Tuesday, 25 November 2014

203 server response code

Here's a very interesting code that Scrutiny turned up on a website.

Scrutiny reports '203 non-authoritative information'. W3C elaborates on this a little bit:

Partial Information 203
When received in the response to a GET command, this indicates that the returned metainformation is not a definitive set of the object from a server with a copy of the object, but is from a private overlaid web. This may include annotation information about the object, for example.

So this means that a third-party is providing the information you see. Presumably this is no different from something many of us do - making some space available on the page and allowing Google or another third party to populate it with advertising. (And indeed the page you get at the domain in question here is the kind of thing you'd expect from clicking on an ad).

What's interesting here is that you can visit a domain and see a page not controlled by the owner of that domain. I guess a less responsible owner wouldn't have the server give this response code, but this seems to me like information I'd really like to know while I'm browsing. Should your browser alert you to this?


  1. An interesting find, but just showing information from other sources should be the least of your worries...

    ...it's what these other sources can bring to the table that are far more sinister... ever wondered how Google or Facebook seem to know what sites you've visited?

    These two parties (among others) pay other sites to allow tracking cookies to be located on their pages. Now as we know cookies are useful things that allow login and user defined settings to work correctly, but using something as simple as a hidden iframe allows cookies from other domains to gather information about where you're shopping or browsing.

    I've also experienced a mobile ISP replacing all images on a webpage with lower bandwidth versions (re-encoding them on the fly). Clearly a practice that reduces bandwidth use on congested 3G networks, but it does beg the question are we seeing what the web author intended us to see.

    Any ads might already be finely tuned to you (because of the tracking cookies), but if you feel strongly about this then install Blur (used to be called "DoNotTrackMe")

  2. cookies don't bother me at all, I'm bemused that they managed to get such a sinister image. Some kind of self-defence mechanism built into us. This has led to the utterly ridiculous law obliging website owners to show a 'this website uses cookies' message. The concept of a web page writing a file to your computer which only it can access is only good for the browsing experience. After all, any app you run writes its own data to your HD for its own reference later and most wouldn't be able to function without doing this, I see no difference at all between this and cookies.

    The problem comes when the idea is being used for commercial ends and companies are finding ways around the principal that the only website that can access a cookie is the one that planted it. But then what's the worst that can happen? An ad you see is of more interest to you than it would have been otherwise.

    I suppose the fear is that someone has access to your browsing history or behaviour (what's to hide, it's not as if a real person ever sees it) or perhaps that someone is making cash from something that they've obtained in an underhand way.

    Getting rid of ads completely from a page, now that improves the browsing experience!