You're at a hotel, an airport lounge, or a coffee shop. You connected to the Wi-Fi. Your Mac shows full signal bars. But no login page appears — and nothing loads. You're stuck in the worst kind of limbo: technically connected to a network, but completely cut off from the internet. This is the captive portal problem, and it affects millions of Mac users every day.

A captive portal is the web-based login page that public Wi-Fi networks use to authenticate users before granting internet access. It's supposed to pop up automatically the moment you connect. When it doesn't, the fix is almost always simple — but you need to know which fix to try first. This guide walks through four proven methods, in order of how often they work, so you can get online in minutes instead of frustration.

IMAGE: Screenshot of a Mac desktop showing Wi-Fi connected with no internet access — browser showing "This site can't be reached" while Wi-Fi bars are full Alt text: Mac connected to hotel Wi-Fi with no captive portal appearing and browser showing connection error

What Is a Captive Portal and Why Does It Need to Appear?

A captive portal is a checkpoint. When you join a public Wi-Fi network — at a hotel, airport, hospital, library, or coffee shop — the network's router intercepts all of your internet traffic and redirects it to a local login page before letting anything through. That page is the captive portal.

Depending on the venue, the portal might ask you to click "Accept Terms," enter a room number, type in a voucher code, or simply watch a short advertisement. Once you complete whatever the network requires, the router notes your device's MAC address and opens up full internet access. From that point on, your traffic flows freely until your session expires.

The system works by design — but the part that breaks is the automatic detection. macOS is supposed to notice when it's behind a captive portal and immediately launch a pop-up window pointing you to the login page. When that detection step fails, you're connected to the network but the gate is still closed, and you have no way to open it unless you know how to force the portal to appear manually.

"Captive portal detection relies on your device successfully fetching a known URL over HTTP. Any interference in that chain — a VPN, a DNS cache, a browser extension — can silently break the detection without giving you any error message."

— Network engineering principle behind RFC 7710 captive portal detection

The Real Reasons Your Captive Portal Won't Show Up

Before you can fix the problem, it helps to understand what's causing it. There are four common reasons a captive portal fails to appear on macOS, and each one leads to a different fix.

HTTPS is Blocking the Redirect

This is the most common cause. Modern browsers and apps default to HTTPS for almost every connection. Captive portals work by intercepting your outbound HTTP traffic and redirecting it to the portal login page. The problem: HTTPS connections are end-to-end encrypted. The portal can't inject a redirect into an encrypted stream without breaking the connection entirely — so it doesn't even try. If your Mac only makes HTTPS requests after connecting to the network, the portal never gets a chance to intercept anything.

A Stale DNS Cache

Your Mac caches DNS lookups to speed up browsing. If you've connected to this network before, your DNS cache might have entries pointing to old IP addresses. Those cached addresses bypass the portal's redirect mechanism entirely, so your traffic goes nowhere — or somewhere unexpected — and the login page never loads.

macOS Captive Portal Detection Misfired

When you connect to a new Wi-Fi network, macOS quietly fetches a URL from Apple's servers to check whether it's behind a captive portal. If that check returns an unexpected result — which can happen when a VPN is running, when a browser extension intercepts the request, or simply due to a timing issue — macOS concludes there's no captive portal and doesn't show the pop-up. The portal is there, but macOS doesn't know it.

Your MAC Address Is Already Registered (or Blocked)

If you've connected to this network before and your free session has expired, the portal may simply block traffic from your MAC address rather than redirecting it. From your Mac's perspective, the behavior looks identical to the first three causes — Wi-Fi is connected, but nothing loads — but the root cause is completely different and requires a different fix.

IMAGE: Diagram showing the four failure points — HTTPS blocking, DNS cache, failed detection probe, and expired MAC session — each as a step in the captive portal flow Alt text: Diagram of why captive portal doesn't appear — four root causes illustrated

Method 1: Visit a Plain HTTP Page (Works 90% of the Time)

This is the fix you should try first, because it resolves the most common cause — HTTPS blocking — in about ten seconds. The idea is simple: instead of letting your browser auto-detect the portal, you force a redirect yourself by visiting a website that is served over plain, unencrypted HTTP.

Open Safari or Chrome on your Mac and manually type one of these addresses directly into the address bar. Do not click a bookmark or let the browser autocomplete — type the full address including http://:

The moment you load one of those addresses, your browser makes a plain HTTP request. The captive portal intercepts it and redirects you to the login page instead of the actual website. From there, you complete whatever the portal requires — click through terms, enter credentials — and your internet access opens up.

