot verdict to the CLI’s render/proxy traffic, even though the CLI honestly identifies itself via User-Agent: Shopify CLI; v=3.94.3. The 403s have request_id: null, so they aren’t traceable from the render side — Admin x-request-id: bd87411a-8d9b-441a-a0e2-7b61ffb80411 is the only handle.
Reproduced independently by multiple developers on our team, different machines and networks, same store — so this is environment-independent.
Shopify Merchant Success confirmed in writing that the May 7 2026 bot rate-limit change is inadvertently catching the CLI local proxy as unsigned bot traffic, and that it’s a known platform-level interaction. The suggested “Web Bot Auth registration” path is not actionable for theme developers: the bot here is Shopify’s own CLI proxy — the operator who must serve the signing-key directory and sign requests is Shopify, not the developer running shopify theme dev. We cannot register or sign traffic for a tool we don’t operate.
Since this blocks daily development for many of us across all 3.8x–3.94.x versions, could the team either (a) make the CLI proxy sign its requests via Web Bot Auth, or (b) exempt authenticated theme dev traffic from the unsigned-bot verdict? A status update would be hugely appreciated — this is a hard blocker, not a slowdown.
As many others have stated, this is still completely broken and is absolutely not resolved. @Gray-Shopify Can you please re-open this thread, and get it escalated, and provide a meaningful update?? It is virtually impossible to make any theme updates or do any development. This is not a small nuisance, it’s critically impacting daily operations.
Same here with version 3.94.3
Same issue for me. Multiple ISPs, uninstalled CLI completely. Auth out, Auth in. Deleting all dev themes, re-pulling, everything that everyone has mentioned. Shopify 3.94.3, NPM 10.9.3, and Node v22.20.0. I had this issue start appox 18hrs ago. I am unable to continue working.
This is not the solution to this. It is not resolved.
Same error here. Hopefully there is a fix soon 
Same issue.
It happened after I tried to remove a product from the cart.
So I’m assuming it’s a cloudflare issue related to what @filisantillan said.