>the more I think 403 is just fine. Except for the basic problem of: whom are you going to complain to? There is nothing in the RFC that requires the response body to explain whether the problem is fundamental at the origin server or has been inserted by either an intermediate proxy server or some other device that is not a proxy server. Much better that the RFC requires this distinction at least to be expressed at its most basic level: was it censorship or is it a problem at the resource itself? It's similar to the age old "down for everyone or just me?" problem. Why would we want to contribute to that kind of confusion?