https://en.wikipedia.org/wiki/HTTP_403

So the problem is, that the webserver blocks the call. You should take a look at your webserver logs to resolve the problem.

Thanks for the log files tip. Just found that mod_security was messing with matomo.

[Thu May 03 15:48:10.864971 2018] [:error] [pid 31694] [client xxx.xxx.xxx.xx:42296] [client xxx.xxx.xxx.xx] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/etc/apache2/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "179"] [id "340162"] [rev "294"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: URL detected as argument, possible RFI attempt detected"] [data "%TX:1,TX:1"] [severity "CRITICAL"] [hostname "dashboard.ebnerpublishing.com"] [uri "/matomo/piwik/index.php"] [unique_id "WusTGlXWe9wAAHvO7bsAAAAR"], referer: https://dashboard.ebnerpublishing.com/matomo/piwik/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday

Switched mod_security to detection only and now transitions display again. Is there any rule that I could insert to mod_security as exception so that it can be turned on without interfering with matomo?

Best,
Stefanie

Just solved the issue by myself by disabling the single rule by its id (340162). For everyone else struggling with this issue and using Plesk see here and for everyone else just google SecRuleRemoveById. If anyone has a better solution let me know :)