(A short description of this http status code:
http://www.checkupdown.com/status/E403.html[
^])
The problem is, that simply putting a 403 status code at the beginning of the page won't have any effect. The web server (Apache in your case) is deciding that the request is unauthorized, not your code. Since if it can execute the php script than it is authorized, right? So even if you send the 403 status code, you send the content also, and that's all, Apache won't intercept your status code. And the browser will be happy to display it :). What you set in .htaccess is only valid for Apache, php has nothing to do with it.
So, if you want to redirect from code to your error page, just add a
http location[
^] redirect after the status code, and exit immediately the php script.
If you want only to test the error page, just create a dummy folder and set .htaccess in it to deny everybody. If you made it correctly, you will get you error page back.