203 Non-Authoritative Information
The returned meta-information is not exactly the same as is available from the origin server.
Usually happens because:
- ☑ Intermediate proxies or CDNs altering
- ☑ API gateways combining multiple responses
🔍 Quick Checklist:
Meaning
The HTTP 203 Non-Authoritative Information status code indicates that the request was successful, but the payloads received have been modified by a transforming proxy from that of the origin server's 200 OK response.
Root Causes
- Intermediate proxies or CDNs altering payload headers or content (e.g. converting images on the fly).
- API gateways combining multiple responses and returning customized metadata fields.
| Cause | Frequency |
|---|---|
| Intermediate proxies or CDNs altering | ⭐⭐⭐⭐⭐ |
| API gateways combining multiple responses | ⭐⭐⭐⭐ |
Common Mistakes
- Assuming the payload checksum matches the origin server checksum when receiving a 203 response.
- Misidentifying proxy warnings as server crashes.
How to Fix
Framework-Specific Examples
Express middleware returning 203 status for proxy compatibility checks.
app.get('/gateway', (req, res) => {
res.status(203).json({ source: 'proxy-aggregated', data: {} });
});Server Configuration Examples
Enabling image filter transformations in Nginx, changing payload characteristics.
image_filter resize 150 100;Prevention
- Use SSL/TLS (HTTPS) connection pipelines to prevent intermediate proxies from altering response payloads.
- Add Cache-Control: no-transform headers to prevent CDN proxies from modifying data.
Frequently Asked Questions (FAQ)
Q: Is HTTP 203 cached by web browsers?
Yes, 203 Non-Authoritative Information responses are cacheable by default unless specific cache-control constraints are set.
Q: How do proxies trigger a 203 response?
A proxy triggers 203 when it intercepts a 200 OK from the origin, compresses or repackages the payload (like converting JPG to WebP), and forwards it.
Q: What header prevents proxy payload modifications?
Setting the 'Cache-Control: no-transform' header forbids intermediate proxies from changing response details.
Q: Does 203 indicate authorization failures?
No. It is a success code (2xx), not an authorization block (401/403). It simply signals metadata modifications.