203 Non-Authoritative Information

When a proxy modifies the message body of a successful response, the server returns 203 Non-Authoritative Information. The information in the body originated from an alternate source.

The message body is cacheable by default. To override this behavior, the response needs to include the appropriate Cache-Control headers.

Table of Contents

Usage

The 203 Non-Authoritative Information status code first confirms the request succeeded. The original status code is not preserved. The client has no way to determine whether the origin returned 200, 201, or another success code.

Note

The 203 Non-Authoritative Information status code is sometimes discouraged for this reason. The now-obsoleted Warning header with code 214 (Transformation Applied) once served as an alternative, signaling a transformation while preserving the original status code. The Warning header was removed from the HTTP standard.

Example

The client requests a resource through an intermediate proxy server. The origin server stores the resource as plain text. The proxy transforms the resource to JSON format before forwarding the response to the client.

Request

GET /instructions HTTP/1.1
Host: www.example.re

Response from origin

HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Content-Length: 250

<message body in text format>

Response from proxy to client

HTTP/1.1 203 Non-Authoritative Information
Content-Type: application/json
Content-Length: 265

{"response":"<message body embedded in JSON>"}

Alternate approach (legacy)

Obsoleted

The Warning header was obsoleted and is now legacy. This approach is not recommended for new implementations.

Instead of using the 203 Non-Authoritative Information status code, the proxy adds a Warning header with code 214 (Transformation Applied), preserving the original status code.

Response from proxy using Warning header

HTTP/1.1 200 OK
Content-Type: application/json
Warning: 214 proxy.example.re "Response converted to JSON format"
Content-Length: 265

{"response":"<message body embedded in JSON>"}

When using a Warning header in place of the 203 Non-Authoritative Information status code, the original status code is preserved and the client handles the response accordingly.

Code references

.NET

HttpStatusCode.NonAuthoritativeInformation

Rust

http::StatusCode::NON_AUTHORITATIVE_INFORMATION

Rails

:non_authoritative_information

Go

http.StatusNonAuthoritativeInfo

Symfony

Response::HTTP_NON_AUTHORITATIVE_INFORMATION

Python3.5+

http.HTTPStatus.NON_AUTHORITATIVE_INFORMATION

Java

java.net.HttpURLConnection.HTTP_NOT_AUTHORITATIVE

Apache HttpComponents Core

org.apache.hc.core5.http.HttpStatus.SC_NON_AUTHORITATIVE_INFORMATION

Angular

@angular/common/http/HttpStatusCode.NonAuthoritativeInformation

See also

Last updated: April 4, 2026