For a web page that exists, but for which a user does not have sufficient privileges (they are not logged in or do not belong to the proper user group), what is the proper HTTP response to serve? 401 Unauthorized? 403 Forbidden? Something else? What I've read on each so far isn't very clear on the difference between the two. What use cases are appropriate for each response?