Pro tip: Most browsers will automatically upgrade http:// to https:// if you're not careful. Type the full URL manually and press Enter immediately. If the browser still redirects to HTTPS, try a different browser (Safari tends to be more cooperative on macOS than Chrome for this specific task).

Method 2: Forget the Network and Reconnect

If the HTTP page trick doesn't trigger the portal, the next most likely cause is that macOS already considers this a "known" network and skips the captive portal detection entirely. This happens when you've connected to the same network name (SSID) before — your Mac automatically joins it without treating it as a new connection, which means it never runs the captive portal check.

The solution is to make macOS forget the network entirely and reconnect from scratch as if it's the first time. Here's how to do that on macOS:

  1. Click the Wi-Fi icon in the menu bar at the top right of your screen.
  2. Select Wi-Fi Settings… from the dropdown menu.
  3. Find the network you're currently connected to in the list. Click the small (info) icon to the right of the network name.
  4. Click Forget This Network, then confirm when macOS asks you if you're sure.
  5. Return to the Wi-Fi menu and click the network name to reconnect. This time, macOS treats it as a brand-new connection and runs the captive portal detection from scratch.

After reconnecting, the captive portal pop-up should appear within a few seconds. If it doesn't, immediately navigate to http://captive.apple.com in your browser to trigger it manually as described in Method 1.

Method 3: Flush Your DNS Cache in Terminal

When the first two methods don't work, the problem is often a stale DNS cache. Your Mac remembers the IP addresses of websites you've visited recently — including the domain names that the captive portal tries to redirect. When your DNS cache has old entries for those domains, the portal redirect fails silently.

Flushing the DNS cache clears all those old entries and forces macOS to look up fresh addresses. This is a safe operation that causes no harm and takes about 30 seconds including the time to open Terminal.

How to Flush DNS Cache on macOS

Open Terminal — you can find it by pressing ⌘ + Space and typing "Terminal," or by navigating to Applications → Utilities → Terminal. Then paste the following command and press Enter:

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

macOS will ask for your administrator password. Type it and press Enter (the cursor won't move while you type — that's normal). The command runs instantly with no output if it succeeds. Once the cache is flushed, go back to your browser and try navigating to http://captive.apple.com again.

This command works on all recent versions of macOS including Ventura, Sonoma, and Sequoia. It's the same command Apple's own support documentation recommends for DNS-related connectivity issues.

"DNS caching is designed to speed up your browsing, but in the context of captive portal detection, it can backfire. A cached entry for a domain the portal relies on redirecting can prevent the login page from ever loading, no matter how many times you retry in the browser."

— Common finding in enterprise network troubleshooting guides

Method 4: Change Your MAC Address (The Last Resort)

If the first three methods didn't work, the portal likely isn't failing to load — it's actively blocking you. This happens when your device's MAC address has been recorded as having already used up a free session. The portal's gateway server looks at every incoming connection request, sees your MAC address, recognizes it as an expired or used session, and simply drops the traffic without showing you a login page.

The fix for this is different from the other three: instead of working around a detection problem, you need to change your device identity at the network level. A MAC address is the hardware identifier your Mac broadcasts to every network it connects to. Change it, and the captive portal sees a brand-new device that has never connected before — and shows you a fresh welcome page with a new free session.

Using MacSpoof to Change Your MAC Address

The easiest way to change your MAC address on macOS is with MacSpoof. Open the app, click Randomize to generate a new address, then click Spoof. MacSpoof disconnects and reconnects your Wi-Fi automatically with the new address applied. Rejoin the hotel, airport, or coffee shop network, and the portal will treat you as a first-time guest.

Using Terminal to Change Your MAC Address

If you prefer the command line, the following three commands accomplish the same thing. Run them in Terminal when connected to the network:

sudo ifconfig en0 down
sudo ifconfig en0 ether $(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//')
sudo ifconfig en0 up

These commands bring your Wi-Fi interface offline, assign a randomly generated MAC address, and bring it back up. Reconnect to the Wi-Fi network after running them. For more detail on the MAC address change process, see our full guide: How to Change Your MAC Address on macOS.

How to Bypass Wi-Fi Time Limits The complete guide to resetting captive portal sessions on any network type

Portal still not appearing? Change your MAC address.

