203 Non-Authoritative Information
Description
The 203 Non-Authoritative Information status code indicates that the request was successful, but the enclosed payload has been modified from what the origin server would have sent. This modification is performed by a transforming proxy or intermediary.
This status code is used when a proxy or intermediary has modified the response from the origin server in some way, such as by changing headers, transforming content, or applying content policies. The returned metadata (headers) might be either a subset or superset of the original version.
The 203 status code helps clients understand that while the response is valid, it may not exactly match what the origin server would have provided directly.
Syntax
The server (or proxy) responds with a 203 Non-Authoritative Information status:
HTTP/1.1 203 Non-Authoritative Information
Content-Type: [appropriate media type]
Content-Length: [length in bytes]
[Modified headers]
[Response body, possibly modified from the original]
Examples
Content Transformation Example
A client requests a web page, but a corporate proxy modifies it to comply with company policies:
Client Request:
Origin Server's Original Response (not seen by client):
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 5324
Cache-Control: max-age=3600
<!DOCTYPE html>
<html>
<head>
<title>Breaking News: Financial Markets</title>
<!-- Original content with external scripts and tracking -->
</head>
<body>
<!-- Original article content -->
</body>
</html>
Proxy's Modified Response (what the client receives):
HTTP/1.1 203 Non-Authoritative Information
Content-Type: text/html
Content-Length: 4982
Cache-Control: max-age=3600
X-Modified-By: corporate-proxy.example.com
<!DOCTYPE html>
<html>
<head>
<title>Breaking News: Financial Markets</title>
<!-- External scripts and tracking removed -->
</head>
<body>
<!-- Article content with certain sections removed or modified -->
<footer>
<p>Content modified according to corporate policy</p>
</footer>
</body>
</html>
Metadata Enhancement Example
A client requests an image, and a CDN proxy adds additional metadata:
Client Request:
Origin Server's Original Response (not seen by client):
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 245678
Last-Modified: Wed, 12 Jun 2023 09:45:12 GMT
[Binary image data]
CDN's Enhanced Response (what the client receives):
HTTP/1.1 203 Non-Authoritative Information
Content-Type: image/jpeg
Content-Length: 245678
Last-Modified: Wed, 12 Jun 2023 09:45:12 GMT
X-CDN-Cache: HIT
X-CDN-Edge-Location: fra-1
X-Image-Dimensions: 1200x800
X-Content-Type-Options: nosniff
X-Cache-Expiry: Thu, 13 Jun 2023 09:45:12 GMT
[Binary image data]
Content Filtering Example
A client requests a document through a content filtering proxy:
Client Request:
Origin Server's Original Response (not seen by client):
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 8765
<!DOCTYPE html>
<html>
<head>
<title>Research Document</title>
</head>
<body>
<!-- Original content with some potentially sensitive information -->
</body>
</html>
Filtering Proxy's Modified Response (what the client receives):
HTTP/1.1 203 Non-Authoritative Information
Content-Type: text/html
Content-Length: 7890
X-Filtered-By: security-proxy.example.net
X-Filtering-Reason: content-policy
<!DOCTYPE html>
<html>
<head>
<title>Research Document</title>
</head>
<body>
<!-- Modified content with sensitive information redacted -->
<div class="notice">
<p>This document has been modified in accordance with organizational security policies.</p>
</div>
</body>
</html>
Summary
The 203 Non-Authoritative Information status code serves as a transparency mechanism in HTTP communications, indicating that while the request was successful, the response has been modified by an intermediary. This status code helps clients understand that they're not receiving the exact response that the origin server would have provided directly. It's commonly used in environments with content filtering, corporate proxies, content delivery networks, or other intermediaries that modify responses for various reasons including security, policy enforcement, or performance optimization.