Which HTTP response code means that access to the resource is forbidden?

The HTTP response code that indicates access to a resource is forbidden is 403. This code specifically denotes that the server understands the request but refuses to authorize it. This can occur, for example, when the server's permissions are set in such a way that the requested resource is restricted for the user making the request. It does not imply that authentication is required, as in the case of other codes like 401, which indicates that authentication is required and has failed or has not yet been provided.

In contrast, the other response codes represent different issues: 400 denotes a bad request, meaning the server cannot or will not process the request due to something that is perceived to be a client error; 401 signifies unauthorized access, indicating that the user's credentials are needed to access the resource; and 404 indicates that the requested resource could not be found on the server. Each of these codes serves a distinct purpose in communicating the state of the request and its relation to resource access.