MacSpoof makes your Mac look like a brand-new device to any network. Free to download — works on Apple Silicon and Intel.

macOS Download MacSpoof Free

Which Method Should You Try First?

Try them in order. The HTTP page trick resolves the problem for the vast majority of users — it's fast, requires no technical knowledge, and works on any device. If that doesn't work, forgetting and rejoining the network is the next fastest fix. DNS flushing helps when the problem is a stale cache, which is less common but still frequent enough to be worth knowing. And changing your MAC address is the solution of last resort for sessions that are genuinely blocked or expired.

The key insight is that these methods address different root causes. Jumping straight to the "nuclear option" of changing your MAC address when the real problem is just HTTPS blocking is unnecessary — the HTTP page trick would have gotten you online in ten seconds. Work through the list methodically and you'll almost always find the fix before reaching Method 4.

How to Prevent Captive Portal Problems in the Future

Once you know these fixes, captive portal failures stop being a problem — you can resolve them in under a minute. But if you travel frequently and find yourself dealing with this constantly, there are a few habits that help.

First, save http://neverssl.com as a bookmark in your browser. The moment you join a public Wi-Fi network and the portal doesn't appear, that bookmark is your first move. Second, consider keeping MacSpoof installed even if you don't need to bypass time limits — the MAC address change feature doubles as the most reliable solution when a portal refuses to appear. Third, if you use a VPN that activates automatically, pause it when connecting to new networks. Many VPN clients interfere with captive portal detection by design.

You can also use our interactive Captive Portal Troubleshooter tool, which walks through a decision tree based on your specific symptoms to recommend the right fix.

IMAGE: Screenshot of MacSpoof app interface with the Randomize button highlighted, showing the MAC address field and Spoof button Alt text: MacSpoof app showing MAC address randomize and spoof workflow

Frequently Asked Questions

Why doesn't the captive portal appear automatically?

macOS tests for captive portals by silently fetching a known URL when you first connect. If that test misfires — due to a stale DNS cache, a browser extension, or a VPN running in the background — the portal pop-up never triggers. Opening a plain HTTP page manually forces the redirect through your browser instead of relying on macOS to detect it.

What is neverssl.com and is it safe?

neverssl.com is a public site intentionally served over plain HTTP for the sole purpose of triggering captive portal redirects. It has no login forms and collects no personal data. It is widely recommended by network engineers and has been in use for years as a standard troubleshooting tool.

Does opening http://captive.apple.com work on non-Apple devices?

Yes. captive.apple.com is a plain HTTP endpoint that any browser on any device can visit. It simply returns a small HTML page — if a captive portal is present, it will intercept the request and redirect you to the login page instead. The domain name being Apple's doesn't restrict it to Apple hardware.

What if none of the four methods work?

If all four methods fail, the network likely requires a credential you don't have — a room number, a voucher code, or an employee login. Alternatively, your MAC address may be blocked by the portal. Using MacSpoof to change your MAC address will make you appear as a brand-new device, which resolves this scenario even when the other methods don't.

Can I use MacSpoof to make a captive portal reappear after a blocked session?

Yes. If the portal has marked your MAC address as expired or has used up a free session, changing your MAC with MacSpoof gives you a fresh device identity. The portal will show you a new welcome page with no session history attached to your new address.

Does this work on iPhone or Android?

The HTTP page trick and the forget-and-rejoin method work on any device. The DNS flush command is macOS-specific. MacSpoof is a macOS-only app, but iPhones running iOS 14 and later have built-in per-network MAC randomization that can sometimes achieve a similar session-reset effect.

Conclusion

A captive portal that refuses to appear is one of the most common and most fixable Wi-Fi problems there is. The solution almost always comes down to one of four things: your browser defaulting to HTTPS and blocking the redirect, macOS treating the network as already-known and skipping detection, a stale DNS cache pointing traffic in the wrong direction, or your MAC address being flagged by the portal as an expired session.

Start with the http://captive.apple.com trick — it costs nothing and takes ten seconds. If that doesn't work, forget the network and rejoin, flush your DNS cache, and as a last resort, change your MAC address with MacSpoof. By the time you've gone through all four, you'll be online.

For the times when the portal appears but your session keeps expiring, the same MAC address technique that fixes blocked portals also resets time-limited sessions. Read our guide on bypassing Wi-Fi time limits for a full walkthrough of how that works across hotels, airports, and coffee shops.