203 Non-Authoritative Information
The HTTP 203 Non-Authoritative Information status code is returned by a proxy to indicate the request was successful but the message body has been modified. The information in the body originated from an alternate source.
The message body is cacheable by default. To override this behavior, the response needs to include the appropriate Cache-Control headers.
Usage
The 203 Non-Authoritative Information status code first confirms the request succeeded. The original status code is not preserved. The client has no way to determine whether the origin returned 200, 201, or another success code.
Note
The 203 Non-Authoritative Information status code is sometimes discouraged for this reason. A Warning header with code 214 (Transformation Applied) signals a transformation was applied while preserving the original status code.
Example
The client requests a resource through an intermediate proxy server. The origin server stores the resource as plain text. The proxy transforms the resource to JSON format before forwarding the response to the client.
Request
GET /instructions HTTP/1.1
Host: www.example.re
Response from origin
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Content-Length: 250
<message body in text format>
Response from proxy to client
HTTP/1.1 203 Non-Authoritative Information
Content-Type: application/json
Content-Length: 265
{"response":"<message body embedded in JSON>"}
Alternate approach (legacy)
Obsoleted
The Warning header was obsoleted and is now legacy. This approach is not recommended for new implementations.
Instead of using the 203 Non-Authoritative Information status code, the proxy adds a Warning header with code 214 (Transformation Applied), preserving the original status code.
Response from proxy using Warning header
HTTP/1.1 200 OK
Content-Type: application/json
Warning: 214 proxy.example.re "Response converted to JSON format"
Content-Length: 265
{"response":"<message body embedded in JSON>"}
When using a Warning header in place of the 203 Non-Authoritative Information status code, the original status code is preserved and the client handles the response accordingly.
Code references
.NET
HttpStatusCode.NonAuthoritativeInformation
Rust
http::StatusCode::NON_AUTHORITATIVE_INFORMATION
Rails
:non_authoritative_information
Go
http.StatusNonAuthoritativeInfo
Symfony
Response::HTTP_NON_AUTHORITATIVE_INFORMATION
Python3.5+
http.HTTPStatus.NON_AUTHORITATIVE_INFORMATION
Java
java.net.HttpURLConnection.HTTP_NOT_AUTHORITATIVE
Apache HttpComponents Core
org.apache.hc.core5.http.HttpStatus.SC_NON_AUTHORITATIVE_INFORMATION
Angular
@angular/common/http/HttpStatusCode.NonAuthoritativeInformation
Takeaway
The HTTP 203 Non-Authoritative Information status code indicates success, but the response was modified by an intermediate proxy and the original status code is unrecoverable.
