When a user attempts to access a resource on an application but is unauthorized due to the application's lack of correct authentication credentials, which HTTP status code should the application return to the user's browser?
400 Bad Request
404 Not Found
401 Unauthorized
500 Internal Server Error