I can guarantee that somewhere on your technology stack (edge CDN, Firewall, Web Server, WordPress Plugin) that you have something configured that throws a 403 error whenever you try to access a URL on your site without the User-Agent Header set. Hence why it works when you access in the browser (as this will contain the User-Agent Header) and why it is failing when Google Ads is crawling (likely because the User-Agent Header they use for that is not in your whitelist).
Have a test using something like Postman to confirm.
These types of ‘security features’ are nonsense, it takes very little knowledge to spoof the User-Agent Header and hence cannot be trusted. Whatever is doing this, bin it off as it’s clearly causing more problems than it’s helping…. Then get something that provides actual security in place.
In fact… just had a quick play (but leaving the above in for reference as it doesn’t sound like it is your issue, but it is handy to know for debugging…). With you using WordFence, plugins like that often send 403 whenever they detect an ‘odd looking query string’ which is often one of the settings. When you say the problem still existed after you turned it off, do you also use a Caching plugin too? If so, turn off ALL caching EVERYWHERE you use it (edge CDN, Firewall, Web Server, WordPress Plugin), then I’d expect the problem to go away. What is odd is that it is only happening on that one page though, suggests it’s either stuck in the cache, or something more odd is going on.
Next steps to debugging, run through these common steps which help you to narrow down the problem, https://www.contradodigital.com/2016/08/12/how-to-debug-wordpress-problems/
Good hunting!