I've been struggling for a while with IIS giving very random 403 errors, especially on pages with a lot of js files included. I searched everywhere for a solution, couldn't find it.
After some trial and error, I pinpointed the exact issue: an IIS extension called "Dynamic IP restriction", which was supposed to keep you safe from DDOS. I doubled the default settings allowed (from Deny Criteria section, Maximum number of concurrent requests to 20 and Maxumum number of requests to 50) and all is good.
I'm sure that there's at least one person out there with the same issue, so enjoy :)